www2.kusports.com Open in urlscan Pro
208.91.60.6 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Ove...
Effective URL:
http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Ove...
Submission: On January 15 via api (January 15th 2022, 4:46:17 pm UTC) from CZ — Scanned from DE

Summary HTTP 456 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 70 IPs in 10 countries across 67 domains to perform 456 HTTP transactions. The main IP is 208.91.60.6, located in United States and belongs to NSIHOSTING-EQX-VA, US. The main domain is www2.kusports.com. The Cisco Umbrella rank of the primary domain is 481165.

This is the only time www2.kusports.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 3	208.91.60.6 208.91.60.6	14244 (NSIHOSTIN...) (NSIHOSTING-EQX-VA)
89	208.91.60.7 208.91.60.7	14244 (NSIHOSTIN...) (NSIHOSTING-EQX-VA)
3	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
1	151.101.66.133 151.101.66.133	54113 (FASTLY) (FASTLY)
1	178.79.242.181 178.79.242.181	22822 (LLNW) (LLNW)
1 3	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1	52.217.75.100 52.217.75.100	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
1	35.190.90.202 35.190.90.202	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f02... 2a03:2880:f02d:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	151.101.1.44 151.101.1.44	54113 (FASTLY) (FASTLY)
2	66.155.71.149 66.155.71.149	13768 (COGECO-PEER1) (COGECO-PEER1)
49	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:401... 2a00:1450:4019:806::200e	15169 (GOOGLE) (GOOGLE)
1 3	13.35.253.42 13.35.253.42	16509 (AMAZON-02) (AMAZON-02)
50	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:401... 2a00:1450:4019:80c::2001	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f12... 2a03:2880:f12d:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2620:116:800d... 2620:116:800d:21:ee05:6a01:4b41:8c89	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:223... 2600:9000:223f:c00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	2600:9000:223... 2600:9000:223c:3600:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	2620:116:800d... 2620:116:800d:21:5a23:9c4e:e774:96c1	16509 (AMAZON-02) (AMAZON-02)
2	35.201.98.64 35.201.98.64	15169 (GOOGLE) (GOOGLE)
7	2600:9000:223... 2600:9000:223e:b600:13:a391:88c0:21	16509 (AMAZON-02) (AMAZON-02)
40	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
7	2606:4700:303... 2606:4700:3030::6815:251b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:400c:c07::9b	15169 (GOOGLE) (GOOGLE)
2	116.202.46.88 116.202.46.88	24940 (HETZNER-AS) (HETZNER-AS)
10	2a00:1450:400... 2a00:1450:4001:803::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:401... 2a00:1450:4019:809::2001	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
7	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
10 29	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
4 8	104.90.181.210 104.90.181.210	16625 (AKAMAI-AS) (AKAMAI-AS)
6 9	185.33.220.216 185.33.220.216	29990 (ASN-APPNEX) (ASN-APPNEX)
1 17	138.201.63.150 138.201.63.150	24940 (HETZNER-AS) (HETZNER-AS)
1 5	138.201.84.245 138.201.84.245	24940 (HETZNER-AS) (HETZNER-AS)
2	104.90.104.248 104.90.104.248	16625 (AKAMAI-AS) (AKAMAI-AS)
3	144.76.238.55 144.76.238.55	24940 (HETZNER-AS) (HETZNER-AS)
6 6	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
3	88.198.250.30 88.198.250.30	24940 (HETZNER-AS) (HETZNER-AS)
2 2	2a0b:4d07:102::1 2a0b:4d07:102::1	44239 (PROINITY ...) (PROINITY PROINITY)
2	5.1.80.163 5.1.80.163	205948 (CREOLINE-AS) (CREOLINE-AS)
4	46.236.13.147 46.236.13.147	12703 (PULSANT-AS) (PULSANT-AS)
2 4	142.250.186.38 142.250.186.38	15169 (GOOGLE) (GOOGLE)
2 2	94.23.99.218 94.23.99.218	16276 (OVH) (OVH)
3	54.76.176.197 54.76.176.197	16509 (AMAZON-02) (AMAZON-02)
3	104.92.94.3 104.92.94.3	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
2 2	185.29.132.241 185.29.132.241	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 1	44.194.225.67 44.194.225.67	14618 (AMAZON-AES) (AMAZON-AES)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
1 1	172.104.70.67 172.104.70.67	63949 (LINODE-AP...) (LINODE-AP Linode)
1	54.92.96.182 54.92.96.182	16509 (AMAZON-02) (AMAZON-02)
1 1	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
2 2	51.178.20.139 51.178.20.139	16276 (OVH) (OVH)
2 3	3.123.163.195 3.123.163.195	16509 (AMAZON-02) (AMAZON-02)
1 1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	2600:9000:215... 2600:9000:2156:b600:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	99.81.30.72 99.81.30.72	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:813::2006	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
2	18.66.248.117 18.66.248.117	16509 (AMAZON-02) (AMAZON-02)
4	54.72.0.164 54.72.0.164	16509 (AMAZON-02) (AMAZON-02)
1 2	2a01:4f8:d0a:... 2a01:4f8:d0a:2321::2	24940 (HETZNER-AS) (HETZNER-AS)
1	49.12.16.151 49.12.16.151	24940 (HETZNER-AS) (HETZNER-AS)
1 2	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
1 1	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
1 1	34.194.7.56 34.194.7.56	14618 (AMAZON-AES) (AMAZON-AES)
1	178.162.133.149 178.162.133.149	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2 2	72.251.249.14 72.251.249.14	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
2 2	217.66.147.167 217.66.147.167	29209 (SPBMTS-AS...) (SPBMTS-AS Malaya Monetnaya Street 2-A)
1 1	213.87.44.187 213.87.44.187	13174 (MTSNET Mo...) (MTSNET Moscow)
1	2600:9000:206... 2600:9000:206f:9600:15:90db:9f40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:223... 2600:9000:223c:ba00:18:1fcd:34f:cdc1	16509 (AMAZON-02) (AMAZON-02)
1	52.20.40.56 52.20.40.56	14618 (AMAZON-AES) (AMAZON-AES)
2 6	2600:9000:215... 2600:9000:2156:2e00:6:9280:1080:93a1	16509 (AMAZON-02) (AMAZON-02)
6 9	34.243.100.214 34.243.100.214	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1288:80:... 2a00:1288:80:800::7000	203220 (YAHOO-DEB) (YAHOO-DEB)
456	70

3 208.91.60.6 (United States) 1 redirects

ASN14244 (NSIHOSTING-EQX-VA, US)
PTR: ellingtoncms.com

www2.kusports.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

89 208.91.60.7 (United States)

ASN14244 (NSIHOSTING-EQX-VA, US)

worldonline.media.clients.ellingtoncms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

maps.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.133 (United States)

ASN54113 (FASTLY, US)

cdn.includemodal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.79.242.181 (United States)

ASN22822 (LLNW, US)
PTR: https-178-79-242-181.fra.llnw.net

cdn01.basis.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 15.197.193.217 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.217.75.100 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

ogden_images.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.90.202 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 202.90.190.35.bc.googleusercontent.com

quizzicalzephyr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.1.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.155.71.149 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)

pixel.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

49 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4019:806::200e (Ireland)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.35.253.42 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-42.fra6.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

50 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.se	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4019:80c::2001 (Ireland)

ASN15169 (GOOGLE, US)

006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:ee05:6a01:4b41:8c89 (United States)

ASN16509 (AMAZON-02, US)

edge.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223f:c00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223c:3600:6:44e3:f8c0:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:5a23:9c4e:e774:96c1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.98.64 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 64.98.201.35.bc.googleusercontent.com

butterbulb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:9000:223e:b600:13:a391:88c0:21 (United States)

ASN16509 (AMAZON-02, US)

d3plfjw9uod7ab.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:3030::6815:251b (United States)

ASN13335 (CLOUDFLARENET, US)

analyticssystems.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 116.202.46.88 (Grunwald, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88.46.202.116.clients.your-server.de

servedbyadbutler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:803::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4019:809::2001 (Ireland)

ASN15169 (GOOGLE, US)

4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

e50cb70897325bbab3447118d665891a.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
6ccc5fa424d647bd49be4f773c4b014f.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
af2d505fbd2db4dde60a2a2d67fb207e.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-ads.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 142.250.185.226 (United States) 10 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.90.181.210 (Frankfurt am Main, Germany) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-90-181-210.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 185.33.220.216 (Amsterdam, Netherlands) 6 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 872.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 138.201.63.150 (Hockenheim, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.150.63.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hal90008.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 138.201.84.245 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.245.84.201.138.clients.your-server.de

hal900025.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.90.104.248 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-90-104-248.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 144.76.238.55 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.55.238.76.144.clients.your-server.de

hal900021.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 145.239.193.130 (France) 6 redirects

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 88.198.250.30 (Mannheim, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de

pb.media01.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a0b:4d07:102::1 (Switzerland) 2 redirects

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 5.1.80.163 (Germany)

ASN205948 (CREOLINE-AS, DE)
PTR: s17177.creolineserver.com

adv-srv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 46.236.13.147 (United Kingdom)

ASN12703 (PULSANT-AS, GB)
PTR: 46-236-13-147.servers.dedipower.net

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.38 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f6.1e100.net

8019191.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 94.23.99.218 (France) 2 redirects

ASN16276 (OVH, FR)
PTR: ip218.ip-94-23-99.eu

medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.76.176.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com

ad-server.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.92.94.3 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-94-3.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.29.132.241 (United Kingdom) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.194.225.67 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-194-225-67.compute-1.amazonaws.com

fksnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.104.70.67 (Tokyo, Japan) 1 redirects

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1680-67.members.linode.com

a.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.92.96.182 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-92-96-182.ap-northeast-1.compute.amazonaws.com

cc.adingo.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.129 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.178.20.139 (France) 2 redirects

ASN16276 (OVH, FR)
PTR: ns31193669.ip-51-178-20.eu

c.eu1.dyntrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.123.163.195 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-123-163-195.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:b600:1b:5138:8a40:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.81.30.72 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-81-30-72.eu-west-1.compute.amazonaws.com

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.248.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-248-117.dus51.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.72.0.164 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-0-164.eu-west-1.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a01:4f8:d0a:2321::2 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)

cdn.retailads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 49.12.16.151 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: lb-1.futalis.de

futalis.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.194.7.56 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-194-7-56.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.162.133.149 (Rotterdam, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.251.249.14 (Amsterdam, Netherlands) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 217.66.147.167 (St Petersburg, Russian Federation) 2 redirects

ASN29209 (SPBMTS-AS Malaya Monetnaya Street 2-A, RU)
PTR: host-167-147-66-217.spbmts.ru

sm.rtb.mts.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.87.44.187 (Moscow, Russian Federation) 1 redirects

ASN13174 (MTSNET Moscow, Russia, RU)
PTR: infrastructure-187-44.mts.ru

tech.rtb.mts.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:9600:15:90db:9f40:93a1 (United States)

ASN16509 (AMAZON-02, US)

a.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:ba00:18:1fcd:34f:cdc1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.20.40.56 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-20-40-56.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:2156:2e00:6:9280:1080:93a1 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 34.243.100.214 (Dublin, Ireland) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-243-100-214.eu-west-1.compute.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:800::7000 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
107	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 94 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 127 4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com e50cb70897325bbab3447118d665891a.safeframe.googlesyndication.com 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com 6ccc5fa424d647bd49be4f773c4b014f.safeframe.googlesyndication.com af2d505fbd2db4dde60a2a2d67fb207e.safeframe.googlesyndication.com	495 KB
89	doubleclick.net 12 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 175 stats.g.doubleclick.net — Cisco Umbrella Rank: 78 googleads.g.doubleclick.net — Cisco Umbrella Rank: 44 cm.g.doubleclick.net — Cisco Umbrella Rank: 169 8019191.fls.doubleclick.net — Cisco Umbrella Rank: 185469	1 MB
89	ellingtoncms.com worldonline.media.clients.ellingtoncms.com — Cisco Umbrella Rank: 476497	1 MB
25	redintelligence.net 2 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 27409 hal900025.redintelligence.net — Cisco Umbrella Rank: 181958 hal90008.redintelligence.net — Cisco Umbrella Rank: 188804 hal900021.redintelligence.net — Cisco Umbrella Rank: 201263	373 KB
22	google.com maps.google.com — Cisco Umbrella Rank: 1725 adservice.google.com — Cisco Umbrella Rank: 69 www.google.com — Cisco Umbrella Rank: 8	178 KB
16	adroll.com 8 redirects a.adroll.com — Cisco Umbrella Rank: 115792 s.adroll.com — Cisco Umbrella Rank: 2208 d.adroll.com — Cisco Umbrella Rank: 1320	25 KB
14	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 151	509 KB
9	adnxs.com 6 redirects ib.adnxs.com — Cisco Umbrella Rank: 210	9 KB
8	medialead.de 8 redirects pv.medialead.de — Cisco Umbrella Rank: 42689 medialead.de — Cisco Umbrella Rank: 41904	6 KB
8	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 496	7 KB
7	openx.net us-ads.openx.net — Cisco Umbrella Rank: 341217 us-u.openx.net — Cisco Umbrella Rank: 316	36 KB
7	google.de www.google.de — Cisco Umbrella Rank: 6151 adservice.google.de — Cisco Umbrella Rank: 8579	2 KB
7	analyticssystems.net analyticssystems.net — Cisco Umbrella Rank: 8550	3 KB
7	cloudfront.net d3plfjw9uod7ab.cloudfront.net	195 KB
6	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 18477 api.webgains.io — Cisco Umbrella Rank: 52909	102 KB
4	webgains.com track.webgains.com — Cisco Umbrella Rank: 41628	10 KB
4	office-partner.de 2 redirects adv.office-partner.de — Cisco Umbrella Rank: 179182 adv-srv.office-partner.de — Cisco Umbrella Rank: 188426	2 KB
4	googleapis.com maps.googleapis.com — Cisco Umbrella Rank: 334 fonts.googleapis.com — Cisco Umbrella Rank: 37	3 KB
3	mts.ru 3 redirects sm.rtb.mts.ru — Cisco Umbrella Rank: 35454 tech.rtb.mts.ru — Cisco Umbrella Rank: 33839	2 KB
3	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 254	2 KB
3	awin1.com www.awin1.com — Cisco Umbrella Rank: 12936	2 KB
3	ad-server.eu ad-server.eu — Cisco Umbrella Rank: 55305	936 B
3	media01.eu pb.media01.eu — Cisco Umbrella Rank: 41136	1011 B
3	quantserve.com 1 redirects edge.quantserve.com — Cisco Umbrella Rank: 10887 pixel.quantserve.com — Cisco Umbrella Rank: 380	11 KB
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 124	2 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 62	102 KB
3	adsrvr.org 1 redirects insight.adsrvr.org — Cisco Umbrella Rank: 602 match.adsrvr.org — Cisco Umbrella Rank: 295	773 B
3	kusports.com 1 redirects www2.kusports.com — Cisco Umbrella Rank: 481165	49 KB
2	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 609	1 KB
2	turn.com 1 redirects ad.turn.com — Cisco Umbrella Rank: 649 r.turn.com — Cisco Umbrella Rank: 2156	878 B
2	retailads.net 1 redirects cdn.retailads.net — Cisco Umbrella Rank: 121929	5 KB
2	gstatic.com fonts.gstatic.com	26 KB
2	dyntrk.com 2 redirects c.eu1.dyntrk.com — Cisco Umbrella Rank: 4363	1 KB
2	mathtag.com 2 redirects sync.mathtag.com — Cisco Umbrella Rank: 372	2 KB
2	teads.tv sync.teads.tv — Cisco Umbrella Rank: 750	344 B
2	servedbyadbutler.com servedbyadbutler.com — Cisco Umbrella Rank: 13444	11 KB
2	butterbulb.com butterbulb.com — Cisco Umbrella Rank: 208146	685 B
2	quantcount.com 1 redirects rules.quantcount.com — Cisco Umbrella Rank: 822	856 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 88	386 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 33	20 KB
2	sitescout.com pixel.sitescout.com — Cisco Umbrella Rank: 2742	267 B
2	taboola.com cdn.taboola.com — Cisco Umbrella Rank: 847	159 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 126	113 KB
1	yahoo.com ads.yahoo.com — Cisco Umbrella Rank: 722	446 B
1	chartbeat.net ping.chartbeat.net — Cisco Umbrella Rank: 960	294 B
1	chartbeat.com static.chartbeat.com — Cisco Umbrella Rank: 1071	14 KB
1	sonobi.com sync.go.sonobi.com — Cisco Umbrella Rank: 832	478 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 763	734 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 491	537 B
1	futalis.de futalis.de — Cisco Umbrella Rank: 179357	409 B
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 245	577 B
1	yieldmo.com ads.yieldmo.com — Cisco Umbrella Rank: 634	35 B
1	smaato.net 1 redirects s.ad.smaato.net — Cisco Umbrella Rank: 671	437 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 270	457 B
1	rfihub.com 1 redirects a.rfihub.com — Cisco Umbrella Rank: 2538	1 KB
1	adingo.jp cc.adingo.jp — Cisco Umbrella Rank: 2928	44 B
1	appier.net 1 redirects a.c.appier.net — Cisco Umbrella Rank: 17883	557 B
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 18482	520 B
1	fksnk.com 1 redirects fksnk.com — Cisco Umbrella Rank: 3518	609 B
1	adsafeprotected.com static.adsafeprotected.com — Cisco Umbrella Rank: 526	482 B
1	google.se adservice.google.se — Cisco Umbrella Rank: 50505	792 B
1	quizzicalzephyr.com quizzicalzephyr.com — Cisco Umbrella Rank: 494008	26 KB
1	amazonaws.com ogden_images.s3.amazonaws.com	36 KB
1	basis.net cdn01.basis.net — Cisco Umbrella Rank: 6707	1 KB
1	includemodal.com cdn.includemodal.com — Cisco Umbrella Rank: 22017	34 KB
0	netmng.com Failed google2waycm.netmng.com Failed
0	adfrontiers.com Failed media.adfrontiers.com Failed
456	67

	Domain	Requested by
89	worldonline.media.clients.ellingtoncms.com	www2.kusports.com worldonline.media.clients.ellingtoncms.com
50	pagead2.googlesyndication.com	securepubads.g.doubleclick.net 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com www2.kusports.com tpc.googlesyndication.com b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com googleads.g.doubleclick.net 4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com www.googletagservices.com
49	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com www2.kusports.com
40	tpc.googlesyndication.com	006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com googleads.g.doubleclick.net 4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com www2.kusports.com
29	cm.g.doubleclick.net	10 redirects googleads.g.doubleclick.net b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com www2.kusports.com 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com 4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com
14	www.googletagservices.com	www2.kusports.com 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com securepubads.g.doubleclick.net 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com 4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com
12	hal9000.redintelligence.net	b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com 4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com hal90008.redintelligence.net hal900025.redintelligence.net hal900021.redintelligence.net
10	www.google.com	www2.kusports.com tpc.googlesyndication.com 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com
9	d.adroll.com	6 redirects a.adroll.com
9	ib.adnxs.com	6 redirects googleads.g.doubleclick.net
9	adservice.google.com	securepubads.g.doubleclick.net 8019191.fls.doubleclick.net
8	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
8	006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
7	analyticssystems.net	006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
7	d3plfjw9uod7ab.cloudfront.net	006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
6	s.adroll.com	2 redirects a.adroll.com
6	pv.medialead.de	6 redirects
6	googleads.g.doubleclick.net	11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com www2.kusports.com b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com 4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com
6	adservice.google.de	securepubads.g.doubleclick.net
5	hal90008.redintelligence.net	1 redirects b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com hal90008.redintelligence.net
5	hal900025.redintelligence.net	1 redirects 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com hal900025.redintelligence.net
4	api.webgains.io	analytics.webgains.io
4	8019191.fls.doubleclick.net	2 redirects www2.kusports.com
4	track.webgains.com	www2.kusports.com b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com
4	us-ads.openx.net	securepubads.g.doubleclick.net us-ads.openx.net
3	x.bidswitch.net	2 redirects
3	fonts.googleapis.com	hal90008.redintelligence.net hal900025.redintelligence.net hal900021.redintelligence.net
3	www.awin1.com	b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com 4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com
3	ad-server.eu	b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com 4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com
3	pb.media01.eu	hal90008.redintelligence.net hal900025.redintelligence.net hal900021.redintelligence.net
3	hal900021.redintelligence.net	hal9000.redintelligence.net hal900021.redintelligence.net
3	us-u.openx.net	googleads.g.doubleclick.net
3	sb.scorecardresearch.com	1 redirects cdn.taboola.com www2.kusports.com
3	www.googletagmanager.com	www2.kusports.com adv-srv.office-partner.de
3	maps.google.com	www2.kusports.com maps.google.com
3	www2.kusports.com	1 redirects www2.kusports.com
2	sm.rtb.mts.ru	2 redirects
2	ap.lijit.com	2 redirects
2	cdn.retailads.net	1 redirects futalis.de
2	analytics.webgains.io	track.webgains.com
2	fonts.gstatic.com	fonts.googleapis.com
2	c.eu1.dyntrk.com	2 redirects
2	sync.mathtag.com	2 redirects
2	medialead.de	2 redirects
2	adv-srv.office-partner.de	hal90008.redintelligence.net hal900025.redintelligence.net
2	adv.office-partner.de	2 redirects
2	sync.teads.tv	googleads.g.doubleclick.net
2	11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	servedbyadbutler.com	006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com servedbyadbutler.com
2	butterbulb.com	quizzicalzephyr.com
2	pixel.quantserve.com	1 redirects www2.kusports.com
2	rules.quantcount.com	1 redirects www2.kusports.com
2	www.facebook.com	www2.kusports.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	pixel.sitescout.com	www2.kusports.com
2	cdn.taboola.com	www2.kusports.com cdn.taboola.com
2	connect.facebook.net	www2.kusports.com connect.facebook.net
2	insight.adsrvr.org	1 redirects www2.kusports.com
1	ads.yahoo.com
1	ping.chartbeat.net
1	static.chartbeat.com	www2.kusports.com
1	a.adroll.com	www2.kusports.com
1	tech.rtb.mts.ru	1 redirects
1	sync.go.sonobi.com	4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com
1	sync.srv.stackadapt.com	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	r.turn.com	4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com
1	ad.turn.com	1 redirects
1	futalis.de	hal900021.redintelligence.net
1	s0.2mdn.net	11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com
1	ads.yieldmo.com	11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com
1	s.ad.smaato.net	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	a.rfihub.com	1 redirects
1	cc.adingo.jp	b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com
1	a.c.appier.net	1 redirects
1	ads.travelaudience.com	1 redirects
1	fksnk.com	1 redirects
1	match.adsrvr.org	b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com
1	af2d505fbd2db4dde60a2a2d67fb207e.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	6ccc5fa424d647bd49be4f773c4b014f.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	e50cb70897325bbab3447118d665891a.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	www.google.de	www2.kusports.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	static.adsafeprotected.com	www2.kusports.com
1	edge.quantserve.com	www2.kusports.com
1	adservice.google.se	securepubads.g.doubleclick.net
1	quizzicalzephyr.com	www2.kusports.com
1	maps.googleapis.com	maps.google.com
1	ogden_images.s3.amazonaws.com	www2.kusports.com
1	cdn01.basis.net	www2.kusports.com
1	cdn.includemodal.com	www2.kusports.com
0	google2waycm.netmng.com Failed	4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com
0	media.adfrontiers.com Failed	www2.kusports.com
456	96

This site contains links to these domains. Also see Links.

Domain
www.meritrustcu.org
seatgeek.com
shop.ljworld.com
ljworld.com
boards.kusports.com
www.facebook.com
twitter.com
www2.ljworld.com
geo.itunes.apple.com
play.google.com
www.kuathletics.com
www.kualumni.org
rn12.ultipro.com

Subject Issuer	Validity	Valid
cdn01.basis.net GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-06-14` - `2022-06-14`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
quizzicalzephyr.com R3	`2021-12-17` - `2022-03-17`	3 months	crt.sh
*.sitescout.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-12-15` - `2023-01-15`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-10-24` - `2022-01-22`	3 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-28` - `2022-12-29`	a year	crt.sh
*.scorecardresearch.com Amazon	`2021-02-28` - `2022-03-29`	a year	crt.sh
*.google.se GTS CA 1C3	`2021-12-09` - `2022-03-03`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
butterbulb.com R3	`2021-12-21` - `2022-03-21`	3 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.analyticssystems.net R3	`2021-12-08` - `2022-03-08`	3 months	crt.sh
servedbyadbutler.com Sectigo RSA Domain Validation Secure Server CA	`2022-01-11` - `2023-01-11`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
redintelligence.net R3	`2021-12-21` - `2022-03-21`	3 months	crt.sh
teads.tv R3	`2022-01-03` - `2022-04-03`	3 months	crt.sh
*.media01.eu RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-05-27` - `2022-05-27`	a year	crt.sh
adv-srv.office-partner.de R3	`2022-01-04` - `2022-04-04`	3 months	crt.sh
*.webgains.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-20` - `2022-06-20`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
www.awin1.com DigiCert SHA2 Secure Server CA	`2021-06-11` - `2022-06-16`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.adingo.jp DigiCert TLS RSA SHA256 2020 CA1	`2021-03-26` - `2022-04-14`	a year	crt.sh
*.yieldmo.com Amazon	`2021-05-25` - `2022-06-23`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.webgains.io Amazon	`2021-03-12` - `2022-04-10`	a year	crt.sh
*.futalis.de R3	`2021-12-23` - `2022-03-23`	3 months	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2021-12-08` - `2023-01-09`	a year	crt.sh
cdn.retailads.net Encryption Everywhere DV TLS CA - G1	`2021-07-17` - `2022-07-17`	a year	crt.sh
s.adroll.com Amazon	`2021-08-02` - `2022-08-31`	a year	crt.sh
adroll.mgr.consensu.org Amazon	`2021-09-09` - `2022-10-08`	a year	crt.sh

This page contains 56 frames:

Primary Page: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Frame ID: A26F59488404825B5865EF1F85B0DAF5
Requests: 153 HTTP requests in this frame

Frame: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 2BBD5D15E9010F6F71EB20037A8D3CF9
Requests: 1 HTTP requests in this frame

Frame: https://pixel.sitescout.com/dmp/asyncPixelSync
Frame ID: F810F5B0B720D251C7CC8FA0295B496E
Requests: 1 HTTP requests in this frame

Frame: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 664653F85BD793A1CF044C7C2220F9D7
Requests: 17 HTTP requests in this frame

Frame: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 50613F7B63F9EEE7F7436E5E294C3542
Requests: 18 HTTP requests in this frame

Frame: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 3EBA216CE1CAF281ABF6C0BE737C01F3
Requests: 17 HTTP requests in this frame

Frame: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 8976C15B7E64E3CE5BD156F1C27538FD
Requests: 18 HTTP requests in this frame

Frame: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: C3DAF0D0AACD904836754B99C48058A4
Requests: 11 HTTP requests in this frame

Frame: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: D2A2EDF98915D353A3EAC69B07F4EF48
Requests: 17 HTTP requests in this frame

Frame: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 8D9B86574B051853D27DC8ADCA0304F1
Requests: 18 HTTP requests in this frame

Frame: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 27B91DBF37D39A6E4848484833EB2EFB
Requests: 1 HTTP requests in this frame

Frame: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 2362337063C9064FAFBAC13A292F8709
Requests: 1 HTTP requests in this frame

Frame: https://e50cb70897325bbab3447118d665891a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: F1215077244E9DDBF35A2AB88E511579
Requests: 1 HTTP requests in this frame

Frame: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: DDE1916DBD15560BCBA7A54647DB2BD7
Requests: 1 HTTP requests in this frame

Frame: https://6ccc5fa424d647bd49be4f773c4b014f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: C6F513BDF3FB15F698908B8093423126
Requests: 1 HTTP requests in this frame

Frame: https://af2d505fbd2db4dde60a2a2d67fb207e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: B19DE4E4FC9710140785937E4DFBD7D5
Requests: 1 HTTP requests in this frame

Frame: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: E86206EDDA1F4B5663F85879192D75D8
Requests: 13 HTTP requests in this frame

Frame: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: A1A13745E4C6C914F7D0494E296CCA08
Requests: 19 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A0BAE2FE1105049439D88F18FA632345
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 15486F11D869E6A06A642FE182377846
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 5EE11CEA529186712315FBC32D2A901F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F2948E7EFFC405F1121AF9D8FE58D488
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 7888E936F1112E8469947D822507EE21
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 5329302D30791208FB6A0AFC0818359B
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 559D8E921803DC21AFE7C31721505567
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: E05FF1128AC58948B758009FD7FB7384
Requests: 2 HTTP requests in this frame

Frame: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: EDD7647C6ED7907917CE5AC0496DB04C
Requests: 19 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstchlcp6PS2BOsFgMt4g9Y78fo643IMDFIuOYI7UFxaBJ_0khDkVa1M2gOCbfUoqMk9Z0nRpMrwsYeQ3CHcJ2uZHaHqQTKi8yY9e7pNNe5ZPojt-1HrXCu7D4rRMX4Ul47fILBXJQySZc7UiHjrbMt7A16Rd9lkVxKbjG7wHQpKO7gKnmWe71Qu_0q7sjRE2mP97rAmxj315Co0y3ciY7WcvVU2QBzn0CvUsU_FFHp_h8mbfdfBzrAlTF7BUNmnjQpcroXBUt-Tl0mzPLByGroV0JqNuzsiNpi5Ji5LhD40GPVXtTxZK7-TGGfUQqhtYym6J61eF3rNsPLMYuEoSEkO_kGUnQkxAg&sig=Cg0ArKJSzHM4IBDk5tU0EAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 7D681BC78B5AF3051E674297C1C37E46
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNVL9QfhQdgLz3biG9OsBAuWwBUCBXEPFIarhSbQgMfgy0HXRFQpClink_QghS5sPCohWcB2Lxl0cTWFHtrvHWo49ebZEXRTGK-5dLs1SagY107_QdKoXGEOpCR2ESPfPKDpFgOPILt6dP5wGhbtkyGPbMBcEA2Z27VUzzUHd34regqKTJCwaxdlaOhbVzZdDmtiZVwsW2BXL_POCmHVfw80hj_GHg
Frame ID: 2560DA082D151B3B4BC1188762423CEA
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYr8jFlQEwAQ&v=APEucNVl8gnMteskHKVtCZCHXFR2Wtwf_syFby4BSZX91wjL-FofrRQ0Hvuesjdpihv8EOSRfjWl97fOZdqJhusmq649PnQmYxinBXdsXmx_pJ-bh_FDHgP10xUGsf7LtTJe3Ju6yADO9bVcTBXBj-fKwJv1JEpulMGv66YFjLf2cPXGgXs3yTkpV-1Zc5OrngR-0rGvr25JOEE7GUsERI_lTrwkEDkrrw
Frame ID: 2BF1D47583A3401E89521FA675DC794E
Requests: 5 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsud_O1-J_UySaNkGYVc3hqLCwqDNNEr_BcVL1fNkpOYAs0TLyD9Z8_r-3KTUWrOcCSUmSnsy7_Hua0rmV1O7vlyceIrDgZR6NhtwJ_4eijO5KEcsQF9BLwErJnwnZgEU0wcxR-gaO98KdKEfIGjBYhgqv94eCC7KQkMB0So789MZTlbTnDRuTc9phh1rVaMFwViCLxwS4-peAl_P3jPh4bHLysRn6dgfRPsL78GM4LUC7MJJtI7weUjFjenMF8_Gh73knvdP3iNZMDU9yx8ghd-KgJVYi0x7iLc3z3BTf7GkxBip-ZoPdw9u3H_ZiYYbMg6J7MV7H2c2cgR8OROa_aeiQBTnj1vdQ&sig=Cg0ArKJSzLR6HCkwlBKLEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 9C34B64580E90D7315A2BF9EE3E757A3
Requests: 6 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst-16JGuuxJzT-QLTKdMbD8P-viAqCAyJ_DpCFUrfYoUFN_1Tl-GAJJrMQi_3F5yDTGO_sL4Xp0WboUOFIAlf3OITj20jeTlf8lJJ1EwKfd92J1pHeooQjGXFU9ZBI4jJE5J-aLKjG1fcrU0_SpP_Z9o1_bwUxSw7isRKlp6BxW136R7NWGBo5jnV-LIeOBXzM-s6wSQF34WHrOKNqBsfH2HzpvzYVkY_uaT3H0iTxEq9Di_Kz0X8dDDi4ZydpyLKzsZWIBs9mdfnyi_vIbNS703B0xVjvatVU5y0CaRnJYHPMTzBteO6vQAvycx9Z8aURSawbhUL15HQTDby43sv_ksX2kDXrGQw&sig=Cg0ArKJSzH5ocTBBpHnjEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: E9E733A1E3E799805A5D470A2BEB97DD
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNW-UEYNG8jd6v-2AMr73dRKqaVBXXBuW98TS90SD5E_A1WyaTxaN00PWafIKksdaXEqECytElXiRfLcg-hoOSbdjEue4g1ZfEAx5zBuMtIBC3jHKk7vTjMuVBTa8xPhXOnn1n7v8GjyL2PSe86gFk1VIEiSqPdEz1hgf88ranb__1eGkJXdmzbujHbH8YXMkcA_nw2CaGcVt6yhQFLqA2d92LEVxQ
Frame ID: A336470C06538BED76D31AB61B206287
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 7FC82B7E151F64D7CD8EE70872770558
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 35A79F1761FA418C4183F6FCECC69BCF
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 5D9BAA15D17E496EA824CE7667F721E7
Requests: 3 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=17465700169443000710624011840008&actionid=879111&produktid=ratenkredit&dt_url=
Frame ID: 59BEAEDA55D415348869A07933293B1C
Requests: 1 HTTP requests in this frame

Frame: https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 0F311E557514C4712D340E32F7112264
Requests: 2 HTTP requests in this frame

Frame: https://8019191.fls.doubleclick.net/activityi;dc_pre=CN3ehcKatPUCFUYeGwod2kcNXw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5393761128647.316
Frame ID: 086D1E282142329DEA111774998BF40E
Requests: 2 HTTP requests in this frame

Frame: https://hal90008.redintelligence.net/request_content.php?s=17465700169443000710624011840008&a=123726c4
Frame ID: ECEE7CF64A30465D4CDBE2C513604D09
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: B4E585096D2E4D8FDBFEBBA4E465B16B
Requests: 9 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=81242400162929400710612011840025&actionid=731824&produktid=businessgiro&dt_url=
Frame ID: D817D7C74902F47235F4C8ECB5FA0ABD
Requests: 1 HTTP requests in this frame

Frame: https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 4746141C73F734CDC0FA1C2887FF3E36
Requests: 2 HTTP requests in this frame

Frame: https://8019191.fls.doubleclick.net/activityi;dc_pre=CPLhhcKatPUCFQidhQodybQL_Q;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2989694414256.576
Frame ID: 616ED720872B2A09A351870DCFC58321
Requests: 2 HTTP requests in this frame

Frame: https://hal900025.redintelligence.net/request_content.php?s=81242400162929400710612011840025&a=a646e1c7
Frame ID: E6BCB97B8824E074E3E1CAC55B58025E
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 641E5B531C3460D3A42592A09D97AC27
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: D3090682E38791FA83696E86B178B7AB
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 7661442C91F8992719BFDC8F71861B1C
Requests: 2 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=81424300148569000710612011840021&actionid=879111&produktid=ratenkredit&dt_url=
Frame ID: BF35F2148C529EA5771AA80973BBB5FC
Requests: 1 HTTP requests in this frame

Frame: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1145042063
Frame ID: 91C0F0980E6250C07D15447A5BADE317
Requests: 2 HTTP requests in this frame

Frame: https://hal900021.redintelligence.net/request_content.php?s=81424300148569000710612011840021&a=e408850e
Frame ID: 3FC1C87C912D6A85E62F64981717ED3D
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 2DCD8EEED1784DE8E76CF26A2D27894B
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 6DBADA7A410C3DB346C57CB472F7E9BB
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0DF70D7555332141F6696E5A667E0341
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: EF98266C7F1917FFA48444C1702D2317
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: CD9A0A04E12F6A4F87349D6C22428766
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

"❄⡿⡹ Buy Hydroxychloroquine Over the Counter: 🤩 www.HealsPills.store 🤩 Uses, Dosage ⡹⡿❄Buy Hydroxychloroquine Sulfate Buy Hydroxychloroquine" | Search | KUsports.com

Detected technologies

Google Maps (Maps) Expand

Overall confidence: 100%
Detected patterns

//maps\.google(?:apis)?\.com/maps/api/js

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Chartbeat (Analytics) Expand

Overall confidence: 100%
Detected patterns

chartbeat\.js

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Lightbox (JavaScript Libraries) Expand

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

SWFObject (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

swfobject.*\.js

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

456
Requests

66 %
HTTPS

41 %
IPv6

67
Domains

96
Subdomains

70
IPs

10
Countries

5097 kB
Transfer

11633 kB
Size

60
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://www.meritrustcu.org/home/personal/checking?utm_campaign=debit_cards_red&utm_source=LJW_digital&utm_medium=paid//
Title: Sponsored by:

Search URL Search Domain Scan URL

URL: https://www.meritrustcu.org/home/personal/checking?utm_campaign=debit_cards_red&utm_source=LJW_digital&utm_medium=paid/

Search URL Search Domain Scan URL

URL: https://seatgeek.com/kansas-jayhawks-basketball-tickets?aid=12341
Title: Tickets

Search URL Search Domain Scan URL

URL: https://shop.ljworld.com/
Title: Shop

Search URL Search Domain Scan URL

URL: http://ljworld.com/
Title: LJWorld

Search URL Search Domain Scan URL

URL: http://boards.kusports.com/
Title: Message boards

Search URL Search Domain Scan URL

URL: https://www.facebook.com/KUsportsdotcom/
Title: Facebook

Search URL Search Domain Scan URL

URL: http://twitter.com/kusports/
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www2.ljworld.com/news/champions2008/
Title: Self-made Champions

Search URL Search Domain Scan URL

URL: https://geo.itunes.apple.com/us/app/kusports.com/id389444893?mt=8
Title: iPhone App

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.whiz.kusports
Title: Android App

Search URL Search Domain Scan URL

URL: http://www.kuathletics.com/staff.aspx
Title: KAI directory

Search URL Search Domain Scan URL

URL: http://www.kualumni.org/chapters/watchsites/
Title: KU Alumni Assoc. Watch Party Sites

Search URL Search Domain Scan URL

URL: http://boards.kusports.com/ubb/postlist.php?Cat=&Board=football
Title: Message Boards

Search URL Search Domain Scan URL

URL: http://boards.kusports.com/ubb/postlist.php?Cat=&Board=basketball
Title: Message Boards

Search URL Search Domain Scan URL

URL: https://rn12.ultipro.com/WOR1007/JobBoard/ListJobs.aspx?__vt=ExtCan
Title: Jobs

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 41

http://insight.adsrvr.org/track/evnt/?adv=71kqd28j&ct=0:1yygqtov&fmt=3 HTTP 301
https://insight.adsrvr.org/track/evnt/?adv=71kqd28j&ct=0:1yygqtov&fmt=3

Request Chain 44

http://www2.kusports.com/search/vertical/photogalleries.gallery/_t200?63053ce3c12ccdabb07c8a8609241a2395705911 HTTP 302
http://www2.kusports.com/search/vertical/photogalleries.gallery/_t200/?63053ce3c12ccdabb07c8a8609241a2395705911=

Request Chain 93

http://connect.facebook.net/en_US/fbevents.js HTTP 307
https://connect.facebook.net/en_US/fbevents.js

Request Chain 122

https://sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&ns__t=1642265170480&ns_c=UTF-8&cv=3.5&c8=%22%E2%9D%84%E2%A1%BF%E2%A1%B9%20Buy%20Hydroxychloroquine%20Over%20the%20Counter%3A%20%F0%9F%A4%A9%20www.HealsPills.store%20%F0%9F%A4%A9%20Uses%2C%20Dosage%20%E2%A1%B9%E2%A1%BF%E2%9D%84Buy%20Hydroxychloroquine%20Sulfate%20Buy%20Hydroxychloroquine%22%20%7C%20Search%20%7C%20KUsports.com&c7=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1642265170480&ns_c=UTF-8&cv=3.5&c8=%22%E2%9D%84%E2%A1%BF%E2%A1%B9%20Buy%20Hydroxychloroquine%20Over%20the%20Counter%3A%20%F0%9F%A4%A9%20www.HealsPills.store%20%F0%9F%A4%A9%20Uses%2C%20Dosage%20%E2%A1%B9%E2%A1%BF%E2%9D%84Buy%20Hydroxychloroquine%20Sulfate%20Buy%20Hydroxychloroquine%22%20%7C%20Search%20%7C%20KUsports.com&c7=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&c9=

Request Chain 126

http://rules.quantcount.com/rules-p-b9OfuctfLWqtE.js HTTP 301
https://rules.quantcount.com/rules-p-b9OfuctfLWqtE.js

Request Chain 129

http://pixel.quantserve.com/pixel;r=122151703;rf=0;a=p-b9OfuctfLWqtE;url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine;uht=2;fpan=1;fpa=P0-1484996935-1642265170685;pbc=;ns=0;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;ref=;d=kusports.com;je=0;sr=1600x1200x24;dst=0;et=1642265170685;tzo=0;ogl=image.http%3A%2F%2Fworldonline%252Emedia%252Eclients%252Eellingtoncms%252Ecom%2Fstatic%2Fkusports%252Ecom%2Fimages%2Fkus HTTP 301
https://pixel.quantserve.com/pixel;r=122151703;rf=0;a=p-b9OfuctfLWqtE;url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine;uht=2;fpan=1;fpa=P0-1484996935-1642265170685;pbc=;ns=0;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;ref=;d=kusports.com;je=0;sr=1600x1200x24;dst=0;et=1642265170685;tzo=0;ogl=image.http%3A%2F%2Fworldonline%252Emedia%252Eclients%252Eellingtoncms%252Ecom%2Fstatic%2Fkusports%252Ecom%2Fimages%2Fkus

Request Chain 290

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDmOX-8pE1KxZtQBgYFHG_U&google_cver=1

Request Chain 291

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YeL6VKCtowhFoRAqlQFmRwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDmOX-8pE1KxZtQBgYFHG_U&google_cver=1

Request Chain 292

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEH8Svas8JXn-79FhHKa3fsI&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEH8Svas8JXn-79FhHKa3fsI%26google_cver%3D1

Request Chain 293

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzY2NzY0NTg5NDQ4OTkzMzk5NA%3D%3D

Request Chain 294

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDmOX-8pE1KxZtQBgYFHG_U&google_cver=1

Request Chain 295

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YeL6VKCtowhFoRAqlQFmRwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDmOX-8pE1KxZtQBgYFHG_U&google_cver=1

Request Chain 296

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEH8Svas8JXn-79FhHKa3fsI&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEH8Svas8JXn-79FhHKa3fsI%26google_cver%3D1

Request Chain 297

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzY2NzY0NTg5NDQ4OTkzMzk5NA%3D%3D

Request Chain 317

https://hal900025.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=b4a1fa435f&subid=&uid=be250ebcec86a09e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCp1aCU_riYaqfMeKKjuwP0biyyAq1zfmDV_zYuavlDPAuEAEgiIC_FGCV8pyCrAfIAQmpAjTwtOc1J7M-qAMBqgSAAk_QOocKilDNYl2FcctR1IkCFy72v_QVEthqk8fdRRmOR9hDpEpgdaew58oxo3AhKUyw1gw4kdWwcLTQSYQhbJiNtpQr2abe2lDirJSEJgXCcuXBafjevAB0VXn-h8SjWzYIrv2Ywna5FE6PQd5yWakXQUqQS4h-_EVlD8smZAW4DDLuXpK5_RFqfuV5SHWOMMTB0GmKMXcogC7828lH5MwsQRyoUrwAR61Xwb1unIHv5PEajLj7AfoSyx-XTVK3IEH2xgYs2DQ4JyYZZIJAbqaGQafdohM-NdEWXVA0HdsyKKeS_DcpqfOTQig_kwU81v-hEiGqZ33LHrIfmccVDvLABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRousGbHcJ6G1VDH_kxKgPkag%26sig%3DAOD64_25MlZ0oVQky1Q2eNURrKaFiomzkw%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-DBJNbtxMhooN3k_rPRIrmR-rhTRHg08Wrk2MEM112bJP6Z4cbTFqyQQ1CFFcPQcq-AHeIyLcXm4PVR3dIdib1p0-f-sd7cGnPFjJQdH__RoWUgn64gsh7x13zedIEjdoRMg8Pt3LIiUNhn0uzI0dJEPuFv4w%26cry%3D1%26dbm_d%3DAKAmf-CT2l3ni5tbz3bGjDJ-LSIHbWxObwA5ub-urwJ-frlWFpzybnAFY4ukeabO3dSftrCSN0xfQsPR6tWmIsyeXHA6IzqKwgTSa6jXBlpeep_VNsJto9WmLMYUfwWAmQWXUOlkr03Dby6uUNEqehIyEZpbl8bgxKp-5c8-9Df0L6Az0cnWzB9LquvGGQclBKz-FzGcSZpxWRQDAaOcAeNC-2iZToBQy99jpbR2om_OdZrfQsLv90KsCmFE1P4BKjYDFQBQqt7hr6jQxVbNPnfjvxZGhHRfdWNdfyFHlGRGk4ymh0rgqmbGPmpfWu_LhQALwfSrjjwytG7pfGKbnX-1UscX0zemgR90awuULLAFaXqShsiSsG6ZrxSxCXBMflOoV7YWNnrWLLt-AT2D1V832onZxznx1g%26adurl%3D&documentReferer=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=7878561870351&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900025.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=b4a1fa435f&subid=&uid=be250ebcec86a09e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCp1aCU_riYaqfMeKKjuwP0biyyAq1zfmDV_zYuavlDPAuEAEgiIC_FGCV8pyCrAfIAQmpAjTwtOc1J7M-qAMBqgSAAk_QOocKilDNYl2FcctR1IkCFy72v_QVEthqk8fdRRmOR9hDpEpgdaew58oxo3AhKUyw1gw4kdWwcLTQSYQhbJiNtpQr2abe2lDirJSEJgXCcuXBafjevAB0VXn-h8SjWzYIrv2Ywna5FE6PQd5yWakXQUqQS4h-_EVlD8smZAW4DDLuXpK5_RFqfuV5SHWOMMTB0GmKMXcogC7828lH5MwsQRyoUrwAR61Xwb1unIHv5PEajLj7AfoSyx-XTVK3IEH2xgYs2DQ4JyYZZIJAbqaGQafdohM-NdEWXVA0HdsyKKeS_DcpqfOTQig_kwU81v-hEiGqZ33LHrIfmccVDvLABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRousGbHcJ6G1VDH_kxKgPkag%26sig%3DAOD64_25MlZ0oVQky1Q2eNURrKaFiomzkw%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-DBJNbtxMhooN3k_rPRIrmR-rhTRHg08Wrk2MEM112bJP6Z4cbTFqyQQ1CFFcPQcq-AHeIyLcXm4PVR3dIdib1p0-f-sd7cGnPFjJQdH__RoWUgn64gsh7x13zedIEjdoRMg8Pt3LIiUNhn0uzI0dJEPuFv4w%26cry%3D1%26dbm_d%3DAKAmf-CT2l3ni5tbz3bGjDJ-LSIHbWxObwA5ub-urwJ-frlWFpzybnAFY4ukeabO3dSftrCSN0xfQsPR6tWmIsyeXHA6IzqKwgTSa6jXBlpeep_VNsJto9WmLMYUfwWAmQWXUOlkr03Dby6uUNEqehIyEZpbl8bgxKp-5c8-9Df0L6Az0cnWzB9LquvGGQclBKz-FzGcSZpxWRQDAaOcAeNC-2iZToBQy99jpbR2om_OdZrfQsLv90KsCmFE1P4BKjYDFQBQqt7hr6jQxVbNPnfjvxZGhHRfdWNdfyFHlGRGk4ymh0rgqmbGPmpfWu_LhQALwfSrjjwytG7pfGKbnX-1UscX0zemgR90awuULLAFaXqShsiSsG6ZrxSxCXBMflOoV7YWNnrWLLt-AT2D1V832onZxznx1g%26adurl%3D&documentReferer=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=7878561870351&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 318

https://hal90008.redintelligence.net/request.php?zone=ma1tq3l10cm4&nw=20&renderingType=javascript&namespace=a6b19f6e16&subid=&uid=a1637dc014bd30d7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC8cNDU_riYZfvK8OV7_UPhsqlsAK1zfmDV5zfuavlDPAuEAEgiIC_FGCV8pyCrAfIAQmpAjTwtOc1J7M-qAMBqgSBAk_Qw8qw5wE7Ha7g29JS-QXz1HF11kPMUMM4EFkhi2OFj6vsD87Jv6J8h3Kp3QcHmkNViixa7pvJVN52vMznloPKDAswfW5SCrC2WKtde2izQlQhwvTWsVCC7OObymhFBxyWmygA8spILKFyT5Bou48Gng5kAQZbYxPLOCcdK8q1h4YEf9Ew-_fzjd9cvBQlhP0naE0DlumVxc3G6bjmoyJ6vuQvTVuKmwExtGTg7G_VZU0WIm-2xjN9cgKpWNsIWn0VIsIFYogJW0vpOQiStWMMzq1ew8iaQ16IcHSGQyTifgpUJblKW8sFptrIKvJVSXiAXqOY84ajNjA4yglHlHv3wASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIgOGAEBABGB2ACgOYCwHICwGADAGwE9yZ6w3QEwDYEwPYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASEuRozl-fpgmeZueD6JqJ9fIPpA%26sig%3DAOD64_1NFG0z-MTlBmf-98ylx5sF6FnqKg%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-DgN8wAP-igVJa7E-5MQe2OG28pwVhTggbI_HjI43CTGWZqr2iqajl5tiwhzjV8RTOGDbIsyZUbwTkdW1cMxgK_rZuvm-p-t9QjSKARfkof7W9MZBSuz201brQX3e8bT42dEQPWax-nFlR7wOGYQUk3_l2DFg%26cry%3D1%26dbm_d%3DAKAmf-AcANq7qfJZrVdbrQwNib-9e5hVdNmqOwFfPDtc0_k_hcocM3oq_9tQL7eiB70L5y8_El8Lf44oEDYPL9Q2XpGjIqN5wWqsuHyNBXf9BDfTcRJa6hmIFaTfo2R3b1a_gI_umFHymR_Jit0s1D2Lxjs7HishTV_9frRLh6Xr_A4q742Z_7F9vgJW9RwXow0NYSCwOeIDfRDW6ROYUs_MHxJevriggZcXQn_RD1cQaATzdqlQOc0d3Z_W9hRJXXR4expdB64l12EAQhs616AsSye_3Iufui4mEHqM_fWpKm4nhvGuiJMTv8Kp0LrSle5XT0x-WIEN4GHL7nOecPFNLjoNgn-ssMrQ4-fJ6h7oOJ-11bKS_8AEAWiQT3XH3ijgHLGzS1rjMavfoGfOc2qldC8Pf2OuuA%26adurl%3D&documentReferer=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=2725659489093&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal90008.redintelligence.net/request.php?zone=ma1tq3l10cm4&nw=20&renderingType=javascript&namespace=a6b19f6e16&subid=&uid=a1637dc014bd30d7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC8cNDU_riYZfvK8OV7_UPhsqlsAK1zfmDV5zfuavlDPAuEAEgiIC_FGCV8pyCrAfIAQmpAjTwtOc1J7M-qAMBqgSBAk_Qw8qw5wE7Ha7g29JS-QXz1HF11kPMUMM4EFkhi2OFj6vsD87Jv6J8h3Kp3QcHmkNViixa7pvJVN52vMznloPKDAswfW5SCrC2WKtde2izQlQhwvTWsVCC7OObymhFBxyWmygA8spILKFyT5Bou48Gng5kAQZbYxPLOCcdK8q1h4YEf9Ew-_fzjd9cvBQlhP0naE0DlumVxc3G6bjmoyJ6vuQvTVuKmwExtGTg7G_VZU0WIm-2xjN9cgKpWNsIWn0VIsIFYogJW0vpOQiStWMMzq1ew8iaQ16IcHSGQyTifgpUJblKW8sFptrIKvJVSXiAXqOY84ajNjA4yglHlHv3wASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIgOGAEBABGB2ACgOYCwHICwGADAGwE9yZ6w3QEwDYEwPYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASEuRozl-fpgmeZueD6JqJ9fIPpA%26sig%3DAOD64_1NFG0z-MTlBmf-98ylx5sF6FnqKg%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-DgN8wAP-igVJa7E-5MQe2OG28pwVhTggbI_HjI43CTGWZqr2iqajl5tiwhzjV8RTOGDbIsyZUbwTkdW1cMxgK_rZuvm-p-t9QjSKARfkof7W9MZBSuz201brQX3e8bT42dEQPWax-nFlR7wOGYQUk3_l2DFg%26cry%3D1%26dbm_d%3DAKAmf-AcANq7qfJZrVdbrQwNib-9e5hVdNmqOwFfPDtc0_k_hcocM3oq_9tQL7eiB70L5y8_El8Lf44oEDYPL9Q2XpGjIqN5wWqsuHyNBXf9BDfTcRJa6hmIFaTfo2R3b1a_gI_umFHymR_Jit0s1D2Lxjs7HishTV_9frRLh6Xr_A4q742Z_7F9vgJW9RwXow0NYSCwOeIDfRDW6ROYUs_MHxJevriggZcXQn_RD1cQaATzdqlQOc0d3Z_W9hRJXXR4expdB64l12EAQhs616AsSye_3Iufui4mEHqM_fWpKm4nhvGuiJMTv8Kp0LrSle5XT0x-WIEN4GHL7nOecPFNLjoNgn-ssMrQ4-fJ6h7oOJ-11bKS_8AEAWiQT3XH3ijgHLGzS1rjMavfoGfOc2qldC8Pf2OuuA%26adurl%3D&documentReferer=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=2725659489093&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 321

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEHO1l6kG4sTqLtWPLJuW0Uk&google_cver=1

Request Chain 323

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEA2_xIOjN1p8PSv_uCfO9zE&google_cver=1

Request Chain 336

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=17465700169443000710624011840008&t=htlp HTTP 301
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=17465700169443000710624011840008&actionid=879111&produktid=ratenkredit&dt_url=

Request Chain 337

https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains HTTP 301
https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Request Chain 339

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5393761128647.316 HTTP 302
https://8019191.fls.doubleclick.net/activityi;dc_pre=CN3ehcKatPUCFUYeGwod2kcNXw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5393761128647.316

Request Chain 341

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=17465700169443000710624011840008 HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=17465700169443000710624011840008 HTTP 301
https://ad-server.eu/wm/pb/native.png

Request Chain 345

https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=81242400162929400710612011840025&t=htlp HTTP 301
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=81242400162929400710612011840025&actionid=731824&produktid=businessgiro&dt_url=

Request Chain 346

https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains HTTP 301
https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Request Chain 348

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2989694414256.576 HTTP 302
https://8019191.fls.doubleclick.net/activityi;dc_pre=CPLhhcKatPUCFQidhQodybQL_Q;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2989694414256.576

Request Chain 350

https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=81242400162929400710612011840025 HTTP 301
https://ad-server.eu/wm/pb/native.png

Request Chain 366

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEMBOv99iJtQJDvHH0HV622c&google_cver=1&google_push=AYg5qPKlpkL68ZANQ0g0xU5wpPR93jtqKplxv-mhyTKwSxjPvRyqVQyyK8qZoDIF18IAxtrdBnP8kEXcrTrGFfNoOo8k1zpFfu7Z HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPKlpkL68ZANQ0g0xU5wpPR93jtqKplxv-mhyTKwSxjPvRyqVQyyK8qZoDIF18IAxtrdBnP8kEXcrTrGFfNoOo8k1zpFfu7Z

Request Chain 368

https://fksnk.com/cs/google?google_gid=CAESEH_h84emGnIOelv-bhqKWiY&google_cver=1&google_push=AYg5qPLY8VLf7IdrDTMj124EsegTh8dlvGQP1bGZTEDgwhiSA0LUht53eaIECxu0_Nng8XsIlPHkcWUxS_DQ3zvyP7bQID7iGBkO HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=QTE1ODA4M0M1Mjk4NDhDRg==

Request Chain 369

https://ads.travelaudience.com/google_pixel?google_gid=CAESELsQyuw4f-stzhzbodWXikM&google_cver=1&google_push=AYg5qPKOGqXoJYdCG-EQgmQCOvDh_FvcgQ8-3YaUIJnau_RmmoSHzN0WyG4Q0x4W63Uc0DKL6ftTkI7Ay0KBlvzAtskRpUfY2giz HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=p1mLQiACSBGi4j809dxpVA2&google_push=AYg5qPKOGqXoJYdCG-EQgmQCOvDh_FvcgQ8-3YaUIJnau_RmmoSHzN0WyG4Q0x4W63Uc0DKL6ftTkI7Ay0KBlvzAtskRpUfY2giz

Request Chain 370

https://a.c.appier.net/gcm?google_gid=CAESEEJythMgl24bv6WxPbsu5HM&google_cver=1&google_push=AYg5qPKR_N8RyVswxnEY6JWvQZaRkx2GzDRUwQg7_EcZXw3_yLsrI5RTIt8J_1Fqkepq2HVVCHt52wzbAqgQSqRvvn-TtE8KI8l8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=NUk0Tzk1bVVEaGlaSVNGZFZmcmlZUQ%3D%3D&google_push=AYg5qPKR_N8RyVswxnEY6JWvQZaRkx2GzDRUwQg7_EcZXw3_yLsrI5RTIt8J_1Fqkepq2HVVCHt52wzbAqgQSqRvvn-TtE8KI8l8

Request Chain 372

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEMknQmXofPJ_HIUbZqdw_Ak&google_cver=1&google_push=AYg5qPII4khjOtlW5O-tQnb3ZJkAeG8DhZCOaw-Xy3KXmdFzLfwYNGv-FrJiiPipbiEG37IK5QLFkbpC6ubw1BdyORBkFse1xq_WRA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPII4khjOtlW5O-tQnb3ZJkAeG8DhZCOaw-Xy3KXmdFzLfwYNGv-FrJiiPipbiEG37IK5QLFkbpC6ubw1BdyORBkFse1xq_WRA&google_hm=MjAzOTc1MTEwOTQ3NDM3OTc5Ng==

Request Chain 374

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEMBOv99iJtQJDvHH0HV622c&google_cver=1&google_push=AYg5qPKmP5yF8mzOd73dOouWBjj0DZnjUa4IdH7V6xq_E5bfQlwDKB_caqvv0IvLuxPdVNV0z7-asiNUsZM5Z7L5qA7qhJjmMk0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPKmP5yF8mzOd73dOouWBjj0DZnjUa4IdH7V6xq_E5bfQlwDKB_caqvv0IvLuxPdVNV0z7-asiNUsZM5Z7L5qA7qhJjmMk0

Request Chain 375

https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESEIWCdXedUseGsqPS7RfJQd0&google_cver=1&google_push=AYg5qPJqQvJosPPK4SxI5dESyQCWHKp5TGzD1S45a26iFPO0ZvG2VdBbEAiqZoSXRPhsFWsjvR1DlLoLAwQnJzQZV8zFbypImycj HTTP 302
https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESEIWCdXedUseGsqPS7RfJQd0&google_cver=1&google_push=AYg5qPJqQvJosPPK4SxI5dESyQCWHKp5TGzD1S45a26iFPO0ZvG2VdBbEAiqZoSXRPhsFWsjvR1DlLoLAwQnJzQZV8zFbypImycj&prevuid=&knw= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AYg5qPJqQvJosPPK4SxI5dESyQCWHKp5TGzD1S45a26iFPO0ZvG2VdBbEAiqZoSXRPhsFWsjvR1DlLoLAwQnJzQZV8zFbypImycj&google_hm=

Request Chain 376

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEDP3rocSLTNbqOulRlwpJdE&google_cver=1&google_push=AYg5qPJsf-zPvX4myIaE70yrf-ihd2t0bPbHRE84-QntxZuki0zkg17bOsIGR5zCJPSSHxYKgp897QFW8AzmMFKihvBI8ODys_I5 HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEDP3rocSLTNbqOulRlwpJdE&google_cver=1&google_push=AYg5qPJsf-zPvX4myIaE70yrf-ihd2t0bPbHRE84-QntxZuki0zkg17bOsIGR5zCJPSSHxYKgp897QFW8AzmMFKihvBI8ODys_I5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJsf-zPvX4myIaE70yrf-ihd2t0bPbHRE84-QntxZuki0zkg17bOsIGR5zCJPSSHxYKgp897QFW8AzmMFKihvBI8ODys_I5&google_hm=ZZ2FITpHRh2yc89-JAMvmg==

Request Chain 377

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBKhbf3kQIy5ERSPJFg24p8&google_cver=1&google_push=AYg5qPKUIYtMYvXfwquDcmKVCOPBrqAmLX45FvTPnSaUXbdMBQAzvUZ9DOR1eMrgheYt8iYycUMHal_G5A_qdOsyGJGJtV53oSK6 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1lHMkE1RzItTy1INVAz&google_push=AYg5qPKUIYtMYvXfwquDcmKVCOPBrqAmLX45FvTPnSaUXbdMBQAzvUZ9DOR1eMrgheYt8iYycUMHal_G5A_qdOsyGJGJtV53oSK6

Request Chain 378

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEDp1Sz3XqYiBYjkV3WQjfu4&google_cver=1&google_push=AYg5qPJ2xFNKoPhLAVdxC2wSA8uGRZN3q26eLleQnmSqbtiZaqm8bajPjATxJnlDSX2p0aonBU_SiKNq8rEo97TuCHfkw3lacB0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJ2xFNKoPhLAVdxC2wSA8uGRZN3q26eLleQnmSqbtiZaqm8bajPjATxJnlDSX2p0aonBU_SiKNq8rEo97TuCHfkw3lacB0

Request Chain 416

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=81424300148569000710612011840021&t=htlp HTTP 301
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=81424300148569000710612011840021&actionid=879111&produktid=ratenkredit&dt_url=

Request Chain 417

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=81424300148569000710612011840021&ra_cnt_active=1&ra_cnt=1 HTTP 302
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1145042063

Request Chain 419

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=81424300148569000710612011840021 HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=81424300148569000710612011840021 HTTP 301
https://ad-server.eu/wm/pb/native.png

Request Chain 424

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEHuAc1VzYuClsjxvPmf8U8o&google_cver=1&google_push=AYg5qPIBH89i5dC8N1Awm1hSU7KfCVvvDBgFa26hidM4tZiu6Jj0OI12ilkog1IRf349T6eeFo4fUaIb8XYdJ3Lg-V0LlCUVt29eaQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzM2MDExNDA1NTk3MTIwODE4NQ==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEHuAc1VzYuClsjxvPmf8U8o&google_cver=1

Request Chain 425

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEOM16NHAisNS6iN2GdvUGuk&google_cver=1&google_push=AYg5qPL4YqxXguYFZWodueK2LQjYxU5vFflNH2Z1q1dHNqFKVszBMcsrYToLcBwTO0SV7hQmA2229Drc5Sua1bWLOM7BhSFfnPzE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEOM16NHAisNS6iN2GdvUGuk&google_push=AYg5qPL4YqxXguYFZWodueK2LQjYxU5vFflNH2Z1q1dHNqFKVszBMcsrYToLcBwTO0SV7hQmA2229Drc5Sua1bWLOM7BhSFfnPzE

Request Chain 426

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEP-Y1IcD6JV1zw17dQMlPbY&google_cver=1&google_push=AYg5qPJpsjF7gQojdJlt6AtpXtproA_kC45VZ4XzV8PnbDQ7vf6usR0VDuArjq7fY4KyA_jVVnV8qpiBD9_KBgtdrru1CWS8ECZg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=v0FTe9y7T65fhnGL4hXR6tly14U&google_push=AYg5qPJpsjF7gQojdJlt6AtpXtproA_kC45VZ4XzV8PnbDQ7vf6usR0VDuArjq7fY4KyA_jVVnV8qpiBD9_KBgtdrru1CWS8ECZg

Request Chain 428

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEG5xXsa0bHnONwr0uwKnbaM&google_cver=1&google_push=AYg5qPI6NnGexXOmFfjim24ZqFRsK-sTptfc2JDF5gzgtDDp5eVnISfxm0j6rsTA9iGXXS2FhwH0sQ5njiF9OyLsBHWvkYCWr2V5 HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEG5xXsa0bHnONwr0uwKnbaM&google_cver=1&google_push=AYg5qPI6NnGexXOmFfjim24ZqFRsK-sTptfc2JDF5gzgtDDp5eVnISfxm0j6rsTA9iGXXS2FhwH0sQ5njiF9OyLsBHWvkYCWr2V5&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPI6NnGexXOmFfjim24ZqFRsK-sTptfc2JDF5gzgtDDp5eVnISfxm0j6rsTA9iGXXS2FhwH0sQ5njiF9OyLsBHWvkYCWr2V5&google_hm=4501c70d0c718c4c3d5a8b8e

Request Chain 429

https://sm.rtb.mts.ru/p?ssp=googleban&pm=1&google_gid=CAESEDwAoxywqAaV2MN8WLvrDB8&google_cver=1&google_push=AYg5qPJDzlwBcibIXLbMD5ApHZupOAr327bBm6tH6rAW7ehM0XsB035_zr472Pnxjf4BGH0I64l447AfpTvfN8t7SzX8_79TW14WT60 HTTP 301
https://sm.rtb.mts.ru/match/second?ssp=12&google_push=AYg5qPJDzlwBcibIXLbMD5ApHZupOAr327bBm6tH6rAW7ehM0XsB035_zr472Pnxjf4BGH0I64l447AfpTvfN8t7SzX8_79TW14WT60&exu=CAESEDwAoxywqAaV2MN8WLvrDB8 HTTP 301
https://tech.rtb.mts.ru/?dsp_uid=1f5326f6-5714-48ae-9bb8-d97458faaf09&return_url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc%26id%3D1f5326f6-5714-48ae-9bb8-d97458faaf09%26google_push%3DAYg5qPJDzlwBcibIXLbMD5ApHZupOAr327bBm6tH6rAW7ehM0XsB035_zr472Pnxjf4BGH0I64l447AfpTvfN8t7SzX8_79TW14WT60 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stream_llc&id=1f5326f6-5714-48ae-9bb8-d97458faaf09&google_push=AYg5qPJDzlwBcibIXLbMD5ApHZupOAr327bBm6tH6rAW7ehM0XsB035_zr472Pnxjf4BGH0I64l447AfpTvfN8t7SzX8_79TW14WT60

Request Chain 445

https://s.adroll.com/j/exp/X7723AQJHJDWVHXHZOPVBN/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 446

https://s.adroll.com/j/pre/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E/fpconsent.js HTTP 302
https://s.adroll.com/j/pre/index.js

Request Chain 461

https://d.adroll.com/pixel/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E?adroll_fpc=c283e10819e72bc8363f9e14a5d1b1d5-1642265176304&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&pv=10861603951.589794&cookie=&adroll_s_ref=&keyw= HTTP 302
https://s.adroll.com/pixel/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E/NT3YRS4RBBEJXN5JBMR5A3.js

Request Chain 462

https://d.adroll.com/cm/r/out?adroll_fpc=c283e10819e72bc8363f9e14a5d1b1d5-1642265176304&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&advertisable=X7723AQJHJDWVHXHZOPVBN HTTP 302
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 463

https://d.adroll.com/cm/b/out?adroll_fpc=c283e10819e72bc8363f9e14a5d1b1d5-1642265176304&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&advertisable=X7723AQJHJDWVHXHZOPVBN HTTP 302
https://x.bidswitch.net/sync?dsp_id=44&user_id=NjVjNjc0ZGU4MjhiMGU3MDExMjhlNDE1Y2YzMTk5NWY

Request Chain 464

https://d.adroll.com/cm/x/out?adroll_fpc=c283e10819e72bc8363f9e14a5d1b1d5-1642265176304&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&advertisable=X7723AQJHJDWVHXHZOPVBN HTTP 302
https://ib.adnxs.com/setuid?entity=172&code=NjVjNjc0ZGU4MjhiMGU3MDExMjhlNDE1Y2YzMTk5NWY

Request Chain 466

https://d.adroll.com/cm/o/out?adroll_fpc=c283e10819e72bc8363f9e14a5d1b1d5-1642265176304&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&advertisable=X7723AQJHJDWVHXHZOPVBN HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=65c674de828b0e701128e415cf31995f

Request Chain 467

https://d.adroll.com/cm/g/out?adroll_fpc=c283e10819e72bc8363f9e14a5d1b1d5-1642265176304&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&advertisable=X7723AQJHJDWVHXHZOPVBN&google_nid=adroll5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=ZcZ03oKLDnARKOQVzzGZXw HTTP 302
https://d.adroll.com/cm/g/in

456 HTTP transactions
13 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www2.kusports.com/search/vertical/photogalleries.gallery/ 55 KB
12 KB 567ms
415ms Document
text/html 208.91.60.6
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL

http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine

Protocol

HTTP/1.1

Server

208.91.60.6 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),

Reverse DNS

ellingtoncms.com

Software

nginx /

Resource Hash

60bc64d05c6e4c092ed9c99c0342cc935776737f6ebcf46e8dc01dda2e5480e4

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Server: nginx
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding, Cookie
X-Beatles: ellington-app-14
Content-Encoding: gzip
Content-Length: 12370
Accept-Ranges: bytes
Date: Sat, 15 Jan 2022 16:46:08 GMT
X-Varnish: 1055875015
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-Cache: MISS

GET
H/1.1 200
OK min.css
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/ 183 KB
183 KB 202ms
101ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/min.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 3d313e573148b8aa541b772ed63b36b5b05520fd0ca9e20dce848bb65916c1ce

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:26 GMT
Last-Modified: Mon, 16 May 2016 19:57:42 GMT
Age: 102
ETag: "1042492297"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 187511
X-Cache-Hits: 6

GET
H/1.1 200
OK apps.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/ 2 KB
2 KB 215ms
107ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: e678f057332a81514ac9719a101737d107488a36cdfa6b612799283695492545

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:26 GMT
Last-Modified: Tue, 14 Jun 2016 16:15:26 GMT
Age: 102
ETag: "1793899651"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1921
X-Cache-Hits: 6

GET
H/1.1 200
OK core.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/ 19 KB
19 KB 216ms
108ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/core.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: d80e5177d7cc173424caf8c3a5a3d5f260123d61ae92678b1a3e9a6bbf99ada5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:26 GMT
Last-Modified: Thu, 18 Feb 2016 18:23:54 GMT
Age: 102
ETag: "1706498810"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19234
X-Cache-Hits: 6

GET
H/1.1 200
OK forms.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/ 5 KB
5 KB 215ms
108ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/forms.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 8fda2396e315276e1fc4e8fe3a0a265fdfbfdb0e45f8005d142b78015a76503c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:26 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:07 GMT
Age: 102
ETag: "1187713669"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4718
X-Cache-Hits: 6

GET
H/1.1 200
OK containers.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/ 9 KB
9 KB 217ms
110ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/containers.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 3752258f545f1cd6c4be6593f9f64ec4eb2d377b8d7e5ce52a1b908d9dcf1875

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:26 GMT
Last-Modified: Fri, 28 Aug 2015 19:45:38 GMT
Age: 102
ETag: "2520653564"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8980
X-Cache-Hits: 6

GET
H/1.1 200
OK comments.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/ 1 KB
2 KB 220ms
111ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/comments.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 9f0e38142f0b67f679d1eaff046562070e44443234a81c1f313f6d0ff41e6f86

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:26 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:07 GMT
Age: 102
ETag: "1665733583"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1233
X-Cache-Hits: 6

GET
H/1.1 200
OK news.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/ 5 KB
5 KB 322ms
108ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/news.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 34983bb02be1afc41c4bd28a7bf5f89d84138fc3d37b09ad61d3fbe680fc466e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:26 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:07 GMT
Age: 102
ETag: "1135088283"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4813
X-Cache-Hits: 6

GET
H/1.1 200
OK destinations.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/ 4 KB
4 KB 325ms
109ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/destinations.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: feeab718072b4a4d047a582abb7dede4ee9f8ee0b3ba36cfd6828a5afa78c572

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:26 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:07 GMT
Age: 102
ETag: "3601797957"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3789
X-Cache-Hits: 6

GET
H/1.1 200
OK twitter.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/ 3 KB
3 KB 325ms
108ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/twitter.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 06ea3f6c711322097aef91b87415a2b67cdacce2b8a08baf5129935fed10591e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:26 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:07 GMT
Age: 102
ETag: "304747337"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3140
X-Cache-Hits: 6

GET
H/1.1 200
OK videos.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/ 2 KB
2 KB 330ms
110ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/videos.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: fcf8a02102c695c381e74234f4a4bdf158f63d9c405697970f46816e572550bd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:26 GMT
Last-Modified: Fri, 07 Nov 2014 03:45:54 GMT
Age: 102
ETag: "748043333"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1774
X-Cache-Hits: 6

GET
H/1.1 200
OK weblogs.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/ 3 KB
3 KB 431ms
109ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/weblogs.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: deea56467e818b9345873eec410a3e53c1be3a1ea2f4f3486a42e8ff64534e6a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:26 GMT
Last-Modified: Fri, 28 Aug 2015 21:34:33 GMT
Age: 102
ETag: "584843429"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3039
X-Cache-Hits: 6

GET
H/1.1 200
OK activity.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/ 2 KB
2 KB 431ms
109ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/activity.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 6ff6c41c1b3e156f7f83074f774356106087b7149eb7fa198673d2c50eaa9490

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:26 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:07 GMT
Age: 102
ETag: "3324842763"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2098
X-Cache-Hits: 6

GET
H/1.1 200
OK tagging.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/ 492 B
801 B 433ms
109ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/tagging.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 4af952994baa0cdd0cee4927dbb7f207a7a28f34bd4b748f4cf5ef30c9a6cde4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:26 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:07 GMT
Age: 102
ETag: "1798324929"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 492
X-Cache-Hits: 6

GET
H/1.1 200
OK comments.css
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/stylesheets/apps/ 7 KB
7 KB 433ms
108ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/stylesheets/apps/comments.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 8eb0885d968635a6e7a706c190c00a8a6f1d88f0b528201eec558e441395d7f8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:26 GMT
Last-Modified: Tue, 28 Oct 2014 21:34:32 GMT
Age: 102
ETag: "3476462056"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6878
X-Cache-Hits: 6

GET
H/1.1 200
OK ugc-photos.css
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/stylesheets/apps/ 1 KB
2 KB 439ms
110ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/stylesheets/apps/ugc-photos.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 3023b8c8a44629993a179f9b49e46244f8d9ec755e3068d1532bb48c0235ecd6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:26 GMT
Last-Modified: Tue, 28 Oct 2014 21:34:32 GMT
Age: 102
ETag: "2256181310"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1320
X-Cache-Hits: 6

GET
H/1.1 200
OK menus.css
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/stylesheets/lib/ 917 B
1 KB 538ms
107ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/stylesheets/lib/menus.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: edce0f5742c946e7271ad95325d3ab2c2ad012adc0a790e52b69c04a37a6a9f7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Tue, 28 Oct 2014 21:34:32 GMT
Age: 102
ETag: "77644060"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 917
X-Cache-Hits: 6

GET
H/1.1 200
OK core.css
worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/ 79 KB
80 KB 539ms
108ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 8a215ebe4733750286ea1780bcb0c9500c96aa14ebf1abe588193e76b7763f1e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:26 GMT
Last-Modified: Wed, 09 Dec 2020 18:24:09 GMT
Age: 102
ETag: "1844968605"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 81138
X-Cache-Hits: 6

GET
H/1.1 200
OK apps.css
worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/ 31 KB
31 KB 543ms
109ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/apps.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 8e3c124520f136bd31f51db7504c41590e86a39c13e8ea479547e2c2cdfeb0db

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:36 GMT
Age: 102
ETag: "1520510295"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 31687
X-Cache-Hits: 6

GET
H/1.1 200
OK activity.css
worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/ 3 KB
4 KB 541ms
108ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/activity.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 1e6d070b6dfc55e901e9280547ca443bf3089030043408df167cf7ae5b1025c7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:36 GMT
Age: 102
ETag: "3857257241"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3397
X-Cache-Hits: 6

GET
H/1.1 200
OK inlines.css
worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/ 4 KB
4 KB 549ms
111ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/inlines.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 71f59d13d69d502b117d87f28fa286757c478447b06f87d4b02c44361c4a4855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:36 GMT
Age: 102
ETag: "4142142171"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4281
X-Cache-Hits: 6

GET
H/1.1 200
OK js Show response
maps.google.com/maps/api/ 156 KB
52 KB 54ms
38ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://maps.google.com/maps/api/js?sensor=true

Requested by

Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine

Protocol

HTTP/1.1

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

mafe /

Resource Hash

561efbd8ea18ac526a913da03b3f3e4557994af182ca61c586212f0aa71a634b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:46:09 GMT
Content-Encoding: gzip
Vary: Accept-Language
Server: mafe
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript; charset=UTF-8
Cache-Control: public, max-age=1800
Cross-Origin-Resource-Policy: cross-origin
Server-Timing: gfet4t7; dur=14
Content-Length: 52409
X-XSS-Protection: 0
Expires: Sat, 15 Jan 2022 17:16:09 GMT

GET
H/1.1 200
OK min.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/ 455 KB
455 KB 645ms
108ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/min.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 3fde16febe487398469364de1dad7fa7640a9fb9dfe2c109c616d6df38d91ba6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Wed, 03 Jul 2019 17:07:33 GMT
Age: 102
ETag: "116644464"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 465974
X-Cache-Hits: 7

GET
H/1.1 200
OK prerolls.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/ 8 KB
8 KB 653ms
112ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/prerolls.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 6dd9c52de77964061f706c1650a89766e99348f63be12b7b6467970bb34ccfbe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:06 GMT
Age: 102
ETag: "653136474"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7870
X-Cache-Hits: 6

GET
H/1.1 200
OK swfobject2.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/ 9 KB
9 KB 660ms
111ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/swfobject2.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: aad4f11790ae41d11a7c7bb613b9f82206f37eb4894966fe15e5f880c5d9b72a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:06 GMT
Age: 102
ETag: "853807514"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8868
X-Cache-Hits: 6

GET
H/1.1 200
OK jquery.template.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/ 6 KB
6 KB 724ms
103ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/jquery.template.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 4d64cca2d081e3574a789840fb2d888796a38e8a6cb8c09df541c03a7c2fe627

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:06 GMT
Age: 102
ETag: "1164776152"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5917
X-Cache-Hits: 6

GET
H/1.1 200
OK quicksilver.score.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/ 3 KB
4 KB 770ms
118ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/quicksilver.score.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: b2c4af40afb1e40563e65b50bf08c21a4b1543fab3050440be96974445edf7dc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:06 GMT
Age: 102
ETag: "90706754"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3457
X-Cache-Hits: 6

GET
H/1.1 200
OK jquery.livefilter.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/ 963 B
1 KB 770ms
117ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/jquery.livefilter.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 0bb5eb51c0ee0972c3b2b6ebf6bcb3b0c1cbb7c4c93b0acd442110005c1c3289

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:06 GMT
Age: 102
ETag: "2610385626"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 963
X-Cache-Hits: 7

GET
H/1.1 200
OK jquery.carousel.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/ 5 KB
5 KB 773ms
113ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/jquery.carousel.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 0d35142f32786296129b89d4acaee1ff5201114af38d139b384412fa38777d7a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:38 GMT
Age: 102
ETag: "3492287122"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5224
X-Cache-Hits: 6

GET
H/1.1 200
OK map_maker.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/maps/ 5 KB
5 KB 826ms
101ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/maps/map_maker.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 7ac61bbd491ea91981ae5f8c99a162d2cf7f6836e80e2283448ae4c29fdf2420

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:38 GMT
Age: 102
ETag: "3242463942"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4836
X-Cache-Hits: 6

GET
H/1.1 200
OK onload.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/javascript/ 2 KB
2 KB 887ms
118ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/javascript/onload.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: ca29fa98b9edf564b5abb0a0f06c7fc1658a5db5ac05759183e34f44a58db9eb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Tue, 28 Oct 2014 21:34:31 GMT
Age: 102
ETag: "3799685163"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1858
X-Cache-Hits: 6

GET
H/1.1 200
OK yahoo-dom-event.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/ 31 KB
31 KB 886ms
115ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/yahoo-dom-event.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 7e2ed03bbc185372cb541663170321544300747ae296389772dc8f722551eb3c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:38 GMT
Age: 102
ETag: "1851860393"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 31636
X-Cache-Hits: 6

GET
H/1.1 200
OK flash.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/ 3 KB
4 KB 887ms
117ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/flash.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 25049c305b208bde887cde10dc3fe87d0e39d98d7f126acaa42338f2fb51cb6a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:37 GMT
Age: 102
ETag: "2687046417"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3454
X-Cache-Hits: 6

GET
H/1.1 200
OK audioplayer.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/ 2 KB
2 KB 892ms
110ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/audioplayer.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 482c5ca644f49f87f08ea6ad0e046a21d98ca5009192127e25c3c7342bd81ba1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:38 GMT
Age: 102
ETag: "3509523352"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1726
X-Cache-Hits: 6

GET
H/1.1 200
OK video-js.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/video-js/ 21 KB
22 KB 619ms
107ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/video-js/video-js.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 0fc0fbb7321bca17d95d35cbb2bcbc81ac7e78c61a50b2af2ed130a1fe6f1691

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Mon, 25 Nov 2013 04:26:10 GMT
Age: 102
ETag: "418525954"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 21853
X-Cache-Hits: 7

GET
H/1.1 200
OK video.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/video-js/ 51 KB
51 KB 929ms
103ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/video-js/video.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: e0c5c27ad304e1d5b111c4c67d9c3aa45d64b35e6d322c2bc4c7462813b1d204

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Mon, 25 Nov 2013 04:26:26 GMT
Age: 102
ETag: "223480570"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 51740
X-Cache-Hits: 6

GET
H/1.1 200
OK video_player_v2.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/ 4 KB
5 KB 1010ms
123ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/video_player_v2.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: fb9234052ac419d5c2aab3ec5f16365d70ff41096426b821c2b693593a1a559a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Mon, 25 Nov 2013 17:38:35 GMT
Age: 102
ETag: "68033224"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4551
X-Cache-Hits: 7

GET
H/1.1 200
OK cookies.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/javascript/lib/ 1 KB
1 KB 1011ms
123ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/javascript/lib/cookies.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 17b91841811d67da94317ebd549a5a35e66e380be5a2ca51a34a8139f9a1415a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Tue, 28 Oct 2014 21:34:30 GMT
Age: 102
ETag: "853252152"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1188
X-Cache-Hits: 6

GET
H/1.1 200
OK mobile_detect.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/javascript/lib/ 2 KB
3 KB 1013ms
120ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/javascript/lib/mobile_detect.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 8ca119bc1f1fc4736ccedf20d3aafcc50aead2109a92e32c89bf74af72a1e057

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Tue, 28 Oct 2014 21:34:30 GMT
Age: 102
ETag: "3082590460"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2301
X-Cache-Hits: 6

GET
H/1.1 200
OK sp.js Show response
cdn.includemodal.com/ 126 KB
34 KB 80ms
15ms Script
application/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.includemodal.com/sp.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b00dec76f7bd930c41b4b779f73fc4bce681079b8ef9d5f9abe488c6193bd096

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: RMaN7MsO2HgV2dgJXHhghVFCLxMC8ZFJ
Via: 1.1 80c1ad5f9352d00b95a9da73eb6b6be4.cloudfront.net (CloudFront), 1.1 varnish
ETag: W/"9d801abb9b8ac1f3c9af59352538559d"
Age: 1327
X-Cache: Hit from cloudfront, HIT
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 34567
X-Served-By: cache-hhn4067-HHN
Last-Modified: Fri, 14 Jan 2022 16:22:38 GMT
Server: AmazonS3
X-Timer: S1642265169.148651,VS0,VE0
Date: Sat, 15 Jan 2022 16:46:09 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=3600, public
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
X-Amz-Cf-Id: yh_eMALiR4kNDOfyqURFYCon9yBeKlw6Mbr2ToTzYj0FZ-TXdFetmg==
X-Cache-Hits: 19

GET
H2 200 up.js Show response
cdn01.basis.net/assets/ 2 KB
1 KB 48ms
15ms Script
application/javascript 178.79.242.181
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn01.basis.net/assets/up.js?um=1
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.181 , United States, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-181.fra.llnw.net
Software: AC1.1 /
Resource Hash: 5bdf1120c4df8c868092d0bcb7f2540a85456fd94cd1e1a5570c9b63906b1a5b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:09 GMT
content-encoding: gzip
last-modified: Mon, 24 Aug 2020 15:06:26 GMT
server: AC1.1
age: 437500
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 1041
x-llid: eb87a2af07e7cece1f4b6034d16766b4

GET
H/1.1 200
OK ellington-ga.js Show response
worldonline.media.clients.ellingtoncms.com/static/ 3 KB
4 KB 1036ms
105ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington-ga.js?v=11
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 95af646b01ee702570f9abad3701e98b1713487822310baba992363f92513e26

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Fri, 28 Jul 2017 15:48:34 GMT
Age: 102
ETag: "2862375767"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3355
X-Cache-Hits: 6

GET
H2

200

/
insight.adsrvr.org/track/evnt/
Redirect Chain

http://insight.adsrvr.org/track/evnt/?adv=71kqd28j&ct=0:1yygqtov&fmt=3
https://insight.adsrvr.org/track/evnt/?adv=71kqd28j&ct=0:1yygqtov&fmt=3

70 B
261 B

125ms
40ms

Image
image/gif

15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/track/evnt/?adv=71kqd28j&ct=0:1yygqtov&fmt=3
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H2
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:10 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

Location: https://insight.adsrvr.org:443/track/evnt/?adv=71kqd28j&ct=0:1yygqtov&fmt=3
Date: Sat, 15 Jan 2022 16:46:10 GMT
Server: awselb/2.0
Connection: keep-alive
Content-Length: 134
Content-Type: text/html

GET
H/1.1 200
OK logotab.png
worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/light/ 2 KB
2 KB 211ms
114ms Image
image/png 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/light/logotab.png
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: fa1bbe501b149144f7d0195697ed240c0bbfab218313922bd1733fa02d4f3bcd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:45:01 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:35 GMT
Age: 69
ETag: "4146598750"
X-Cache: HIT
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2122
X-Cache-Hits: 4

GET
H/1.1 200
OK meritrust-logo.png
ogden_images.s3.amazonaws.com/www.ljworld.com/images/2021/12/30092118/ 35 KB
36 KB 257ms
118ms Image
image/png 52.217.75.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ogden_images.s3.amazonaws.com/www.ljworld.com/images/2021/12/30092118/meritrust-logo.png
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 52.217.75.100 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: ca03203fdd79bb26a6787fcaa3d8bb2d74514e04cea540daf0441d35308e0827

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:46:11 GMT
Last-Modified: Thu, 30 Dec 2021 15:21:19 GMT
Server: AmazonS3
x-amz-request-id: NJ1BTC9XMKWCR1FS
ETag: "38d416f31a969011c25be08c19cad3f9"
Content-Type: image/png
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 36055
x-amz-id-2: tVT6CM/lMVvn4IrfQL3d+xBmKPNacWPShmhqI9whfQvqrtK9pOjhn8avifzQWUzO10e1qMNRl94=
Expires: Fri, 30 Dec 2022 15:21:18 GMT

GET
H/1.1

404
NOT FOUND

/
www2.kusports.com/search/vertical/photogalleries.gallery/_t200/
Redirect Chain

http://www2.kusports.com/search/vertical/photogalleries.gallery/_t200?63053ce3c12ccdabb07c8a8609241a2395705911
http://www2.kusports.com/search/vertical/photogalleries.gallery/_t200/?63053ce3c12ccdabb07c8a8609241a2395705911=

36 KB
36 KB

250ms
250ms

Image
text/html

208.91.60.6
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www2.kusports.com/search/vertical/photogalleries.gallery/_t200/?63053ce3c12ccdabb07c8a8609241a2395705911=

Requested by

Protocol

HTTP/1.1

Server

208.91.60.6 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),

Reverse DNS

ellingtoncms.com

Software

nginx /

Resource Hash

dffb2854fbfb6bfb95e6949a623fe55063e7cc929b3755ed7b27adf7f31b52eb

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:46:10 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, Cookie
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
X-Varnish: 1055875119
Via: 1.1 varnish
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/html; charset=utf-8
Content-Length: 8742

Redirect headers

Date: Sat, 15 Jan 2022 16:46:10 GMT
Via: 1.1 varnish
Server: nginx
Age: 457
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
X-Varnish: 1055875111 1055841564
Location: http://www2.kusports.com/search/vertical/photogalleries.gallery/_t200/?63053ce3c12ccdabb07c8a8609241a2395705911=
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-Beatles: ellington-app-15
X-Cache-Hits: 3

GET
H/1.1 200
OK ku_bkc_isu_06_t200.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 15 KB
16 KB 192ms
113ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_06_t200.jpg?63053ce3c12ccdabb07c8a8609241a2395705911
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 728a9a5773bddf02be49c8ac1c8e4f64086c4814abe7b5e95a4d14fdaa9d7486

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 12:19:25 GMT
Last-Modified: Wed, 12 Jan 2022 03:23:26 GMT
Age: 275205
ETag: "1793138685"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 12:19:25 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15719
X-Cache-Hits: 10

GET
H/1.1 200
OK ku_bkc_isu_06_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 2 KB
2 KB 102ms
102ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_06_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: f2023b1b62da87163faad2f2ed5d116be69bae647670048d738f3526167c2632

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:59:39 GMT
Last-Modified: Wed, 12 Jan 2022 03:59:38 GMT
Age: 305190
ETag: "1445639886"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:59:39 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2182
X-Cache-Hits: 7293

GET
H/1.1 200
OK ku_bkc_isu_05_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 2 KB
3 KB 111ms
111ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_05_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 945d81de37368bdb21409830e9bd81a52fe4eea9e698d444ad510eddc77ca1a9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:58:38 GMT
Last-Modified: Wed, 12 Jan 2022 03:58:14 GMT
Age: 305252
ETag: "3577918218"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:58:38 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2504
X-Cache-Hits: 7302

GET
H/1.1 200
OK ku_bkc_isu_02_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 2 KB
3 KB 101ms
101ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_02_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: d4f8bc08ed1a374a36388cfe41f2609c5f1025de20422d698368be48f1896ce1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:58:38 GMT
Last-Modified: Wed, 12 Jan 2022 03:58:12 GMT
Age: 305252
ETag: "3831804672"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:58:38 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2336
X-Cache-Hits: 7278

GET
H/1.1 200
OK ku_bkc_isu_03_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 2 KB
3 KB 109ms
109ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_03_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 2f86987acb8ba6f3703a815c5dbb09d282cf25c1714ae91d1c2afd9d9af7c08a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:58:38 GMT
Last-Modified: Wed, 12 Jan 2022 03:58:13 GMT
Age: 305252
ETag: "1153676047"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:58:38 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2497
X-Cache-Hits: 7269

GET
H/1.1 200
OK ku_bkc_isu_01_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 2 KB
3 KB 108ms
107ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_01_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 0e9793afd5d57a188f900a3561b714829cb7fddbe1fc7dd454dc94f6515121ee

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:58:38 GMT
Last-Modified: Wed, 12 Jan 2022 03:58:13 GMT
Age: 305252
ETag: "2741744387"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:58:38 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2278
X-Cache-Hits: 3629

GET
H/1.1 200
OK MitchTech_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/ 2 KB
3 KB 109ms
108ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/MitchTech_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 2e7b133667cf862ce360aec2578c08adcf317bdeffb5b5ae26f22c7928bed85f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 09 Jan 2022 02:20:37 GMT
Last-Modified: Sun, 09 Jan 2022 02:20:19 GMT
Age: 570333
ETag: "656618056"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 08 Feb 2022 02:20:37 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2375
X-Cache-Hits: 10189

GET
H/1.1 200
OK CBhookTech_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/ 2 KB
2 KB 107ms
107ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/CBhookTech_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 03f40b2a01bbba09852e901342f46c741a9a3f8fb9450bfa29a5e13f568af04e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 09 Jan 2022 02:20:37 GMT
Last-Modified: Sun, 09 Jan 2022 02:20:19 GMT
Age: 570333
ETag: "1419915854"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 08 Feb 2022 02:20:37 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2002
X-Cache-Hits: 10152

GET
H/1.1 200
OK DajuanTech_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/ 2 KB
3 KB 110ms
110ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/DajuanTech_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: c94e49334083ad99ce4fe5cc543eaf92320f702c473b1a134d8e0d2751683786

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 09 Jan 2022 02:20:37 GMT
Last-Modified: Sun, 09 Jan 2022 02:20:18 GMT
Age: 570333
ETag: "1445343817"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 08 Feb 2022 02:20:37 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2307
X-Cache-Hits: 10143

GET
H/1.1 200
OK TechatRim_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/ 2 KB
3 KB 101ms
101ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/TechatRim_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: f7059be255f87b9ee45ab619650998acb10637aa0d41a3e34f12cb563a31e824

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 09 Jan 2022 02:20:37 GMT
Last-Modified: Sun, 09 Jan 2022 02:20:18 GMT
Age: 570333
ETag: "295776841"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 08 Feb 2022 02:20:37 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2348
X-Cache-Hits: 10092

GET
H/1.1 200
OK SelfatTech_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/ 2 KB
3 KB 107ms
107ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/SelfatTech_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 4ca98a9f6e5b6b5acb8c8c474b3366e13372946d998d4c12470ce606b05df393

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 09 Jan 2022 02:20:44 GMT
Last-Modified: Sun, 09 Jan 2022 02:20:18 GMT
Age: 570325
ETag: "1956655691"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 08 Feb 2022 02:20:44 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2222
X-Cache-Hits: 6173

GET
H/1.1 200
OK Juan_steal_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/ 2 KB
3 KB 109ms
108ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/Juan_steal_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 2649d411849441560a08d65ecc699902799d2219cb10ddf8c365b9803ae66acc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 05 Jan 2022 07:16:38 GMT
Last-Modified: Wed, 05 Jan 2022 07:16:29 GMT
Age: 898172
ETag: "2052207382"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 04 Feb 2022 07:16:38 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2418
X-Cache-Hits: 14193

GET
H/1.1 200
OK AP22005104812577_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/ 2 KB
2 KB 108ms
108ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/AP22005104812577_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 46f91934dfcf2858e78684bf1255b45320ef80059f80d4f376bc829446f5505c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 05 Jan 2022 07:16:38 GMT
Last-Modified: Wed, 05 Jan 2022 07:16:30 GMT
Age: 898172
ETag: "1842557749"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 04 Feb 2022 07:16:38 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2107
X-Cache-Hits: 14160

GET
H/1.1 200
OK Mitch_block_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/ 2 KB
2 KB 109ms
109ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/Mitch_block_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: b3094bd6c20ebdde1e03ad0f9e5f271b6d56d5a9c32b0bf7d731f5bb72dfeb25

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 05 Jan 2022 07:16:38 GMT
Last-Modified: Wed, 05 Jan 2022 07:16:30 GMT
Age: 898172
ETag: "526201653"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 04 Feb 2022 07:16:38 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2172
X-Cache-Hits: 14170

GET
H/1.1 200
OK Dave_layup_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/ 2 KB
2 KB 111ms
111ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/Dave_layup_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: da1360e9617591ce97b284615498f1a406c4b00fcdddfd59724e5356769c667c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 05 Jan 2022 07:16:38 GMT
Last-Modified: Wed, 05 Jan 2022 07:16:30 GMT
Age: 898172
ETag: "266089271"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 04 Feb 2022 07:16:38 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2063
X-Cache-Hits: 14141

GET
H/1.1 200
OK Mitch_dive_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/ 2 KB
3 KB 101ms
101ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/Mitch_dive_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 97192cf227b40aa5c09387cc46230ef31fa177e946cc91fa98a55e89c1c436ff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 05 Jan 2022 07:18:38 GMT
Last-Modified: Wed, 05 Jan 2022 07:17:34 GMT
Age: 898051
ETag: "2138281653"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 04 Feb 2022 07:18:38 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2312
X-Cache-Hits: 9105

GET
H/1.1 200
OK ku_bkc_mason_01_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ 2 KB
3 KB 109ms
108ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ku_bkc_mason_01_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: b78362d3e11d02a90489865565e984d658e9cbc2d442ee7884fd956fb71b0159

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 02 Jan 2022 00:39:15 GMT
Last-Modified: Sun, 02 Jan 2022 00:37:46 GMT
Age: 1181215
ETag: "2529146521"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 01 Feb 2022 00:39:15 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2456
X-Cache-Hits: 16332

GET
H/1.1 200
OK ku_bkc_mason_12_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ 2 KB
3 KB 107ms
107ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ku_bkc_mason_12_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 623d4350b84c3db35766c93aa589955ad02710b1cbb5bb8fe0fbfdda1bdba321

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 02 Jan 2022 00:37:18 GMT
Last-Modified: Sun, 02 Jan 2022 00:36:55 GMT
Age: 1181332
ETag: "2754786932"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 01 Feb 2022 00:37:18 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2363
X-Cache-Hits: 16294

GET
H/1.1 200
OK ku_bkc_mason_22_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ 2 KB
2 KB 109ms
109ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ku_bkc_mason_22_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: e93f3187fcfb44d155e7119c58627506ff3765fa4afe66dc87f338b6b8a13a54

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 02 Jan 2022 00:55:15 GMT
Last-Modified: Sun, 02 Jan 2022 00:54:52 GMT
Age: 1180255
ETag: "4012980133"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 01 Feb 2022 00:55:15 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1834
X-Cache-Hits: 16259

GET
H/1.1 200
OK ku_bkc_mason_02_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ 2 KB
3 KB 108ms
108ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ku_bkc_mason_02_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 51fafa8da3b03ac77d9ac2fdeafe93a313829891e3a922a596801146ba41444a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 02 Jan 2022 00:39:15 GMT
Last-Modified: Sun, 02 Jan 2022 00:37:46 GMT
Age: 1181214
ETag: "2174203545"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 01 Feb 2022 00:39:15 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2448
X-Cache-Hits: 16290

GET
H/1.1 200
OK ku_bkc_mason_03_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ 2 KB
3 KB 110ms
110ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ku_bkc_mason_03_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 777fd3cae235313f40770e1af8a7fa1c1a326e040d79014f2bd732a1f5153a51

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 02 Jan 2022 00:39:15 GMT
Last-Modified: Sun, 02 Jan 2022 00:37:46 GMT
Age: 1181215
ETag: "2702620311"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 01 Feb 2022 00:39:15 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2369
X-Cache-Hits: 11563

GET
H/1.1 200
OK Q1-12_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/13/ 5 KB
6 KB 101ms
101ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/13/Q1-12_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 0de9144bce06e89231efdcb0acd8d48483ca86649c44e991895fbf4dff221cf9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 14 Jan 2022 03:05:03 GMT
Last-Modified: Fri, 14 Jan 2022 03:03:33 GMT
Age: 135667
ETag: "3335947030"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Sun, 13 Feb 2022 03:05:03 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5352
X-Cache-Hits: 362

GET
H/1.1 200
OK Q1-3_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/12/ 5 KB
5 KB 108ms
107ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/12/Q1-3_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: c8bbd5afa4c30e05186b03ce140ee8bb262f7bf321d74d04042d11fa05eadfae

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 13 Jan 2022 02:46:58 GMT
Last-Modified: Thu, 13 Jan 2022 02:45:51 GMT
Age: 223152
ETag: "1873852374"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Sat, 12 Feb 2022 02:46:58 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4944
X-Cache-Hits: 685

GET
H/1.1 200
OK Screen_Shot_2022-01-12_at_2.59.36_PM_r90x60.png
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/12/ 11 KB
11 KB 108ms
108ms Image
image/png 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/12/Screen_Shot_2022-01-12_at_2.59.36_PM_r90x60.png?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: ba17a6a569b64b5d243273cde129feedf2b7fc5180be7bca1eb297572aafb809

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 23:13:23 GMT
Last-Modified: Wed, 12 Jan 2022 23:11:40 GMT
Age: 235967
ETag: "2381718166"
X-Cache: HIT
Content-Type: image/png
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 23:13:23 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11303
X-Cache-Hits: 722

GET
H/1.1 200
OK ku_bkc_isu_27_hEALDKE_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/12/ 5 KB
5 KB 110ms
109ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/12/ku_bkc_isu_27_hEALDKE_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 858a0e23502aa2fcb9ae9e6a1f746e3b9f9e0967f383215898bae4ca797fc67c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 17:26:03 GMT
Last-Modified: Wed, 12 Jan 2022 17:25:16 GMT
Age: 256806
ETag: "152379321"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 17:26:03 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4698
X-Cache-Hits: 3169

GET
H/1.1 200
OK ku_bkc_isu_06_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 4 KB
5 KB 108ms
108ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_06_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: f0eb8a4eac4068c80d1249dfde9bcc0adbb127f197edd147ed6e2304e8d01f5c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 02:52:01 GMT
Last-Modified: Wed, 12 Jan 2022 02:51:57 GMT
Age: 309249
ETag: "51230602"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 02:52:01 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4440
X-Cache-Hits: 3968

GET
H/1.1 200
OK ku_bkc_isu_07_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 4 KB
4 KB 111ms
111ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_07_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 770f39534d503d9feff3bf990db12b6775bcb8bf7a06a178d326dce53d0ab5e9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:51:05 GMT
Last-Modified: Wed, 12 Jan 2022 03:51:04 GMT
Age: 305705
ETag: "2950923106"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:51:05 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4179
X-Cache-Hits: 3905

GET
H/1.1 200
OK ku_bkc_isu_11_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 5 KB
5 KB 102ms
101ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_11_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 1097c01b38cb84d60d03c6ceaba1616b06740a5bb2bbd3d82ec559ab07204035

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:51:11 GMT
Last-Modified: Wed, 12 Jan 2022 03:51:11 GMT
Age: 305699
ETag: "2304803659"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:51:11 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4754
X-Cache-Hits: 3925

GET
H/1.1 200
OK ku_bkc_isu_09_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 5 KB
5 KB 108ms
108ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_09_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: d6a97846477d5f74dc49c320addd8360addfd351e22f14206c145c4a44d13bdf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:51:11 GMT
Last-Modified: Wed, 12 Jan 2022 03:51:11 GMT
Age: 305699
ETag: "3093398357"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:51:11 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4866
X-Cache-Hits: 3931

GET
H/1.1 200
OK ku_bkc_isu_08_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 5 KB
5 KB 109ms
108ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_08_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 33a7f1daa51a3d81a190b331e6ce2bdca98966dc7846894d5619c87a3ceb319e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:51:51 GMT
Last-Modified: Wed, 12 Jan 2022 03:51:46 GMT
Age: 305658
ETag: "1265338338"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:51:51 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5090
X-Cache-Hits: 3894

GET
H/1.1 200
OK ku_bkc_isu_14_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 4 KB
5 KB 109ms
108ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_14_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: ccef7c15c0af13ab8c5f8008e24095ac3d6e6376b6d7ac86f60c5b85578855ba

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:51:51 GMT
Last-Modified: Wed, 12 Jan 2022 03:51:46 GMT
Age: 305658
ETag: "1525319590"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:51:51 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4283
X-Cache-Hits: 3910

GET
H/1.1 200
OK ku_bkc_isu_10_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 5 KB
5 KB 109ms
108ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_10_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: df79e61186e6f38bfe193b619c426fd6e7fb7cf732f14a2e358329a739461ef4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:52:33 GMT
Last-Modified: Wed, 12 Jan 2022 03:52:28 GMT
Age: 305617
ETag: "2610988834"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:52:33 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4741
X-Cache-Hits: 3915

GET
H/1.1 200
OK ku_bkc_isu_15_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 5 KB
5 KB 101ms
101ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_15_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 0e25495ffd09f6b677ce228b97bc09623d45aa81fc770413c46259a040b81fbc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:52:33 GMT
Last-Modified: Wed, 12 Jan 2022 03:52:28 GMT
Age: 305617
ETag: "2854717244"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:52:33 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4872
X-Cache-Hits: 3907

GET
H/1.1 200
OK site.js Show response
worldonline.media.clients.ellingtoncms.com/static/kusports.com/javascript/ 8 KB
9 KB 119ms
119ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/javascript/site.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 762f2135d7f709ed01ed2a4829ac28b051d6df007aec607df238d60950b03453

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Tue, 24 Feb 2015 21:33:28 GMT
Age: 102
ETag: "475726466"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8431
X-Cache-Hits: 6

GET
H/1.1 200
OK jquery.ui.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.2.0/javascript/thirdparty/ 188 KB
188 KB 103ms
102ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.2.0/javascript/thirdparty/jquery.ui.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: f515ed490405435b0c8a7ede74fd2c8e7834ee45c81aa76db3736fe50dc1da87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Thu, 13 Mar 2014 08:57:18 GMT
Age: 102
ETag: "3699883348"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 192328
X-Cache-Hits: 6

GET
H/1.1 200
OK jquery.lightbox_me.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/3p/lightbox_me/ 9 KB
10 KB 119ms
117ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/3p/lightbox_me/jquery.lightbox_me.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: be18e4f5d4b03d521cd77cab0bd078809764b28e93abd36def170df9b9a93411

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:06 GMT
Age: 102
ETag: "1718161862"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9630
X-Cache-Hits: 6

GET
H/1.1 200
OK jquery.autofocus-min.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/3p/ 205 B
521 B 119ms
114ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/3p/jquery.autofocus-min.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 51d53492d7322fd92bdeb78693bda92a5810de0906203c9d800f36f3650e7c58

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:06 GMT
Age: 102
ETag: "4170269388"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 205
X-Cache-Hits: 7

GET
H/1.1 200
OK wol.defaults.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/ 8 KB
9 KB 117ms
112ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/wol.defaults.js?v=2
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 26e2c6e5dcba43026ac44b78c9c73bb51d099a786ca808c9a2061c3ed81625e2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:45:49 GMT
Last-Modified: Tue, 21 Feb 2017 23:03:07 GMT
Age: 20
ETag: "4156348889"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8519
X-Cache-Hits: 1

GET
H/1.1 200
OK jquery.media.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/ 15 KB
15 KB 119ms
114ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/jquery.media.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 1979e136df73c0182593b957b1ccb3c6b659c018e3ae61b13f9db6ca3377acbd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:38 GMT
Age: 102
ETag: "555824375"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 14973
X-Cache-Hits: 6

GET
H/1.1 200
OK jquery.defaults.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/ 9 KB
10 KB 220ms
109ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/jquery.defaults.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 904341d95fce95e7520a3a6ecb4d0b337038c2f5d277874a563e0e24fd90e709

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:37 GMT
Age: 102
ETag: "2997555603"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9541
X-Cache-Hits: 6

GET
H/1.1 200
OK extended_sharingtools.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/ 672 B
988 B 110ms
109ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/extended_sharingtools.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: a821eac48e731c18eb2ed4bce2c2804add93870078ce7a75b643357e6a98a9fe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:06 GMT
Age: 102
ETag: "2333373124"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 672
X-Cache-Hits: 6

GET
H/1.1 200
OK repost.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/ 2 KB
2 KB 108ms
108ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/repost.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 9e25ba946939ee4a3d6b5acc652b3a3d3c87f0b982d9a35b9fd19f37b3bee4ab

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:06 GMT
Age: 102
ETag: "3270185738"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2098
X-Cache-Hits: 6

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 97 KB
38 KB 84ms
42ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NQ7KXJ6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

24087bfdc7797794ea3e2ce37a819efae9a6d1f51d42bc07f53d86a0a5d3391f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:10 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38333
x-xss-protection: 0
last-modified: Sat, 15 Jan 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 15 Jan 2022 16:46:10 GMT

GET
H/1.1 200
OK print.css
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/stylesheets/ 481 B
790 B 110ms
110ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/stylesheets/print.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 1b67d92a3588252269bc6cdeca8fbfccb5446d70e0cfcdcdaf78898d815d9c62

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Tue, 28 Oct 2014 21:34:32 GMT
Age: 103
ETag: "2537664774"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 481
X-Cache-Hits: 6

GET
H/1.1 200
OK print.css
worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/ 1 KB
1 KB 107ms
107ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/print.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 2f9c35e984c1b63a7e6b13f07d6afb5d8335a1aba0e382d7e0c66e23b049de68

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:27 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:36 GMT
Age: 103
ETag: "3868070813"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1192
X-Cache-Hits: 6

GET
H/1.1 403
Forbidden gen_204 Show response
maps.googleapis.com/maps/api/mapsjs/ 133 B
621 B 41ms
25ms XHR
application/json 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

Requested by

Host: maps.google.com
URL: http://maps.google.com/maps/api/js?sensor=true

Protocol

HTTP/1.1

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

eb81dbb47530932dd4d6eac5041f8c4462f17c0b87c8ef699b24dbafc5a8c861

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:46:09 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: scaffolding on HTTPServer2
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: http://www2.kusports.com
Access-Control-Expose-Headers: vary,vary,vary,content-encoding,date,server,content-length
Cache-Control: private
Vary: Origin, X-Origin, Referer
Content-Length: 132
X-XSS-Protection: 0

GET
H2 200 toeMSvHmP_4fPO2bOZYY87iEN82c5Cz4OimLjg_YbLj670aB-v2iE843QETaIw-2wkW6Lth0vCX Show response
quizzicalzephyr.com/v2/0/ 88 KB
26 KB 344ms
305ms Script
text/javascript 35.190.90.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://quizzicalzephyr.com/v2/0/toeMSvHmP_4fPO2bOZYY87iEN82c5Cz4OimLjg_YbLj670aB-v2iE843QETaIw-2wkW6Lth0vCX

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.90.202 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

202.90.190.35.bc.googleusercontent.com

Software

Resource Hash

2fefea77ea2bf25e14fb885e13efaa1ccf6ceb49b642782a0705279dae7e0494

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
x-datacenter: gce-europe-west1
etag: "d048ce9981aa6a014c6986e43ada627a91ddce6f621b858b3bb78a0dd00e7716"
vary: Accept-Encoding, Accept-Language
x-hostname: fen-hoothoot-europe-west1-spot-dcfg
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
date: Sat, 15 Jan 2022 16:46:10 GMT
timing-allow-origin: *

GET
H/1.1 200
OK gpt.js Show response
www.googletagservices.com/tag/js/ 78 KB
27 KB 40ms
25ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googletagservices.com/tag/js/gpt.js

Requested by

Protocol

HTTP/1.1

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a42b9cff7676daffa4e6d489f38466f5accb1ada158eeb51a0daed273383fbc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:46:10 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: sffe
ETag: "1102 / 564 of 1000 / last-modified: 1642206167"
Vary: Accept-Encoding
Report-To: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
Content-Type: text/javascript
Cache-Control: private, max-age=900, stale-while-revalidate=3600
Cross-Origin-Resource-Policy: cross-origin
Timing-Allow-Origin: *
Content-Length: 26978
X-XSS-Protection: 0
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="ads-gpt-scs"
Expires: Sat, 15 Jan 2022 16:46:10 GMT

GET
H2

200

fbevents.js Show response
connect.facebook.net/en_US/
Redirect Chain

http://connect.facebook.net/en_US/fbevents.js
https://connect.facebook.net/en_US/fbevents.js

98 KB
26 KB

53ms
17ms

Script
application/x-javascript

2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 25965
x-xss-protection: 0
pragma: public
x-fb-debug: KHmoH4nE24B629bY1j0oUb11H3sWzappOnSHr4fTPt/cshFZNqIuieMj4qdeBIJ+dNDfPG8Y9DhM+YPMBdC0xw==
x-fb-trip-id: 917726464
x-frame-options: DENY
date: Sat, 15 Jan 2022 16:46:10 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

Redirect headers

Location: https://connect.facebook.net/en_US/fbevents.js
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK loader.js Show response
cdn.taboola.com/libtrc/theworldcompany-network/ 341 KB
32 KB 143ms
127ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.taboola.com/libtrc/theworldcompany-network/loader.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9dbd96226c9062b37e0b719221e8f02b684d2acd495e47bacbefb96b7fc0d246

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: ShnZPVBCXVM7wd4SCTUp9Qg9nYW1fSH6
Content-Encoding: gzip
ETag: "5b90671790c560bae0e719fa39ed15c7"
Age: 0
X-Cache: HIT
Connection: keep-alive
Content-Length: 32181
x-amz-id-2: Gr16AhfrwprFqCFezg7Usr1QBcqdo8T6g0E/7G/mOfySlwC/zarDw6R/x+fRh3m7WxriU5BBbTw=
X-Served-By: cache-hhn4027-HHN
Last-Modified: Thu, 13 Jan 2022 10:16:16 GMT
Server: AmazonS3
X-Timer: S1642265170.234401,VS0,VE112
Date: Sat, 15 Jan 2022 16:46:10 GMT
Vary: Accept-Encoding
x-amz-request-id: YZQ9R9YHJCYF0Q9H
Via: 1.1 varnish
Cache-Control: private,max-age=14401
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
abp: 32
X-Cache-Hits: 1

GET
H2 200 6fae6b69d349c48f
pixel.sitescout.com/up/ 43 B
267 B 479ms
415ms Image
image/gif 66.155.71.149
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sitescout.com/up/6fae6b69d349c48f?cntr_url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.149 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:10 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
cache-control: max-age=0,no-cache,no-store
content-type: image/gif
content-length: 43
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H/1.1 200
OK bg.png
worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/light/ 1 KB
2 KB 162ms
110ms Image
image/png 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/light/bg.png
Requested by: Host: worldonline.media.clients.ellingtoncms.com
URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 2b911d51ed949642e3d9b146c0ac22914c134bcb104a0acfe8df42353d168a3e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:45:07 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:34 GMT
Age: 62
ETag: "3601798039"
X-Cache: HIT
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1501
X-Cache-Hits: 3

GET
H/1.1 200
OK gradient_bg.png
worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/light/ 28 KB
28 KB 211ms
115ms Image
image/png 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/light/gradient_bg.png
Requested by: Host: worldonline.media.clients.ellingtoncms.com
URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: c302efe6c47d24adb92d327f1c3a8383d9593acd29699464309e0b295700d4f5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:45:08 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:34 GMT
Age: 61
ETag: "1122053897"
X-Cache: HIT
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 28296
X-Cache-Hits: 3

GET
H/1.1 200
OK button_bg.gif
worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/images/ 274 B
560 B 251ms
110ms Image
image/gif 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/images/button_bg.gif
Requested by: Host: worldonline.media.clients.ellingtoncms.com
URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: e2d3f8696617c48a1f82529015ed2050d19c0a961a7249466dbb16456fe733bc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:44:23 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:39 GMT
Age: 106
ETag: "271665826"
X-Cache: HIT
Content-Type: image/gif
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 274
X-Cache-Hits: 3

GET
H/1.1 200
OK black_20.png
worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/transparent/ 118 B
404 B 191ms
112ms Image
image/png 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/transparent/black_20.png
Requested by: Host: worldonline.media.clients.ellingtoncms.com
URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 15cd950fdf0a22946139981c83584014730ea322856de684bbb7b9a638e99330

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:45:09 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:35 GMT
Age: 60
ETag: "1192579752"
X-Cache: HIT
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 118
X-Cache-Hits: 3

GET
H/1.1 200
OK sidebar_grey_bg.png
worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/misc/ 146 B
431 B 302ms
109ms Image
image/png 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/misc/sidebar_grey_bg.png
Requested by: Host: worldonline.media.clients.ellingtoncms.com
URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: b98008ad770fed8298d565a3ee5da7d233895b23d0a9e13cae7f92c5ac15d7e9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:46:10 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:35 GMT
Age: 0
ETag: "353532584"
X-Cache: MISS
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 146
X-Cache-Hits: 0

GET
H/1.1 200
OK sidebar_header_grey_bg.png
worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/misc/ 170 B
455 B 192ms
113ms Image
image/png 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/misc/sidebar_header_grey_bg.png
Requested by: Host: worldonline.media.clients.ellingtoncms.com
URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: aa5f185e7c327bc34525d29785309cdb9ecb8a470be2af0bfbef85d6317feb61

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:46:10 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:35 GMT
Age: 0
ETag: "638739112"
X-Cache: MISS
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 170
X-Cache-Hits: 0

GET
H2 200 pubads_impl_2022011002.js Show response
securepubads.g.doubleclick.net/gpt/ 352 KB
119 KB 62ms
15ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Requested by

Host: www.googletagservices.com
URL: http://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:33:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 768
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121009
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 21:10:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 15 Jan 2023 16:33:22 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 90 B
719 B 69ms
24ms XHR
application/json 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www2.kusports.com

Requested by

Host: www.googletagservices.com
URL: http://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

fc98d0a05f35dbe183a65f8aa5371168f175e3f8578d7afa3dbd07e84c15f80c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 83
x-xss-protection: 0
expires: Sat, 15 Jan 2022 16:46:10 GMT

GET
H2 200 226738544330346 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 74ms
74ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/226738544330346?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: http://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a04b971d335d737b89946f19095fd6e18c88561d3846404081729739ca81a80d

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: RbSTcxzlHUHugxlA6gjUwkLZYPkWiyrayCF5Y0zlhu80lr9bxy+A7YM/mvFe7SRStpxSSyzaXM1GRiTEjpwRHQ==
x-fb-trip-id: 917726464
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Sat, 15 Jan 2022 16:46:10 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 498ms
131ms Script
text/javascript 2a00:1450:4019:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NQ7KXJ6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4019:806::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 5063
date: Sat, 15 Jan 2022 15:21:47 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Sat, 15 Jan 2022 17:21:47 GMT

GET
H2 200 impl.20220113-4-RELEASE.js Show response
cdn.taboola.com/libtrc/ 615 KB
127 KB 46ms
14ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20220113-4-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/theworldcompany-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 30f8d650e5003e7ac2ddaaae9a57212d7972c7c0dd451ea43f094d5d1fb60cd5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: 5cyFjz3zrjTYiXjRSJbEXQtSS38iPaVs
content-encoding: br
etag: "426b44df52f6905715d74c79de3bcaa7"
age: 24872
x-cache: HIT
content-length: 129696
x-amz-id-2: ruJLUNIQIapE2QhU3w6O1qqRtlLS+PC0be9hBaKNX9ISCyGU4iBLJY5sbABgj60FgEx49uY3rfY=
x-served-by: cache-hhn4061-HHN
last-modified: Thu, 13 Jan 2022 09:51:28 GMT
server: AmazonS3-br
x-timer: S1642265170.419844,VS0,VE0
date: Sat, 15 Jan 2022 16:46:10 GMT
vary: Accept-Encoding
x-amz-request-id: Y4E8EEZR1PQADQV4
via: 1.1 varnish
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: application/javascript
abp: 7
x-cache-hits: 14724

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 49ms
16ms Script
application/javascript 13.35.253.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/theworldcompany-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-42.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 04:58:53 GMT
content-encoding: gzip
etag: W/"1827f116c73f319409b97f10b8a58ade"
last-modified: Fri, 26 Feb 2021 14:35:05 GMT
server: AmazonS3
age: 47852
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: vML3Pf8MjUe2acasBbJwFgZcz62OgeOV52xB2HOP3xwbMIcj3GaCMA==

GET
H2 404 pubads_impl.js
pagead2.googlesyndication.com/pagead/managed/js/m202102160101/ 0
0 66ms
25ms Script
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/managed/js/m202102160101/pubads_impl.js?0.04872131318801509
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H2 200 integrator.js Show response
adservice.google.se/adsid/ 107 B
792 B 112ms
26ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.se/adsid/integrator.js?domain=www2.kusports.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 66ms
25ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www2.kusports.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
8 KB 354ms
330ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1190106265408134&correlator=951411761750273&output=ldjh&impl=fif&eid=21068766%2C31063875%2C31063247%2C31062931&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=1024221%2CKU_lb&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&prev_scp=Pos%3D1&cust_params=url%3D%252Fsearch%252Fvertical%252Fphotogalleries.gallery%252F&cookie_enabled=1&bc=23&abxe=1&lmt=1642265170&dt=1642265170430&dlt=1642265169050&idt=1342&frm=20&biw=1600&bih=1200&oid=2&adxs=436&adys=90&adks=3960793290&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=728x0&msz=728x0&ga_vid=1261223503.1642265170&ga_sid=1642265170&ga_hid=1263243606&ga_fc=false&fws=0&ohw=0&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

b6553bb108c89c5fffd1410c622fec9a3aa02e187e6349765a7f143c21858f3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:10 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8575
x-xss-protection: 0
google-lineitem-id: 811848131
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138375755306
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
8 KB 211ms
188ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1190106265408134&correlator=951411761750273&output=ldjh&impl=fif&eid=21068766%2C31063875%2C31063247%2C31062931&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=1024221%2CKUS_halfPage&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600&cust_params=url%3D%252Fsearch%252Fvertical%252Fphotogalleries.gallery%252F&cookie_enabled=1&bc=23&abxe=1&lmt=1642265170&dt=1642265170434&dlt=1642265169050&idt=1342&frm=20&biw=1600&bih=1200&oid=2&adxs=990&adys=205&adks=1250131073&ucis=2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=310x25&msz=300x0&ga_vid=1261223503.1642265170&ga_sid=1642265170&ga_hid=1263243606&ga_fc=false&fws=0&ohw=0&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

c429e10764c5fa47d89405a1489ca55a259ef1b4d6133001a3b26633da1192c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:10 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8570
x-xss-protection: 0
google-lineitem-id: 811848011
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138375755435
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
8 KB 567ms
545ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1190106265408134&correlator=951411761750273&output=ldjh&impl=fif&eid=21068766%2C31063875%2C31063247%2C31062931&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=1024221%2CKU_mr&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=Pos%3D1&cust_params=url%3D%252Fsearch%252Fvertical%252Fphotogalleries.gallery%252F&cookie_enabled=1&bc=23&abxe=1&lmt=1642265170&dt=1642265170436&dlt=1642265169050&idt=1342&frm=20&biw=1600&bih=1200&oid=2&adxs=990&adys=245&adks=2978949804&ucis=3&ifi=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=310x260&msz=300x-1&ga_vid=1261223503.1642265170&ga_sid=1642265170&ga_hid=1263243606&ga_fc=false&fws=0&ohw=0&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

783b7e72bd260649bca562a57b1ec95b6903954bb50fb7fd52cc90c999465cc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8559
x-xss-protection: 0
google-lineitem-id: 811847531
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138376208209
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
8 KB 277ms
255ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1190106265408134&correlator=951411761750273&output=ldjh&impl=fif&eid=21068766%2C31063875%2C31063247%2C31062931&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=1024221%2CKU_mr&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=Pos%3D2&cust_params=url%3D%252Fsearch%252Fvertical%252Fphotogalleries.gallery%252F&cookie_enabled=1&bc=23&abxe=1&lmt=1642265170&dt=1642265170437&dlt=1642265169050&idt=1342&frm=20&biw=1600&bih=1200&oid=2&adxs=990&adys=520&adks=1494288404&ucis=4&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=310x260&msz=300x-1&ga_vid=1261223503.1642265170&ga_sid=1642265170&ga_hid=1263243606&ga_fc=false&fws=0&ohw=0&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

039c07f120a4f270f59c2562a5a28f533afc5a729300fffa9b6b01aa411ffeb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:10 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8563
x-xss-protection: 0
google-lineitem-id: 811847651
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138375756477
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 19 KB
9 KB 425ms
402ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1190106265408134&correlator=951411761750273&output=ldjh&impl=fif&eid=21068766%2C31063875%2C31063247%2C31062931&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=1024221%2CKU_mr&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=Pos%3D4&cust_params=url%3D%252Fsearch%252Fvertical%252Fphotogalleries.gallery%252F&cookie_enabled=1&bc=23&abxe=1&lmt=1642265170&dt=1642265170439&dlt=1642265169050&idt=1342&frm=20&biw=1600&bih=1200&oid=2&adxs=990&adys=795&adks=3930813595&ucis=5&ifi=5&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=310x10&msz=300x0&ga_vid=1261223503.1642265170&ga_sid=1642265170&ga_hid=1263243606&ga_fc=false&fws=0&ohw=0&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

bcb6ea477e048bec32a73dc86e93a3ec3c7c63b8bc243f0e6193c57ae7709cd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:10 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8783
x-xss-protection: 0
google-lineitem-id: 800070611
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138242546191
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
8 KB 499ms
477ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1190106265408134&correlator=951411761750273&output=ldjh&impl=fif&eid=21068766%2C31063875%2C31063247%2C31062931&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=1024221%2CKU_mr&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=Pos%3D3&cust_params=url%3D%252Fsearch%252Fvertical%252Fphotogalleries.gallery%252F&cookie_enabled=1&bc=23&abxe=1&lmt=1642265170&dt=1642265170440&dlt=1642265169050&idt=1342&frm=20&biw=1600&bih=1200&oid=2&adxs=990&adys=2146&adks=2239055522&ucis=6&ifi=6&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=310x260&msz=300x-1&ga_vid=1261223503.1642265170&ga_sid=1642265170&ga_hid=1263243606&ga_fc=false&fws=0&ohw=0&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

14dcc325319e97801c2c33df37d8d986a87872ccfc3fb7078fb54f6f892bfa4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:10 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8562
x-xss-protection: 0
google-lineitem-id: 811847771
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138375756279
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 420 B
253 B 426ms
404ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1190106265408134&correlator=951411761750273&output=ldjh&impl=fif&eid=21068766%2C31063875%2C31063247%2C31062931&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=1024221%2CKUS_richmedia&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&cust_params=url%3D%252Fsearch%252Fvertical%252Fphotogalleries.gallery%252F&cookie_enabled=1&bc=23&abxe=1&lmt=1642265170&dt=1642265170442&dlt=1642265169050&idt=1342&frm=20&biw=1600&bih=1200&oid=2&adxs=985&adys=2416&adks=691364917&ucis=7&ifi=7&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=310x2216&msz=310x0&ga_vid=1261223503.1642265170&ga_sid=1642265170&ga_hid=1263243606&ga_fc=false&fws=0&ohw=0&btvi=2&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

0a7a697a5eac3b0189c70e85b1ef79b44e41116a6d06e5af278857c4a2c0f2c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:10 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 223
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 414 B
249 B 275ms
254ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1190106265408134&correlator=951411761750273&output=ldjh&impl=fif&eid=21068766%2C31063875%2C31063247%2C31062931&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=1024221%2CKUS_OOP&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ists=1&cust_params=url%3D%252Fsearch%252Fvertical%252Fphotogalleries.gallery%252F&cookie_enabled=1&bc=23&abxe=1&lmt=1642265170&dt=1642265170443&dlt=1642265169050&idt=1342&frm=20&biw=1600&bih=1200&oid=2&adxs=985&adys=2416&adks=2426795537&ucis=8&ifi=8&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=310x2216&msz=310x0&ga_vid=1261223503.1642265170&ga_sid=1642265170&ga_hid=1263243606&ga_fc=false&fws=0&ohw=0&btvi=3&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

039f3ff26bc8395c7277d462f58846a4e26c13af917f5b0fd2b821292b017d84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:10 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 219
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
8 KB 142ms
120ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1190106265408134&correlator=951411761750273&output=ldjh&impl=fif&eid=21068766%2C31063875%2C31063247%2C31062931&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=1024221%2CKU_lb&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&prev_scp=Pos%3D2&cust_params=url%3D%252Fsearch%252Fvertical%252Fphotogalleries.gallery%252F&cookie_enabled=1&bc=23&abxe=1&lmt=1642265170&dt=1642265170445&dlt=1642265169050&idt=1342&frm=20&biw=1600&bih=1200&oid=2&adxs=436&adys=2787&adks=3586950149&ucis=9&ifi=9&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=990x520&msz=728x-1&ga_vid=1261223503.1642265170&ga_sid=1642265170&ga_hid=1263243606&ga_fc=false&fws=0&ohw=0&btvi=4&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

dbf036bfbf369c6c1b1b60d53de497ca19d35264c677f023ce78437a7c8f62ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:10 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8562
x-xss-protection: 0
google-lineitem-id: 811848251
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138375755667
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2BBD 6 KB
4 KB 678ms
253ms Document
text/html 2a00:1450:4019:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4019:80c::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 15 Jan 2022 16:46:11 GMT
expires: Sun, 15 Jan 2023 16:46:11 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 /
www.facebook.com/tr/ 44 B
295 B 48ms
15ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=226738544330346&ev=PageView&dl=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&rl=&if=false&ts=1642265170458&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1642265170457.1038434706&it=1642265170250&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:10 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Sat, 15 Jan 2022 16:46:10 GMT

GET
H2

204

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&ns__t=1642265170480&ns_c=UTF-8&cv=3.5&c8=%22%E2%9D%84%E2%A1%BF%E2%A1%B9%20Buy%20Hydroxychloroquine%20Over%20the%20Counter%3A%20%F0%9F%A4%A9%...
https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1642265170480&ns_c=UTF-8&cv=3.5&c8=%22%E2%9D%84%E2%A1%BF%E2%A1%B9%20Buy%20Hydroxychloroquine%20Over%20the%20Counter%3A%20%F0%9F%A4%A9...

0
223 B

17ms
17ms

Image
text/plain

13.35.253.42
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1642265170480&ns_c=UTF-8&cv=3.5&c8=%22%E2%9D%84%E2%A1%BF%E2%A1%B9%20Buy%20Hydroxychloroquine%20Over%20the%20Counter%3A%20%F0%9F%A4%A9%20www.HealsPills.store%20%F0%9F%A4%A9%20Uses%2C%20Dosage%20%E2%A1%B9%E2%A1%BF%E2%9D%84Buy%20Hydroxychloroquine%20Sulfate%20Buy%20Hydroxychloroquine%22%20%7C%20Search%20%7C%20KUsports.com&c7=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&c9=
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H2
Server: 13.35.253.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-42.fra6.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:10 GMT
via: 1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-amz-cf-id: zTwKNcN7EVcd0Pj2WtJZsdNJaDw42nYjVRfoEvCA_DxbJIQScI3JzA==
x-cache: Miss from cloudfront

Redirect headers

date: Sat, 15 Jan 2022 16:46:10 GMT
via: 1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1642265170480&ns_c=UTF-8&cv=3.5&c8=%22%E2%9D%84%E2%A1%BF%E2%A1%B9%20Buy%20Hydroxychloroquine%20Over%20the%20Counter%3A%20%F0%9F%A4%A9%20www.HealsPills.store%20%F0%9F%A4%A9%20Uses%2C%20Dosage%20%E2%A1%B9%E2%A1%BF%E2%9D%84Buy%20Hydroxychloroquine%20Sulfate%20Buy%20Hydroxychloroquine%22%20%7C%20Search%20%7C%20KUsports.com&c7=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&c9=
content-length: 794
x-amz-cf-id: YYC50rkiCZHIr2Zr6xmvt2cswsTke7-1OYMT3fDdDTR781joEKMSmg==

GET
H/1.1 200
OK quant.js Show response
edge.quantserve.com/ 24 KB
10 KB 71ms
16ms Script
application/javascript 2620:116:800d:21:ee05:6a01:4b41:8c89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://edge.quantserve.com/quant.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 2620:116:800d:21:ee05:6a01:4b41:8c89 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:46:10 GMT
Content-Encoding: gzip
Etag: "FMCWFRCBdbNj8Eh2c0G78Q=="
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: private, max-age=604800
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Accept-Ranges: bytes
Expires: Sat, 22 Jan 2022 16:46:10 GMT

GET
H2 204 asyncPixelSync
pixel.sitescout.com/dmp/ Frame F810 0
0 32ms
31ms Document
text/plain 66.155.71.149
COGECO-PEER1

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.sitescout.com/dmp/asyncPixelSync
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.149 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

cache-control: max-age=0,no-cache,no-store
pragma: no-cache
expires: Tue, 11 Oct 1977 12:34:56 GMT
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
date: Sat, 15 Jan 2022 16:46:09 GMT
server: AC1.1

GET
H2 200 skeleton.gif
static.adsafeprotected.com/ 43 B
482 B 83ms
17ms Image
image/gif 2600:9000:223f:c00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:c00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 16:14:35 GMT
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
age: 13998696
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
cache-control: max-age=315360000
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-type: image/gif
x-amz-cf-id: JpcL1g-cSLyfoI5BmwKmFPK7ae_gUE-YKCxFNTFPuaWowXvjJJTXeA==

GET
H2

200

rules-p-b9OfuctfLWqtE.js Show response
rules.quantcount.com/
Redirect Chain

http://rules.quantcount.com/rules-p-b9OfuctfLWqtE.js
https://rules.quantcount.com/rules-p-b9OfuctfLWqtE.js

3 B
429 B

50ms
15ms

Script
application/javascript

2600:9000:223c:3600:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-b9OfuctfLWqtE.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H2
Server: 2600:9000:223c:3600:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 04:53:05 GMT
via: 1.1 03ffca0f67e3596b9a0c92342fe91598.cloudfront.net (CloudFront)
age: 42786
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 3
last-modified: Sat, 04 Mar 2017 20:50:23 GMT
server: AmazonS3
etag: "8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: FRA56-P2
accept-ranges: bytes
x-amz-cf-id: BABuHEiliTsDREM_B6XY-9mNMoxvUE4Lo2T94p0EgW_ZWbg3KWBi7g==

Redirect headers

Date: Sat, 15 Jan 2022 16:46:10 GMT
Via: 1.1 2af4ee189e50805a67bd62bbd51ad0dc.cloudfront.net (CloudFront)
Server: CloudFront
X-Amz-Cf-Pop: FRA56-P2
X-Cache: Redirect from cloudfront
Content-Type: text/html
Location: https://rules.quantcount.com/rules-p-b9OfuctfLWqtE.js
Connection: keep-alive
Content-Length: 183
X-Amz-Cf-Id: i4DH-TYIjIhuOBQdEgKoSseA48jM7rvLM9wPDMoM0RWi38qWwehSDA==

GET
H2 200 container.html Show response
006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6646 6 KB
3 KB 529ms
258ms Document
text/html 2a00:1450:4019:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4019:80c::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:46:11 GMT
expires: Sun, 15 Jan 2023 16:46:11 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 container.html Show response
006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 5061 6 KB
3 KB 476ms
265ms Document
text/html 2a00:1450:4019:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4019:80c::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:46:11 GMT
expires: Sun, 15 Jan 2023 16:46:11 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2

200

pixel;r=122151703;rf=0;a=p-b9OfuctfLWqtE;url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloro...
pixel.quantserve.com/
Redirect Chain

http://pixel.quantserve.com/pixel;r=122151703;rf=0;a=p-b9OfuctfLWqtE;url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A...
https://pixel.quantserve.com/pixel;r=122151703;rf=0;a=p-b9OfuctfLWqtE;url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25...

35 B
372 B

59ms
20ms

Image
image/gif

2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=122151703;rf=0;a=p-b9OfuctfLWqtE;url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine;uht=2;fpan=1;fpa=P0-1484996935-1642265170685;pbc=;ns=0;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;ref=;d=kusports.com;je=0;sr=1600x1200x24;dst=0;et=1642265170685;tzo=0;ogl=image.http%3A%2F%2Fworldonline%252Emedia%252Eclients%252Eellingtoncms%252Ecom%2Fstatic%2Fkusports%252Ecom%2Fimages%2Fkus

Requested by

Protocol

Server

2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:10 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

Redirect headers

Location: https://pixel.quantserve.com/pixel;r=122151703;rf=0;a=p-b9OfuctfLWqtE;url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine;uht=2;fpan=1;fpa=P0-1484996935-1642265170685;pbc=;ns=0;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;ref=;d=kusports.com;je=0;sr=1600x1200x24;dst=0;et=1642265170685;tzo=0;ogl=image.http%3A%2F%2Fworldonline%252Emedia%252Eclients%252Eellingtoncms%252Ecom%2Fstatic%2Fkusports%252Ecom%2Fimages%2Fkus
Date: Sat, 15 Jan 2022 16:46:10 GMT
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 0
Expires: Sun, 16 Jan 2022 16:46:10 GMT

GET
H2 200 container.html Show response
006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3EBA 6 KB
3 KB 414ms
272ms Document
text/html 2a00:1450:4019:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4019:80c::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:46:11 GMT
expires: Sun, 15 Jan 2023 16:46:11 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 485ms
247ms XHR
text/plain 2a00:1450:4019:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1263243606&t=pageview&_s=1&dl=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&ul=en-us&de=UTF-8&dt=%22%E2%9D%84%E2%A1%BF%E2%A1%B9%20Buy%20Hydroxychloroquine%20Over%20the%20Counter%3A%20%F0%9F%A4%A9%20www.HealsPills.store%20%F0%9F%A4%A9%20Uses%2C%20Dosage%20%E2%A1%B9%E2%A1%BF%E2%9D%84Buy%20Hydroxychloroquine%20Sulfate%20Buy%20Hydroxychloroquine%22%20%7C%20Search%20%7C%20KUsports.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAEABAAAAAC~&jid=278211719&gjid=1059306700&cid=1261223503.1642265170&tid=UA-381152-3&_gid=1033640425.1642265171&_r=1&gtm=2wg1c0NQ7KXJ6&cd2=&cd3=&z=578338742

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4019:806::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://www2.kusports.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8976 6 KB
3 KB 342ms
284ms Document
text/html 2a00:1450:4019:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4019:80c::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:46:11 GMT
expires: Sun, 15 Jan 2023 16:46:11 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 container.html Show response
006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C3DA 6 KB
3 KB 287ms
287ms Document
text/html 2a00:1450:4019:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4019:80c::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:46:11 GMT
expires: Sun, 15 Jan 2023 16:46:11 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 v2kysyhSMp_qnX0jHKGqhtaFqjJ2i0Bgxu17B_LtHy_ON6uigIpvo_IWWO_0L9u5mFLseDLFJ Show response
butterbulb.com/ 209 B
626 B 64ms
23ms Fetch
application/json 35.201.98.64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://butterbulb.com/v2kysyhSMp_qnX0jHKGqhtaFqjJ2i0Bgxu17B_LtHy_ON6uigIpvo_IWWO_0L9u5mFLseDLFJ

Requested by

Host: quizzicalzephyr.com
URL: https://quizzicalzephyr.com/v2/0/toeMSvHmP_4fPO2bOZYY87iEN82c5Cz4OimLjg_YbLj670aB-v2iE843QETaIw-2wkW6Lth0vCX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.98.64 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

64.98.201.35.bc.googleusercontent.com

Software

Resource Hash

4c12833adbf43d20fa1cdeede9f484606cf6a1cf18100584c277f8466e90d260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: http://www2.kusports.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
x-datacenter: gce-europe-west1
date: Sat, 15 Jan 2022 16:46:10 GMT
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-hostname: fen-hoothoot-europe-west1-spot-dcfg
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 209
expires: Sat, 15 Jan 2022 16:46:09 GMT

GET
H2 200 container.html Show response
006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D2A2 6 KB
3 KB 217ms
217ms Document
text/html 2a00:1450:4019:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4019:80c::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:46:11 GMT
expires: Sun, 15 Jan 2023 16:46:11 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 36ms
16ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=226738544330346&ev=Microdata&dl=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&rl=&if=false&ts=1642265170964&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%5C%22%E2%9D%84%E2%A1%BF%E2%A1%B9%20Buy%20Hydroxychloroquine%20Over%20the%20Counter%3A%20%F0%9F%A4%A9%20www.HealsPills.store%20%F0%9F%A4%A9%20Uses%2C%20Dosage%20%E2%A1%B9%E2%A1%BF%E2%9D%84Buy%20Hydroxychloroquine%20Sulfate%20Buy%20Hydroxychloroquine%5C%22%20%7C%20Search%20%7C%20KUsports.com%22%7D&cd[OpenGraph]=%7B%22og%3Aimage%22%3A%22http%3A%2F%2Fworldonline.media.clients.ellingtoncms.com%2Fstatic%2Fkusports.com%2Fimages%2Fkusports-1200.jpg%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.48&r=stable&ec=1&o=30&fbp=fb.1.1642265170457.1038434706&it=1642265170250&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:10 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Sat, 15 Jan 2022 16:46:10 GMT

POST
H2 200 v2uuf9N9oEGB5jVeEXgyO0OyJZJkPmt-NePZbiTkg0M9V6NqYaZRAS9VcBaR2DmUYCNfAEdXR Show response
butterbulb.com/ 3 B
59 B 224ms
224ms Fetch
application/json 35.201.98.64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://butterbulb.com/v2uuf9N9oEGB5jVeEXgyO0OyJZJkPmt-NePZbiTkg0M9V6NqYaZRAS9VcBaR2DmUYCNfAEdXR

Requested by

Host: quizzicalzephyr.com
URL: https://quizzicalzephyr.com/v2/0/toeMSvHmP_4fPO2bOZYY87iEN82c5Cz4OimLjg_YbLj670aB-v2iE843QETaIw-2wkW6Lth0vCX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.98.64 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

64.98.201.35.bc.googleusercontent.com

Software

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: http://www2.kusports.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
x-datacenter: gce-europe-west1
date: Sat, 15 Jan 2022 16:46:11 GMT
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: http://www2.kusports.com
access-control-allow-credentials: true
x-hostname: fen-hoothoot-europe-west1-spot-dcfg
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 3

GET
H2 200 container.html Show response
006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8D9B 6 KB
3 KB 235ms
235ms Document
text/html 2a00:1450:4019:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4019:80c::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:46:11 GMT
expires: Sun, 15 Jan 2023 16:46:11 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 88b48cd9-e40a-4c18-8297-ecf618708ada.js Show response
d3plfjw9uod7ab.cloudfront.net/ad/ Frame 6646 110 KB
28 KB 81ms
19ms Script
application/javascript 2600:9000:223e:b600:13:a391:88c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3plfjw9uod7ab.cloudfront.net/ad/88b48cd9-e40a-4c18-8297-ecf618708ada.js
Requested by: Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:b600:13:a391:88c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a2f12de85cc2a2e68c9d341d85fbdb2baf94877b985f32ab8694218d6cc548f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: PIIOv2xieGBoNLT19H7cXReef4nzgGIf
content-encoding: br
last-modified: Fri, 14 Jan 2022 16:23:10 GMT
server: AmazonS3
age: 5218
etag: W/"7f03b76e1ed076cb7b21811f1160deb2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 3d34e163f3f1a0c4a397ad818b79a810.cloudfront.net (CloudFront)
cache-control: max-age=7200, public
date: Sat, 15 Jan 2022 15:19:14 GMT
x-amz-cf-pop: FRA56-P4
x-amz-cf-id: 5b4-hi9A1ti1ZugJ9MSW85ovIadgc2A4ARw_aOJTk9nXs7UBMETrgw==

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 6646 22 KB
7 KB 61ms
19ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 00:35:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231038
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 13 Jan 2023 00:35:33 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 6646 78 KB
26 KB 28ms
28ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

37ffaf519d628423e1ea7147364a8d2af10c3b63f3ec5a9b598f989aeaafd74c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26979
x-xss-protection: 0
server: sffe
etag: "1102 / 151 of 1000 / last-modified: 1642206167"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 15 Jan 2022 16:46:11 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6646 121 KB
38 KB 70ms
28ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:46:11 GMT

GET
H2 200 88b48cd9-e40a-4c18-8297-ecf618708ada.js Show response
d3plfjw9uod7ab.cloudfront.net/ad/ Frame 5061 110 KB
28 KB 94ms
33ms Script
application/javascript 2600:9000:223e:b600:13:a391:88c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3plfjw9uod7ab.cloudfront.net/ad/88b48cd9-e40a-4c18-8297-ecf618708ada.js
Requested by: Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:b600:13:a391:88c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a2f12de85cc2a2e68c9d341d85fbdb2baf94877b985f32ab8694218d6cc548f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: PIIOv2xieGBoNLT19H7cXReef4nzgGIf
content-encoding: br
last-modified: Fri, 14 Jan 2022 16:23:10 GMT
server: AmazonS3
age: 5218
etag: W/"7f03b76e1ed076cb7b21811f1160deb2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 3d34e163f3f1a0c4a397ad818b79a810.cloudfront.net (CloudFront)
cache-control: max-age=7200, public
date: Sat, 15 Jan 2022 15:19:14 GMT
x-amz-cf-pop: FRA56-P4
x-amz-cf-id: 2TPz1L0AexjQm4sFRBE-4aTC2MtdX0UGOtEstERr4KZ4H8zMO1hZwg==

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 5061 22 KB
7 KB 61ms
20ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 00:35:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231038
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 13 Jan 2023 00:35:33 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 5061 78 KB
26 KB 24ms
24ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

37ffaf519d628423e1ea7147364a8d2af10c3b63f3ec5a9b598f989aeaafd74c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26979
x-xss-protection: 0
server: sffe
etag: "1102 / 659 of 1000 / last-modified: 1642206167"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 15 Jan 2022 16:46:11 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5061 121 KB
37 KB 86ms
46ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:46:11 GMT

GET
H2 200 88b48cd9-e40a-4c18-8297-ecf618708ada.js Show response
d3plfjw9uod7ab.cloudfront.net/ad/ Frame 3EBA 110 KB
28 KB 89ms
37ms Script
application/javascript 2600:9000:223e:b600:13:a391:88c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3plfjw9uod7ab.cloudfront.net/ad/88b48cd9-e40a-4c18-8297-ecf618708ada.js
Requested by: Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:b600:13:a391:88c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a2f12de85cc2a2e68c9d341d85fbdb2baf94877b985f32ab8694218d6cc548f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: PIIOv2xieGBoNLT19H7cXReef4nzgGIf
content-encoding: br
last-modified: Fri, 14 Jan 2022 16:23:10 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
etag: W/"7f03b76e1ed076cb7b21811f1160deb2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 3d34e163f3f1a0c4a397ad818b79a810.cloudfront.net (CloudFront)
cache-control: max-age=7200, public
date: Sat, 15 Jan 2022 16:46:11 GMT
x-amz-cf-id: qOQI5GGmQ5njmcrW9B5uySbb5hcaJdisrtZ3pZk5yZbUBS_KAZDJFQ==

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 3EBA 22 KB
7 KB 54ms
23ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 00:35:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231038
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 13 Jan 2023 00:35:33 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 3EBA 78 KB
26 KB 29ms
29ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

37ffaf519d628423e1ea7147364a8d2af10c3b63f3ec5a9b598f989aeaafd74c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26979
x-xss-protection: 0
server: sffe
etag: "1102 / 383 of 1000 / last-modified: 1642206167"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 15 Jan 2022 16:46:11 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3EBA 121 KB
37 KB 96ms
65ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:46:11 GMT

GET
H2 200 88b48cd9-e40a-4c18-8297-ecf618708ada.js Show response
d3plfjw9uod7ab.cloudfront.net/ad/ Frame 8976 110 KB
28 KB 96ms
47ms Script
application/javascript 2600:9000:223e:b600:13:a391:88c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3plfjw9uod7ab.cloudfront.net/ad/88b48cd9-e40a-4c18-8297-ecf618708ada.js
Requested by: Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:b600:13:a391:88c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a2f12de85cc2a2e68c9d341d85fbdb2baf94877b985f32ab8694218d6cc548f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: PIIOv2xieGBoNLT19H7cXReef4nzgGIf
content-encoding: br
last-modified: Fri, 14 Jan 2022 16:23:10 GMT
server: AmazonS3
age: 5218
etag: W/"7f03b76e1ed076cb7b21811f1160deb2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 3d34e163f3f1a0c4a397ad818b79a810.cloudfront.net (CloudFront)
cache-control: max-age=7200, public
date: Sat, 15 Jan 2022 15:19:14 GMT
x-amz-cf-pop: FRA56-P4
x-amz-cf-id: gtJeWh7D6BAR1-9xA1p5acLAZRK1BU8oTtAFn22_EVVsSKlxyCiMUA==

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 8976 22 KB
7 KB 60ms
31ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 00:35:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231038
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 13 Jan 2023 00:35:33 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 8976 78 KB
26 KB 31ms
30ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

37ffaf519d628423e1ea7147364a8d2af10c3b63f3ec5a9b598f989aeaafd74c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26979
x-xss-protection: 0
server: sffe
etag: "1102 / 282 of 1000 / last-modified: 1642206167"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 15 Jan 2022 16:46:11 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8976 121 KB
37 KB 80ms
51ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:46:11 GMT

GET
H2 200 88b48cd9-e40a-4c18-8297-ecf618708ada.js Show response
d3plfjw9uod7ab.cloudfront.net/ad/ Frame C3DA 110 KB
28 KB 93ms
46ms Script
application/javascript 2600:9000:223e:b600:13:a391:88c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3plfjw9uod7ab.cloudfront.net/ad/88b48cd9-e40a-4c18-8297-ecf618708ada.js
Requested by: Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:b600:13:a391:88c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a2f12de85cc2a2e68c9d341d85fbdb2baf94877b985f32ab8694218d6cc548f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: PIIOv2xieGBoNLT19H7cXReef4nzgGIf
content-encoding: br
last-modified: Fri, 14 Jan 2022 16:23:10 GMT
server: AmazonS3
age: 5218
etag: W/"7f03b76e1ed076cb7b21811f1160deb2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 3d34e163f3f1a0c4a397ad818b79a810.cloudfront.net (CloudFront)
cache-control: max-age=7200, public
date: Sat, 15 Jan 2022 15:19:14 GMT
x-amz-cf-pop: FRA56-P4
x-amz-cf-id: JsBIdZFxAPZgOW7aVsb4rfNR-G2HpZRguUzUwrYk_oPB_V-PK2r0yg==

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame C3DA 22 KB
7 KB 62ms
36ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 00:35:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231038
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 13 Jan 2023 00:35:33 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C3DA 121 KB
37 KB 85ms
59ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:46:11 GMT

GET
H2 200 88b48cd9-e40a-4c18-8297-ecf618708ada.js Show response
d3plfjw9uod7ab.cloudfront.net/ad/ Frame D2A2 110 KB
28 KB 35ms
33ms Script
application/javascript 2600:9000:223e:b600:13:a391:88c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3plfjw9uod7ab.cloudfront.net/ad/88b48cd9-e40a-4c18-8297-ecf618708ada.js
Requested by: Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:b600:13:a391:88c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a2f12de85cc2a2e68c9d341d85fbdb2baf94877b985f32ab8694218d6cc548f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: PIIOv2xieGBoNLT19H7cXReef4nzgGIf
content-encoding: br
last-modified: Fri, 14 Jan 2022 16:23:10 GMT
server: AmazonS3
age: 5218
etag: W/"7f03b76e1ed076cb7b21811f1160deb2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 3d34e163f3f1a0c4a397ad818b79a810.cloudfront.net (CloudFront)
cache-control: max-age=7200, public
date: Sat, 15 Jan 2022 15:19:14 GMT
x-amz-cf-pop: FRA56-P4
x-amz-cf-id: BzsJ5o0Ld5Lr8bbejqDvMajNRgMHrO4pK6QyzP63G89KGVjfVbQ0Nw==

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame D2A2 22 KB
7 KB 44ms
18ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 00:35:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231038
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 13 Jan 2023 00:35:33 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame D2A2 78 KB
26 KB 23ms
23ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

37ffaf519d628423e1ea7147364a8d2af10c3b63f3ec5a9b598f989aeaafd74c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26979
x-xss-protection: 0
server: sffe
etag: "1102 / 704 of 1000 / last-modified: 1642206167"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 15 Jan 2022 16:46:11 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D2A2 121 KB
37 KB 63ms
37ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:46:11 GMT

GET
H2 202 88b48cd9-e40a-4c18-8297-ecf618708ada
analyticssystems.net/api/v2/ad/impression/ Frame 6646 0
653 B 212ms
161ms Image
text/plain 2606:4700:3030::6815:251b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analyticssystems.net/api/v2/ad/impression/88b48cd9-e40a-4c18-8297-ecf618708ada?rand=434537
Requested by: Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:251b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r6yArKpSw8d19zs2FbRiuNsTh%2Bg6WLP240DURCAmyt5B8LlY4%2B8oy1kXCH7RoboiIjtUPKzPuo3eADb7Ei%2BK6qygzaAHUGfG4UmXoMv302xAP4rU4ChAi33cyM9H%2BQktFzBIaPOGLERRBp%2B29tULlOeQoA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ce09428ef51535d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
x-request-id: Fsp_eOqm4Gmz1q0ANiSC

GET
BLOB 200
OK 1769b42c-b45c-4cd3-bd44-24e2f9c0d3ae
https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/ Frame 6646 789 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/1769b42c-b45c-4cd3-bd44-24e2f9c0d3ae
Requested by: Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9bf39525e3f021f8ee678d293c118f8cd7bd2459d505ed31782655f907533fc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Length: 789
Content-Type: application/javascript

GET
H2 202 88b48cd9-e40a-4c18-8297-ecf618708ada
analyticssystems.net/api/v2/ad/impression/ Frame 5061 0
293 B 270ms
270ms Image
text/plain 2606:4700:3030::6815:251b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analyticssystems.net/api/v2/ad/impression/88b48cd9-e40a-4c18-8297-ecf618708ada?rand=873722
Requested by: Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:251b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3b7MqoXzHoMad7JkmPr4rc0Lv9%2BNMOub0VjSMUNyklSPY1Tw%2BmAF06AS%2FsiiCiscU2IEdKukt0oIji0Nlq1EaTB%2FU14z%2Bq1Gc%2Bf4mzykQkA26SkUC19buexW4TUOAuEwTGdlL94Ba4Pyske2iX70a%2BiiDw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ce09428ff7b535d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
x-request-id: Fsp_ePE8RdTQ2UQFekYR

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6646 0
0 52ms
52ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst97Rf-TNhDINchhRGLqepVgISyArA8zrssrcvR08mnZI5_cVuYTJ02aQ0K9uIASXCuIl0lO5Uoc1I34WdoFvrVVtnTSXynSy69AFszEuqUlRb-YbfOh2G63CSL-ysAgVt1TjVmE4lcJY5-HsYjU23neFK3Dt3FjHObGbJpOiZMW19arwoSsZCAgutEh71z_6BlF9f7pHDKv5bOsXq6n0SvcZD0gAFDasOSsrIyZ-f9wFZ-hTKf-v8dsbl2Kdu4LfhEd4cSfPp39T6tIGxxJlohb2maOKZJYQBaRTRvsxYP2rD6&sai=AMfl-YQitUjh6KUfiGLKyVo_oLSV12FoXzTuCBda1MxEfeF5Ak-PhIDq5ZTy9cxOGuMW046I_9UIAfbT5IzXUpAbUbP5dBfcL504I8ZoqkdGXgbWiDOdHTEAL7TcwqlcFqUX&sig=Cg0ArKJSzFMNd12HwibBEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:46:11 GMT

GET
DATA 200
OK truncated
/ Frame 6646 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 588aeb8b8a4b3702b9acb7aa8327541db3604cd2a8d3ba5a9d3c8bf3d4e343b9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 88b48cd9-e40a-4c18-8297-ecf618708ada.js Show response
d3plfjw9uod7ab.cloudfront.net/ad/ Frame 8D9B 110 KB
28 KB 17ms
17ms Script
application/javascript 2600:9000:223e:b600:13:a391:88c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3plfjw9uod7ab.cloudfront.net/ad/88b48cd9-e40a-4c18-8297-ecf618708ada.js
Requested by: Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:b600:13:a391:88c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a2f12de85cc2a2e68c9d341d85fbdb2baf94877b985f32ab8694218d6cc548f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: PIIOv2xieGBoNLT19H7cXReef4nzgGIf
content-encoding: br
last-modified: Fri, 14 Jan 2022 16:23:10 GMT
server: AmazonS3
age: 5218
etag: W/"7f03b76e1ed076cb7b21811f1160deb2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 3d34e163f3f1a0c4a397ad818b79a810.cloudfront.net (CloudFront)
cache-control: max-age=7200, public
date: Sat, 15 Jan 2022 15:19:14 GMT
x-amz-cf-pop: FRA56-P4
x-amz-cf-id: mILzG7xE31ZSwPxqBr4MqrEgEL0SzMFv8f_6PVMUmxBI8ajB5iUoHg==

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 8D9B 22 KB
7 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 00:35:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231038
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 13 Jan 2023 00:35:33 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 8D9B 78 KB
26 KB 37ms
36ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

37ffaf519d628423e1ea7147364a8d2af10c3b63f3ec5a9b598f989aeaafd74c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26979
x-xss-protection: 0
server: sffe
etag: "1102 / 321 of 1000 / last-modified: 1642206167"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 15 Jan 2022 16:46:11 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8D9B 121 KB
37 KB 45ms
45ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:46:11 GMT

GET
H2 202 88b48cd9-e40a-4c18-8297-ecf618708ada
analyticssystems.net/api/v2/ad/impression/ Frame 3EBA 0
292 B 274ms
273ms Image
text/plain 2606:4700:3030::6815:251b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analyticssystems.net/api/v2/ad/impression/88b48cd9-e40a-4c18-8297-ecf618708ada?rand=573923
Requested by: Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:251b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XeLP%2BKHXwfVe37FCm1wqY0V0poPoGn8JdNLVggevEkYVxpFS05hScmMLTHgd01hISDehSpRgQKWp6qSucdz64yEaihUrTkLZ29tyd7nYoWggFtFg%2BA%2FnxH%2F0sAYHbJkCFVdwuyKM7xPPpE6bxDpOJjgxFA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ce094294847535d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
x-request-id: Fsp_ePRuZi0p2J8ANxCS

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
443 B 69ms
22ms XHR
text/plain 2a00:1450:400c:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-381152-3&cid=1261223503.1642265170&jid=278211719&gjid=1059306700&_gid=1033640425.1642265171&_u=YAhAAEAAAAAAAC~&z=695875853

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://www2.kusports.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 15 Jan 2022 16:46:11 GMT
content-type: text/plain
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
BLOB 200
OK d8ad399e-2b88-49a9-bcd0-388c72a58dba
https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/ Frame 5061 789 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/d8ad399e-2b88-49a9-bcd0-388c72a58dba
Requested by: Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9bf39525e3f021f8ee678d293c118f8cd7bd2459d505ed31782655f907533fc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Length: 789
Content-Type: application/javascript

GET
BLOB 200
OK 868bfa41-dd58-4575-86ee-528c77b98073
https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/ Frame 3EBA 789 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/868bfa41-dd58-4575-86ee-528c77b98073
Requested by: Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9bf39525e3f021f8ee678d293c118f8cd7bd2459d505ed31782655f907533fc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Length: 789
Content-Type: application/javascript

GET
H2 202 88b48cd9-e40a-4c18-8297-ecf618708ada
analyticssystems.net/api/v2/ad/impression/ Frame C3DA 0
293 B 252ms
252ms Image
text/plain 2606:4700:3030::6815:251b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analyticssystems.net/api/v2/ad/impression/88b48cd9-e40a-4c18-8297-ecf618708ada?rand=1084966
Requested by: Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:251b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IAFKTSAwKVlPWkmGMAavzx8P72YByr2FyMjXpsRmF6E3%2FHlFlDPYqJo4tWy19vi%2FvtQwd3aiHenDKxKFvW5LPG85pepB0AWupW4ZDwIweDodcqR%2BqO%2BLdYqNEi%2B9Lgox0RQ4QR8WbD7ldZ34VEa0n11fKw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ce094290f97535d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
x-request-id: Fsp_ePDweccddgMCNi0B

GET
H2 202 88b48cd9-e40a-4c18-8297-ecf618708ada
analyticssystems.net/api/v2/ad/impression/ Frame 8976 0
295 B 242ms
241ms Image
text/plain 2606:4700:3030::6815:251b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analyticssystems.net/api/v2/ad/impression/88b48cd9-e40a-4c18-8297-ecf618708ada?rand=510907
Requested by: Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:251b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Q3qm9iZMHAbXfM6ictR3cWG5HfKaUxBOhZp%2F7mGRSI%2BQRe0jaKrIxONyT9usa%2BZWYLSeDap5%2B1TdIoxOjLSkLGW5AiOKLAlmKJt1Q6rEMxCLgb3%2Fct1vTgM90Csx07NztKpOq4wrLD%2BhYgLkWXCTj1xGw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ce094291fc2535d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
x-request-id: Fsp_ePElRUF4wz4Be7eh

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 5061 0
0 51ms
51ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss1ptVmWzzTd54ut7LwzHTXr7glX4oxhb10cG9ISzf1JijzqNGheMUMtDfOfSFvdAeQfE7Aflj9ZdZ4NgzPkQRtbOu4xraYwtP2M5hbf7Uj0XZMK0ctyn_dC9OnR555O6k4pLH3CdkJur8fCx6ZGp8OaEho3Lz0_KYJtQwnfNIkOQIp__35-J6uBxUx3ZZXVqa5HwHSoILfoeZ_Lt_Q33VrsdGLlBkdghGgS9nfDn8Cy7585ozgdrQ7iv4Dk3yb4Fexf-IPSQz5mDYLrX1rcB2x_nT3XX-yQQvATcsv5X5itTKqPUytDG6Af90&sai=AMfl-YTZUpLaPlIjwql-KVf4QmIS4r268OLeNsIdhvp3ZrtRStbLikP0Ot7ARi9k3-1Pslr9Lfp2DfIESRFvv6Gaq5H1cpXDGvdS4Ekw7NUsjiEcmNCh66rp7__ws7m0X6Ee&sig=Cg0ArKJSzJ-miHXnn6M1EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
DATA 200
OK truncated
/ Frame 5061 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 816d57888a08dbda16b694ac102f8f2499378929900ac80b6e440ab163e18c7c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 202 88b48cd9-e40a-4c18-8297-ecf618708ada
analyticssystems.net/api/v2/ad/impression/ Frame D2A2 0
293 B 251ms
251ms Image
text/plain 2606:4700:3030::6815:251b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analyticssystems.net/api/v2/ad/impression/88b48cd9-e40a-4c18-8297-ecf618708ada?rand=598462
Requested by: Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:251b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c8HrTPrOeeP%2F2MmOJ5Qq5Vol1htv0GdUFGoLK822GqzUenwZqRTzx0x9uWOMVE3DXEpQ%2FQKx4QCR6hd1xWIh6WX8u15DL4Lbw1zwis%2B7xW7JksMfEKN0W%2F15MbjoOTQ3DSVEX64w1X2p6PkNU6AEjwMS6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ce094296889535d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
x-request-id: Fsp_ePRBZZ4IO2IBN1ui

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 3EBA 0
0 51ms
51ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssFJoXbE7BzLnwUmXgq4dh9w9nI2LZ6MP0aL_XaX06GLpr0TdkfUQeVHvLtnTrhImlfnNgnubfW8OSMrQurC4X68lWiWps5Pu1oU-TnwTPVlONh9DvMgt7GA6F4giGsbHcFrBVHhbpQKgLaVC3gOErmdULd7nn3Z0KH5O7hqmYaGQSlzH32V3hnyghRq3KjMRppgRsQrwpGDwzQAYw-wD4C1hmSdvjbGhq0BDm3lc4cZPqS_QVxkLbfDGCV-IBnqE_oGoq5pKquIn8EX_nubpMgibHeTNXO2qGTobSvDe2tJFgdx3pKbA&sai=AMfl-YQLb9Zwa37xQRMZIg8Dljy2q2a4TQGAwviTOu7HXm5OBQcVOny8gmGORGS8dyDv0g-NwrTmqyiFTMViNRMWDb_9qqOwyYUokS8D5MrjNTS-DiAITJYVEVfCeebS4KM&sig=Cg0ArKJSzNfeLMgjdMR_EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
DATA 200
OK truncated
/ Frame 3EBA 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8b126cd1fdb08b4481778f89b3fbb2e53a1f71e31d9f01abce7894c1b2af1940

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
BLOB 200
OK 4fa88e81-842c-49fc-a009-c5e8125a141a
https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/ Frame C3DA 789 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/4fa88e81-842c-49fc-a009-c5e8125a141a
Requested by: Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9bf39525e3f021f8ee678d293c118f8cd7bd2459d505ed31782655f907533fc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Length: 789
Content-Type: application/javascript

GET
BLOB 200
OK 89645058-c989-4b9f-bafb-a9e5c53738e0
https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/ Frame 8976 789 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/89645058-c989-4b9f-bafb-a9e5c53738e0
Requested by: Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9bf39525e3f021f8ee678d293c118f8cd7bd2459d505ed31782655f907533fc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Length: 789
Content-Type: application/javascript

GET
BLOB 200
OK 70d93f6c-460f-4cf9-90ef-9f66c8ac17de
https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/ Frame D2A2 789 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/70d93f6c-460f-4cf9-90ef-9f66c8ac17de
Requested by: Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9bf39525e3f021f8ee678d293c118f8cd7bd2459d505ed31782655f907533fc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Length: 789
Content-Type: application/javascript

GET
H3 200 pubads_impl_2022011002.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 6646 352 KB
118 KB 16ms
16ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:33:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 769
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121009
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 21:10:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 15 Jan 2023 16:33:22 GMT

GET
H3 200 pubads_impl_2022011002.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 5061 352 KB
118 KB 21ms
21ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:33:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 769
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121009
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 21:10:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 15 Jan 2023 16:33:22 GMT

GET
H3 202 88b48cd9-e40a-4c18-8297-ecf618708ada
analyticssystems.net/api/v2/ad/impression/ Frame 8D9B 0
626 B 187ms
143ms Image
text/plain 2606:4700:3030::6815:251b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analyticssystems.net/api/v2/ad/impression/88b48cd9-e40a-4c18-8297-ecf618708ada?rand=274921
Requested by: Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:251b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fHj07WQJIwwYHajfaj%2F9gFvKWpjxpvojx0gYUC4LWm5kQ81UMYC9NV5QuUG8X2RAGhdohim1dhJFL10zEqJ7ObRPk8stwLINPlG74S%2FiiG%2FOVMWXwqIotRWFQmduqBgS5GdBPorMlHE5vwYTKfzgtAXOMg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ce0942a7a50874d-DUS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
x-request-id: Fsp_ePfKv0yX_cwAigJx

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame C3DA 0
0 60ms
59ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuz0HTGnpqlq0RiBITIrKKrFxlFQUMZ7jECm1d8GHPwHcGpSohI_xOYhy8t3olGoP1LROkCh_rSMWlAE68RPwMu9K5ShWAbQdIGecKCJ-ZWtHHeExtUMrHCkg3mjDOaZ6_131UWMBEidS88slnybhzZ2pl8CyLSWEEDmBlnhiQwYpuG6NbrmyPfZzMvDdatoxjYt23BH6fDqEqSTT52Q1LI5uvGV8sDFBUJ-_dmuwwmUOTLCnc4Ft9KTwFgfq_MG5Q8-OBtCq6ju-ENuEcXDGQj1KwxKShJ2DDKB-gRxc2_wQskO4uesA&sai=AMfl-YTQKrEA_nNGoWi7kVIBJ22rkwJVYnFKcSjGy2xWr52gG9y3rx8puuY03Mq_H1SA9SvOU92wmxvhqpteMz27YZnpDQRUu3ihP97VNTikedEJpNY65tUkjX8TauHfSMg&sig=Cg0ArKJSzOyhyY2D5UaLEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 app.js Show response
servedbyadbutler.com/ Frame C3DA 55 KB
11 KB 101ms
17ms Script
application/javascript 116.202.46.88
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://servedbyadbutler.com/app.js
Requested by: Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.46.88 Grunwald, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.88.46.202.116.clients.your-server.de
Software: nginx /
Resource Hash: cd3699476d188453684876ad11b8813508e578f49a02f4639fed3b3ce8a74a58

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
last-modified: Tue, 07 Dec 2021 18:28:59 GMT
server: nginx
etag: W/"61afa7eb-da59"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1800
expires: Sat, 15 Jan 2022 17:16:11 GMT

GET
DATA 200
OK truncated
/ Frame C3DA 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bd4cc9d7a9214ed011691a8eefc47ac87d65b5f0a3a656d9ce477db5a60ebde5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 85ms
40ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-381152-3&cid=1261223503.1642265170&jid=278211719&_u=YAhAAEAAAAAAAC~&z=1211191996

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 87ms
42ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-381152-3&cid=1261223503.1642265170&jid=278211719&_u=YAhAAEAAAAAAAC~&z=1211191996

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8976 0
0 52ms
51ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssZcfzDUT2pVsWrBrps5QIVRTCpro7TbrUhJ0MtN9sCPzCrv-2p3hOky2DQ9YHPTQHQiyBd445w6_aQQ2BqjBwR-_0TcsK0K7LMDYnDxFoRAHjyQuT4x_U-e5zQzKS3W8U7vc8fxnb5u1zMpTfB1mQSBrZi4kYgF_qPHsnJ5qFevJVCX6puoTI_qp-ank0AkEQdRHB0jw3LvkShJ7Sbpmz4bOEMGmpCEhbLB0NggQRcrLioV04U56y-QayEbIokgd5BRTNyyZDMYakGG5K8B23G7qyRDYRVeGuru7Ni2bWKZhpr&sai=AMfl-YTFDTPBqaEODATw9k1dM1B3qY0_ktBHcXLJM_WExteoQbGlsEXebB9ktFN3mjv_Cx0qcISiy560QhopTLvQ4cRBrXka1lTxiFsIQTATkhI-Viy5k5lrjeerzbyhdd8&sig=Cg0ArKJSzHvEVYfeOde_EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
DATA 200
OK truncated
/ Frame 8976 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8faf4073749729b4626285e385fd05bcebc5230694974c8b1b8f0d02b319121e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D2A2 0
0 52ms
52ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstvzwO7PgPklNVau-Xo4HrC249UjiUD7eXLF4zD-1ALUaYH0C4_agXX06RAwRisDonBV4WgAogtbEss-wHmBvo5Aphw-saIVi5mQZS81Yk38rNJOZ5IHdiHxvRHfDzSTo7xbdTgvVqQ5OTphEs26Sz5ppBIhP0KRSFfbe6uVjDi0oNZXEyC4j-yQz5hez5eTNNYxJPaj3LTZp0X3bDuRkpqNP7cTHxhlWBEtkfOdJIGlVR6JqHhBwUb8YtFFzuzj4Gjo0_k9_x4a8dlN8C2GtfE_vGxHOr-FBubIQpHQVpznX0rrB2MbA&sai=AMfl-YTIp80SbszHvo0fzli8fjgywVoA6etMU6SvCOlvaLpJw7WJT-gAwjUkzlo9GRDkTUykcWPCwjRvI3IBiNMP-OPwAh-Vzn3w5HXGx6TQ3BAk6LNDsCMu8hBHy_aubZFj&sig=Cg0ArKJSzPgU1bAhcqLLEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
DATA 200
OK truncated
/ Frame D2A2 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 547abea67d17355bd6e410e52a8219897b43b5277eda3d692e3fa2cb422e1149

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
BLOB 200
OK 07ff3777-b9b7-4015-9bec-7418fab8c2ab
https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/ Frame 8D9B 789 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/07ff3777-b9b7-4015-9bec-7418fab8c2ab
Requested by: Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9bf39525e3f021f8ee678d293c118f8cd7bd2459d505ed31782655f907533fc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Length: 789
Content-Type: application/javascript

GET
H3 200 pubads_impl_2022011002.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 3EBA 352 KB
118 KB 15ms
15ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:33:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 769
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121009
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 21:10:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 15 Jan 2023 16:33:22 GMT

GET
H3 200 pubads_impl_2022011002.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 8976 352 KB
118 KB 15ms
15ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:33:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 769
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121009
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 21:10:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 15 Jan 2023 16:33:22 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8D9B 0
0 51ms
51ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvzxb1cQzGuKQYvoPT2J-QM8UdfDHTFSb3kru8iw9r1mxqMtALLrtLMaivbq8yvHhDVGuXSGhGNtYreu1MxsEPPDn5S8LgDET6LRgJ5FYswjRuFB3emdpz_2DNQ35FlUN48qFcShH6SmG9NKuleKpa0rBiHkH6QxOgJpifGl4NoOAS7tUawezaJxfXFOfdaTjHc7LEFEGdzKEqd2D3cJh_TXMjyMbnkKH3gTELX_ppSrX28P-DaExxIRgQNlvxNneHUcaE6l5caZopRGY-fzsq0oJclVFTWbgq_eaxaaM9vyfuxKMQXBw&sai=AMfl-YRRkKwAPx_wjohSii-LtvKKJmuS1N2n7KYZIuy6C2H9e4BcuKeN9OZIRAKerQg-u7cqXSXxSTbboJungQ-zqgA5d4UxjDwDtBpOG77JPsW05pjLnT24fjroVp6-KBg&sig=Cg0ArKJSzLbUIXujcXEIEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
URL: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
DATA 200
OK truncated
/ Frame 8D9B 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d43eddba64f21df222531e22cb7c26ccb37869311760a879ab0b116b14f29269

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 pubads_impl_2022011002.js Show response
securepubads.g.doubleclick.net/gpt/ Frame D2A2 352 KB
118 KB 16ms
15ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:33:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 769
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121009
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 21:10:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 15 Jan 2023 16:33:22 GMT

GET
H3 200 pubads_impl_2022011002.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 8D9B 352 KB
118 KB 15ms
15ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:33:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 769
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121009
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 21:10:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 15 Jan 2023 16:33:22 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 6646 107 B
792 B 71ms
25ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 6646 107 B
122 B 56ms
30ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 6646 19 KB
10 KB 236ms
236ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3446979153569946&correlator=3089098967928812&output=ldjh&impl=fif&eid=31064028%2C31063247&vrg=2022011002&ptt=17&sc=1&sfv=1-0-38&ecs=20220115&iu_parts=8095840%3A1024221%2C.2_7333.3_kusports.com_tier1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&cdm=006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com&bc=23&abxe=1&lmt=1614716223&dt=1642265171622&dlt=1642265171146&idt=461&ea=0&frm=24&biw=-12245933&bih=-12245933&isw=728&ish=90&oid=2&adxs=0&adys=0&adks=3357008152&ucis=l0s8rzb58fel&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ref=http%3A%2F%2Fwww2.kusports.com%2F&top=http%3A%2F%2Fwww2.kusports.com%2F&vis=1&scr_x=-12245933&scr_y=-12245933&psz=0x0&msz=728x0&ga_vid=1578839369.1642265172&ga_sid=1642265172&ga_hid=1791644817&ga_fc=false&fws=256&ohw=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

1e301e8df84a84a431d83b1c4a1c119eeb197d69eda7e8086dee21a937631be4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10085
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 27B9 6 KB
4 KB 673ms
247ms Document
text/html 2a00:1450:4019:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4019:809::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 15 Jan 2022 16:46:12 GMT
expires: Sun, 15 Jan 2023 16:46:12 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 5061 107 B
165 B 60ms
37ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 5061 107 B
122 B 46ms
44ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 5061 19 KB
10 KB 242ms
240ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4262051528554942&correlator=2897810262864475&output=ldjh&impl=fif&eid=31061814%2C44757101&vrg=2022011002&ptt=17&sc=1&sfv=1-0-38&ecs=20220115&iu_parts=8095840%3A1024221%2C.2_7334.7_kusports.com_tier1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600&cdm=006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com&bc=23&abxe=1&lmt=1614716223&dt=1642265171654&dlt=1642265171152&idt=481&ea=0&frm=24&biw=-12245933&bih=-12245933&isw=300&ish=600&oid=2&adxs=0&adys=0&adks=880606352&ucis=x14m2e8c89wr&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ref=http%3A%2F%2Fwww2.kusports.com%2F&top=http%3A%2F%2Fwww2.kusports.com%2F&vis=1&scr_x=-12245933&scr_y=-12245933&psz=0x0&msz=300x0&ga_vid=1107040355.1642265172&ga_sid=1642265172&ga_hid=142382599&ga_fc=false&fws=256&ohw=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

7a3aa8291f76fec949e91c7800b7ed668f3aab9f0d19201923cd21018d9b3ace

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10069
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2362 6 KB
3 KB 301ms
257ms Document
text/html 2a00:1450:4019:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4019:80c::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 15 Jan 2022 16:46:11 GMT
expires: Sun, 15 Jan 2023 16:46:11 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ;ID=171437;size=300x250;setID=319770;type=async;domid=placement_319770_0;place=0;pid=169074;sw=1600;sh=1200;spr=1;rnd=169074;referrer=http%3A%2F%2Fwww2.kusports.com%2F;click=CLICK_MACRO_PLACEHOLDER Show response
servedbyadbutler.com/adserve/ Frame C3DA 145 B
400 B 30ms
29ms Script
text/html 116.202.46.88
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://servedbyadbutler.com/adserve/;ID=171437;size=300x250;setID=319770;type=async;domid=placement_319770_0;place=0;pid=169074;sw=1600;sh=1200;spr=1;rnd=169074;referrer=http%3A%2F%2Fwww2.kusports.com%2F;click=CLICK_MACRO_PLACEHOLDER
Requested by: Host: servedbyadbutler.com
URL: https://servedbyadbutler.com/app.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.46.88 Grunwald, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.88.46.202.116.clients.your-server.de
Software: nginx /
Resource Hash: d1aec0f91475a9d3eefd64516c068aff487a6790a76ff4b8ac14a52e7a367ceb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="ALL DSP COR CUR ADMi DEVi CONi TELi OUR BUS UNI PRE"
access-control-allow-origin: *
cache-control: post-check=0, pre-check=0
access-control-allow-credentials: true
content-type: text/html;charset=UTF-8
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 3EBA 107 B
122 B 51ms
27ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 3EBA 107 B
122 B 27ms
27ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 3EBA 18 KB
8 KB 260ms
260ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1570703855209959&correlator=3205140178085035&output=ldjh&impl=fif&eid=31061166&vrg=2022011002&ptt=17&sc=1&sfv=1-0-38&ecs=20220115&iu_parts=8095840%3A1024221%2C.2_7336.4_kusports.com_tier1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&cdm=006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com&bc=23&abxe=1&lmt=1614716223&dt=1642265171729&dlt=1642265171158&idt=560&ea=0&frm=24&biw=-12245933&bih=-12245933&isw=300&ish=250&oid=2&adxs=0&adys=0&adks=1124330804&ucis=87qk8hn971yo&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ref=http%3A%2F%2Fwww2.kusports.com%2F&top=http%3A%2F%2Fwww2.kusports.com%2F&vis=1&scr_x=-12245933&scr_y=-12245933&psz=0x0&msz=300x0&ga_vid=1329624368.1642265172&ga_sid=1642265172&ga_hid=933166078&ga_fc=false&fws=256&ohw=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

eef94b7aa7c180acc6868e829f76d02dfeec09b7bff54e868547c01c0ffbff1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8439
x-xss-protection: 0
google-lineitem-id: 4481581642
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138216220617
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
e50cb70897325bbab3447118d665891a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F121 6 KB
4 KB 117ms
24ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e50cb70897325bbab3447118d665891a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 15 Jan 2022 16:46:11 GMT
expires: Sun, 15 Jan 2023 16:46:11 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 8976 107 B
122 B 41ms
36ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 8976 107 B
122 B 26ms
26ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 8976 19 KB
10 KB 238ms
238ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1831815141991545&correlator=55404142436147&output=ldjh&impl=fif&vrg=2022011002&ptt=17&sc=1&sfv=1-0-38&ecs=20220115&iu_parts=8095840%3A1024221%2C.2_7332.3_kusports.com_tier1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&cdm=006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com&bc=23&abxe=1&lmt=1614716223&dt=1642265171748&dlt=1642265171165&idt=573&ea=0&frm=24&biw=-12245933&bih=-12245933&isw=728&ish=90&oid=2&adxs=0&adys=0&adks=3055526604&ucis=tcrdfdqk1i7k&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ref=http%3A%2F%2Fwww2.kusports.com%2F&top=http%3A%2F%2Fwww2.kusports.com%2F&vis=1&scr_x=-12245933&scr_y=-12245933&psz=0x0&msz=728x0&ga_vid=1248372938.1642265172&ga_sid=1642265172&ga_hid=939373292&ga_fc=false&fws=256&ohw=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

3f81f6d756fccd8ececaefea33c5818d208feac170c52342b0f5dd3905bd934a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10058
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame DDE1 6 KB
4 KB 110ms
23ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 15 Jan 2022 16:46:11 GMT
expires: Sun, 15 Jan 2023 16:46:11 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame D2A2 107 B
122 B 26ms
25ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame D2A2 107 B
122 B 27ms
25ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame D2A2 18 KB
8 KB 465ms
465ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3891964729167049&correlator=626456131560263&output=ldjh&impl=fif&vrg=2022011002&ptt=17&sc=1&sfv=1-0-38&ecs=20220115&iu_parts=8095840%3A1024221%2C.2_7337.4_kusports.com_tier1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&cdm=006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com&bc=23&abxe=1&lmt=1614716223&dt=1642265171779&dlt=1642265171183&idt=587&ea=0&frm=24&biw=-12245933&bih=-12245933&isw=300&ish=250&oid=2&adxs=0&adys=0&adks=2302396440&ucis=uyz8x4l7d1c&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ref=http%3A%2F%2Fwww2.kusports.com%2F&top=http%3A%2F%2Fwww2.kusports.com%2F&vis=1&scr_x=-12245933&scr_y=-12245933&psz=0x0&msz=300x0&ga_vid=1336446838.1642265172&ga_sid=1642265172&ga_hid=1305748648&ga_fc=false&fws=256&ohw=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

a229bb17043ffde05f87af49ef5dbad2b73e584a9a6e31710db8dae279dab07d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:12 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8439
x-xss-protection: 0
google-lineitem-id: 4482205340
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138216220965
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
6ccc5fa424d647bd49be4f773c4b014f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C6F5 6 KB
3 KB 81ms
29ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6ccc5fa424d647bd49be4f773c4b014f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 15 Jan 2022 16:46:11 GMT
expires: Sun, 15 Jan 2023 16:46:11 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 8D9B 107 B
122 B 24ms
24ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 8D9B 107 B
122 B 27ms
27ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 8D9B 18 KB
8 KB 314ms
314ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4383024012816796&correlator=3357875470847997&output=ldjh&impl=fif&eid=31063823&vrg=2022011002&ptt=17&sc=1&sfv=1-0-38&ecs=20220115&iu_parts=8095840%3A1024221%2C.2_7335.4_kusports.com_tier1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&cdm=006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com&bc=23&abxe=1&lmt=1614716223&dt=1642265171800&dlt=1642265171264&idt=525&ea=0&frm=24&biw=-12245933&bih=-12245933&isw=300&ish=250&oid=2&adxs=0&adys=0&adks=1055926600&ucis=l0njkmgx39vy&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ref=http%3A%2F%2Fwww2.kusports.com%2F&top=http%3A%2F%2Fwww2.kusports.com%2F&vis=1&scr_x=-12245933&scr_y=-12245933&psz=0x0&msz=300x0&ga_vid=1438189431.1642265172&ga_sid=1642265172&ga_hid=929401364&ga_fc=false&fws=256&ohw=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

1c8ea4881eaf2cb7fbf4ae2b940b7fcb89f08efe3356e70f8b10825c1ff853e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:12 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8439
x-xss-protection: 0
google-lineitem-id: 4482203489
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138216200384
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
af2d505fbd2db4dde60a2a2d67fb207e.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B19D 6 KB
3 KB 68ms
30ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://af2d505fbd2db4dde60a2a2d67fb207e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 15 Jan 2022 16:46:11 GMT
expires: Sun, 15 Jan 2023 16:46:11 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame C3DA 0
0 77ms
52ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuDsYCZFWdGkaEfWEZrxZuiBGxZJkbmNkoZI2jKQ2jmslq3GRqxWqNOrzBZ23r0A1A-cb3g9ztGCynxoPlqsBSkPau9szcMNdDHD0biAdAaCJCfic1MkiLNPXntGEvX40uYhBprfriMse35Ry0z8m8uyID_jMMv2POV8fHeexMbeJ9095EgaUKTPZeNz6GPjDlrVpcv-70dtA4wRb7-K1-kJ9Cjlkg_8LLC6v5BXNPmlgMULjPZnwUCWNMaZc4h3gVJ6nqUJ73P03sy3f8a2gwH8oT8GdrWcFNGmhan-VyugkFdqKfxl7cF&sai=AMfl-YSAWN2gITgcXGpcdx3yHrMKC0sBXHuUtogTCB6TP33shoU2z22nyasvSqz7WOR6CYh5tbCu4K0RAvn09-53ylH2m5orOkD2drAVmbcIKryXt7ece7sfMLLHrCbbfYE&sig=Cg0ArKJSzLQZmC4nPXOeEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:46:11 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 3EBA 0
0 53ms
51ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvBq2QmW-JLfr4MmoDUdDXarRrhIrHuPT29uwTnyoSzpuzqhOwIo3-LVfDk-eNKEL9wN0BSwB9ZiTARZS_rcJWsjDb4x92ATL05K3sIHvSZ_EWZcDTE9dkN4DIV8oDAE11gd6zMpjUror2cIUqaNsSwvwSUBbNIMzdxcHh7oG5azrFYTR8WRUGJyDRMLZoTYmW7oVdb7rJn-ediuzRVnmjtrtzzswMXDrqr50wOFTijsjKh6nketxs-J9yjMGPBBrSzGjKX-YWxy1XuyV2Gb_y7SKENoPemLKkZHTdQSykMhqCvq_lN1lAO&sai=AMfl-YTXk0y7pe4CKuWblGkqAkDxUI4TKuVmcUA3FZu0R1-vDo0UzJnrh_eQzCZyjnVCodwNdG4OPxQ7X0pgPesb8x_cfR9iX3Tc9yN1ZTv0jQoxc3ZdDvMCY2ZS70ZDii8&sig=Cg0ArKJSzHNMT_ugrvrhEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:46:11 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 3EBA 11 KB
8 KB 54ms
30ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

af80441ddcddc24dc2cd2d19a9d740534f90ea70d4453e474889b2f177c124f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8641
x-xss-protection: 0

GET
H2 200 container.html Show response
4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E862 6 KB
3 KB 433ms
252ms Document
text/html 2a00:1450:4019:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4019:809::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:46:12 GMT
expires: Sun, 15 Jan 2023 16:46:12 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8976 0
0 52ms
51ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsubSRdyl13vnnQcO9TnEC2tMkXMbOZWqjZe4q_xU3yMStWs01-LYKhJbKR1QSPuEI-DN8ZPPLtwGy6bf9uHeospocwm09SDhKgKrDMGyOXdZx21IPBwWfs6fMkeD0Jha9sEtCEblJdG0lxuTJTxY-NT7MsoOXatMGU74hWIiHSjDoEuUkSIlNWorl4SP3r0RCsu9s19DujtpyPn0UvC1WjjGXE5TR2EkYcCNHZH0QXKepIICZXcUpDAcbS7PhuCpN-gw-B8glTeAWAuwCwkEW0qMxPgIIIq_FX0ESQkq984duUMS98&sai=AMfl-YQiPLGCeMHrGPvHCPtryhDBT6nElfUNXuABAooBvfHr_ozF46EhSQa4PClzYCIZJDrg6s8hyibrv9e36s97QpLPStiGuxNoAYmkg7lnt8o1YAoF6QKeydajbqWNd4s&sig=Cg0ArKJSzLYNGHD-g9hYEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:46:11 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 8976 11 KB
8 KB 31ms
31ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

85d87678b165bea54b7c8e547c080a7c671f1d269f1f936c12c6266a4d63054c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8621
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D2A2 0
0 51ms
51ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvRkIGuAoHUay2MK89m_EsUu3rRoKFRgLKIfDet_5C_ZLnSnd98qCO48l_4A9Yd_bsuIXRSOREA3vTqnUl-jJhfSEl96FeMO_csoGMH5tkRcbbyZKU1ZRq-YOWQ42RmiQksVnKb86gksLq1e9p3nZS0FUFd-uBhkz36K78UAJG8czTwaDRaCpnaULT1Vlfr7hM9kbc-lTOGm6uxwnXpcZf6dNg9HJqis_LoSUOTFro_t7WDbTrnNMdXKx05eKXtSPs0N5Urs76mtfZPYGgkCU3heOLjqk_2dldM9mRE2n3xd3w1bm4PJeaB&sai=AMfl-YSBppdXTkTeGIrnYzKIxIc4IIp_mo0yLiXHZQGcbXZz4K_5IBflj3ACjTF7JI9az-ueh1GfFvoC00LKDhqwTPmhvUwWC3u0wEmpja-cmVh8JsVuRVB2ATDm2WKnN8h0&sig=Cg0ArKJSzGOXJcGFiBrkEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:46:11 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame D2A2 11 KB
8 KB 31ms
31ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fcb8ef29c93c318cac4729737fec3c20b859dda51a167058013b241b71ee0b53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8534
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8D9B 0
0 52ms
52ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvFDEekKlX0ydtsBNb6lrnADmS5ST5fMbWuC-qEheIhMTZTQ7VZp5FjiIQ0D9HNBVQwd4BeDeUk59S1DbfQ496sfsK2AMf5ovyx1xH4C8obOlCTi7tmyGa_tecqK_Hrdhh9KhJ_YsDn9qHhfEHuc4CL-QBwV4cp5FCVAD7yz66GPtypl5SSznzl9p38MZixcY2f17TUMcH--YsoP7aZlOzSAsNcOM0WtDgJYiLsRCzZcPU3w5oQMawoI_EvQn1j_YCaxEgB_D3yvGZcJCic3eJStz76cSMNS6wmBK0ZPYnmANFp-4iXCOHe&sai=AMfl-YSBAttvW7kK6wm-Bw2bAWXQzynAMSO9Io2fcr2NIUoj0sKF-AsThKt2frYAzzNpCrIF3nr8HZW0ZTOd6pOaf531RKtLgx5O5cPLjNjop4-qP2GJAaHIT4flKAtGWFo&sig=Cg0ArKJSzDyf3SwmGUNbEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:46:11 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 8D9B 11 KB
9 KB 31ms
31ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3856abc7b0b704a1ba2fd44178056ce6703a3fbddd92a52292990d5287655c4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8712
x-xss-protection: 0

GET
H2 200 container.html Show response
b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A1A1 6 KB
3 KB 134ms
134ms Document
text/html 2a00:1450:4019:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4019:80c::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:46:11 GMT
expires: Sun, 15 Jan 2023 16:46:11 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 3EBA 17 KB
6 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:46:11 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 8976 17 KB
6 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:46:11 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame D2A2 17 KB
6 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:46:11 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 8D9B 17 KB
6 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:46:11 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A0BA 13 KB
5 KB 15ms
15ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:45:32 GMT
expires: Sun, 15 Jan 2023 16:45:32 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 39
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 1548 783 B
536 B 57ms
29ms Document
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

931c9612feca3db9210cf9f343daa78e33ce0aaaa06a92427f3556d2156d5980

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-rIjpl4QWax3YbMI7n51X8w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 15 Jan 2022 16:46:12 GMT
date: Sat, 15 Jan 2022 16:46:12 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-rIjpl4QWax3YbMI7n51X8w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 5EE1 13 KB
5 KB 17ms
17ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:45:32 GMT
expires: Sun, 15 Jan 2023 16:45:32 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 39
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame F294 783 B
535 B 44ms
27ms Document
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e2459b43d301cd6c63b8c31fae17fc65156397961cf915ba987391ae090b8a27

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-1/QHowsrZI98TFO9777PMw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 15 Jan 2022 16:46:12 GMT
date: Sat, 15 Jan 2022 16:46:12 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-1/QHowsrZI98TFO9777PMw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 7888 13 KB
5 KB 16ms
16ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:45:32 GMT
expires: Sun, 15 Jan 2023 16:45:32 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 39
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5329 783 B
535 B 45ms
30ms Document
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

06f0f066bec226fa3eabd0c05ab5c46d88c6e48c811fd3e905fc74b75ae71d73

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-yb6qxiTIz9bp2Oa3C1oK+A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 15 Jan 2022 16:46:12 GMT
date: Sat, 15 Jan 2022 16:46:12 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-yb6qxiTIz9bp2Oa3C1oK+A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 559D 13 KB
5 KB 16ms
15ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:45:32 GMT
expires: Sun, 15 Jan 2023 16:45:32 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 39
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame E05F 783 B
535 B 37ms
27ms Document
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

552684c6109a14468c898297651b064af4fdca7cd73c4928f445cd5164ad58e2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-+OMH2zyT6dGRt/CTLS68gg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 15 Jan 2022 16:46:12 GMT
date: Sat, 15 Jan 2022 16:46:12 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-+OMH2zyT6dGRt/CTLS68gg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame EDD7 6 KB
3 KB 39ms
16ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:46:11 GMT
expires: Sun, 15 Jan 2023 16:46:11 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7D68 0
0 51ms
50ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstchlcp6PS2BOsFgMt4g9Y78fo643IMDFIuOYI7UFxaBJ_0khDkVa1M2gOCbfUoqMk9Z0nRpMrwsYeQ3CHcJ2uZHaHqQTKi8yY9e7pNNe5ZPojt-1HrXCu7D4rRMX4Ul47fILBXJQySZc7UiHjrbMt7A16Rd9lkVxKbjG7wHQpKO7gKnmWe71Qu_0q7sjRE2mP97rAmxj315Co0y3ciY7WcvVU2QBzn0CvUsU_FFHp_h8mbfdfBzrAlTF7BUNmnjQpcroXBUt-Tl0mzPLByGroV0JqNuzsiNpi5Ji5LhD40GPVXtTxZK7-TGGfUQqhtYym6J61eF3rNsPLMYuEoSEkO_kGUnQkxAg&sig=Cg0ArKJSzHM4IBDk5tU0EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:12 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 jstag Show response
us-ads.openx.net/w/1.0/ Frame 7D68 49 KB
18 KB 67ms
31ms Script
text/javascript 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-ads.openx.net/w/1.0/jstag
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.0.0 /
Resource Hash: 65a09e406ac292276a1c171aff8e44a72f7f7db7cf22cce78a0f87364c7dd454

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:12 GMT
content-encoding: gzip
server: OXGW/17.0.0
vary: Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: max-age=3600
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18035
expires: Sat, 15 Jan 2022 17:46:12 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7D68 121 KB
37 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:46:12 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2560 624 B
340 B 81ms
28ms Document
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNVL9QfhQdgLz3biG9OsBAuWwBUCBXEPFIarhSbQgMfgy0HXRFQpClink_QghS5sPCohWcB2Lxl0cTWFHtrvHWo49ebZEXRTGK-5dLs1SagY107_QdKoXGEOpCR2ESPfPKDpFgOPILt6dP5wGhbtkyGPbMBcEA2Z27VUzzUHd34regqKTJCwaxdlaOhbVzZdDmtiZVwsW2BXL_POCmHVfw80hj_GHg

Requested by

Host: 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com
URL: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 15 Jan 2022 16:46:12 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame EDD7 23 KB
14 KB 112ms
61ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dy5OyePPJCpzIDUXKEYq8FrF7eHKtwnH9O4ZFD8pEx4w6OsenAluMPy4UN5H3zWJSa8osuSK-IsVl2iZK3om0_HK2kMta-hOY2slT8F416C6k6iNYFSrJubU99Osac-PtsZha5-swZxaLo6HXLEx8mzO1dVw&cry=1&dbm_d=AKAmf-Di6DSIEoVu6QElWuBAHfSJHzpbjBsIhD3-w7Geg4TCx9cMoojTNaRBF_jEa1wsjcUX6EONfRdRU4lqRAKZnqIEmTQ5Oiols3IjYrwBqiXOc-cqTNBUvkPoDL7necxZ-9UeeK3lU2-7t6tDczjMl0Hii27HmsalP4JZVtgelwZJ08tPVlvwR0vriO3NH5agNGUhUgIjJDb3YqZyNdE5LeSzILtDHzvGPRxpykrh-X_Cdq3s_5yEFUQoeLi1kqfM8m5HA856iM9EXk_p3oN5m71xB1KIIkZ5b69WMEg3rUduKvQkn4WkAhX12_LIl20G15JlSeDtX0ejZyKuesCfh9ul83R0pNDHY56NbCuAYSDgjTGSQ1zbyvJCybrnQ-bWX5cTmyojNLjUhMlJeEmpu-9IWb343jFgXBl6LPRnQigWXsi7-L2LKUKOnl6hgbk1_SIxv42lOmrtai8jJYN-FSB5UhjHRxkmNZAUyD57msn22VMMu5QkhUvH9f_5pLqV93k14pcZ89BKIiaKo4tu12I5QHUph1YBY830vc-BLeHiyC566o43vvwHYnyjs37igMjhaW0Z4BTA4vMN4cJ9D0fR-uuyhAqH3M6AV7NebosH0Zboh2l_kAeBOqRLUnJicd-jp3JgDAX9gr23TP2X5ebHWzygOxYL9Ay0QgeXVCrWigRBKURr1PjQyQ76FG8_Pf6It9vTV0eTYYV7j-mQaOKkTmgLCnHLvMuTSliDKK5tGoxYBKBXFl6hzUCAyW0QwZH8Ow9DbZh-7mW2_aKwj_1-VS6wV8HJDxzA8NUhTCbvITr7aify2v6u5q2sX0avAi3f0QRqJByux-wCAVVKz-DA5z4Ud5B5-cQRdKHXUugT8axOeAA3JcJM9SDv7itlfyl3rxEIr2pG6J2osgX38r4c7L9B_Df91Kh-DEodMw2kl7iPIXic0FvZQ5Qjmz21VB1w6bal3G3iTrrCX7npSN-Itrt-MYK-CRDVI0waE8kwWHlsiux9m5Xrvoggoh5V-Uxwpdd2hukNvYmFB9yG0o-gCVTZqzffBWoT7D3jdQBXJkXjSDE8Gs0TmIrxXLcz3DyJEQT90H4-qTaIPs9ph3WAHntbx51pKpZFsaOSg0f-eh6LhD_TyIXzxCqIkC-kL5y6axUnVZM9_XlCJZ62_M9PV_jfNyqMm6XubKaA9MgkBqdU4BtmbLVj38UHPa9qN-D3pU2E8P1oYzLDY8PMi1pgPtVzsAkgQv6zmBWiyrfuWSRyEzgnNfqUD4jq7HAL_pMPaZhumvW-LBog2SJBqNTxFiK-J5K4xdZ7MBq7Tt2eDmp0idrfLJeQpUr2BuAXZLieySTOuxiXqScQT8jn3wxIcT37jYmrXdRwVbib2LqXseeDGrRzaAAFrioOcq0GUSmOMHyFuyS11PBGY6CTKWvYUBCKO5rBLzlY-f-e_kAMf_A-TPRGNZZpl5ioz0Mhc211TA-fHGbtgyb7tvk9L2X6HHah-QNYPucBkYAKh4_06sVLpT8MCeTz0GsxbPjOgjmBDFoJVePDq6HL_-bsAJitc5zpPFh3pmHGa_PneMomK_CCj7CnHWMEhnqZuNU4hYmWpxJ7mBTlA8uPkkREfm3i8TOIM6u3YNLqdRnL5UGI6QQMP0RQncvNlFaGgUsFFuqsfE6RT2klxa21_AuW4m4oIs5jAd7zDTSw5oTpiZ2RddDqAdiUGY0N29A6DGZ_9Ze-lRupsuizVjrUueeVBwJcxdQkp-xaVidzA3pMbCeUE4sybz0MyG5v0UxU-gRJklKVMletxnhqw1-C5UUQHIj_Ddfx_ex0O9tHRTBkcCEeAnWZqN-eNq2c37uV4mTwmQ4YhgHzBqGzdGLufIyQyk2NifMF5S_u31v6lFCHvIC6-wjfCzNO7gDiUfvmTS7RsZ2M4mdMPnTLwhs4UJBz1KbAa72EJvGCmcx1SXMXI6VBYRwHE3XC4JZSYb5J7L8oIZcnfO9QehG-BQBN8P1h-vdTTN_hBYRj_MIfKfcQ35IZX975Uq0_9F5YgoXK83_FhdOLyxuSly4ulhUlEBjgyI1wUW83E_8FByXcv6i505F8bL1c2CirCFnAYCa5WRPbL43R4J_bQKeb1dOyDC8Cs9gz6Q_OgrCsz1q0Wr4f7reYU9ft0-6DTLH4ezdlBdfUqAKYcJZkpFda2fy84_T6Vhukby0A9HrtUgiAzmn2gwk5I6vTcwMWu8hKNtGES2FQQrgZdr_8GujRXCOL8ed2i7Jl-1E5S-y30of2bZIsOMXCMvweBYpT7p-Am0bKLU__2LlSK3Wk4mmIeJpLMaIY4udp-oMQCefGChCvuCXAo3X5LcXQtEjKaz64NIH_T65afGL9zyVSrk_cfyCEzYxSEILMxChhNpmJDKGqEtvRBc0JU7sjKCYYMzGbscWsK-2RANdPsG1GyMM5tIHxYId2Nf1Ptz5cyQrbPI9sAXpmkxrqwmuTrsD9tfTEKnL3i08vaLQ0-9pG9pOUDFJagVrytH0HPrCcH8YFbVTSeMO2ErzN8n9I3bAvU3NeOjDbuRpAJZ3xrqjGp_gPE1z8slgRlV_SNS22weVOxjqONNIkTxMK6ylX6sdaBJ42csFtRVwBU5wc45KwovulqknL0QxF_lzRuHSc1z_i3nJ4HgvQr2yBeo35sQyTu4uzLKeOX0O2IBN-dGm2FPIxEndWaQg5RYOTgyJitH4CbylZJEbVT9ymp9i69KaUnl9Zx5JThS-WeXOg2F8MiXHqrs2RWvN0RlWl5tTqe6zeDdovbIN70latmAV0qKhrHeFOm9j62wGzixcHrUhzz858K6AsEij9ljJLS-oiG7c7Mt45Jx1EiraDZUSufoL3OsLhc1uaKHAJhfIhZUlFiiDnnQXAj3jnpR_-mMNi_-erNZaZtu81xcf8Bk08eiZTEAowCgUd7xbw6U5-gZJbOLxac6jRYSmxIuvJIO-j4cLsiGNNrY10mTT-wyah9_zYLyRKmFC2DWAP7X4HRlL_BoH5mwGjOgKWyUbx0TnyDD8lsRgAKln60sud7SUEFQFtr2Bapxx46sugN6sICL6yqJ2ZlTtxrOdH1BBpc7zHahNpgvpEnZVjWPy7GWmTWY1bTJvOaUMC9dB0xTDerpKpnY6ZmQ9q8ldu1p1HuSbmFQ&cid=CAASEuRousGbHcJ6G1VDH_kxKgPkag&rfl=2%2Chttp%253A%252F%252Fwww2.kusports.com%242%2Chttps%253A%252F%252F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%252F%240

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8ef689e966cbf1abceff5a8396f4259778dcdf499ab284e35bf6549ef008277c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13929
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame EDD7 42 B
63 B 77ms
52ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AgOQEERfJCykoSRPchB6t1y2m7DeWxcgOmHRXauTSuEHSxiQkPlNRGdPiD8Ebutsh-qT7T0oXiA13DwPPTAeOi8G-6zjHv5REBQQukKHIdvDeGe5I

Requested by

Host: 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com
URL: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame EDD7 2 KB
1 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/window_focus_fy2019.js

Requested by

Host: 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com
URL: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:43:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 142
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:43:50 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EDD7 121 KB
37 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com
URL: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:46:12 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame EDD7 15 KB
6 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com
URL: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:44:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 132
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 5124071950003790117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:44:00 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame EDD7 0
0 25ms
25ms Image
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS0FiR7uexkUfnlp0Ppb7Q2xleXakuVZAKGFWRbXurA_a0DYLnPEPVbS1i8Xlc9ZLb5nycLHp5t5fAY023RMnZDMySfWA
Requested by: Host: 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com
URL: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame E05F 0
0 78ms
56ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=4383024012816796&rc=
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F294 0
0 77ms
55ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=1831815141991545&rc=
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 qOjxjXcXCvgvcs-4P0zsCT9Wg6D8_9jxJtnS_OGjMvI.js Show response
pagead2.googlesyndication.com/bg/ Frame A0BA 35 KB
13 KB 46ms
25ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/qOjxjXcXCvgvcs-4P0zsCT9Wg6D8_9jxJtnS_OGjMvI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8e8f18d77170af82f72cfb83f4cec093f5683a0fcffd8f126d9d2fce1a332f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 19:59:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74780
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13349
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 14 Jan 2023 19:59:52 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1548 0
0 73ms
54ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=1570703855209959&rc=
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2BF1 624 B
733 B 71ms
27ms Document
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYr8jFlQEwAQ&v=APEucNVl8gnMteskHKVtCZCHXFR2Wtwf_syFby4BSZX91wjL-FofrRQ0Hvuesjdpihv8EOSRfjWl97fOZdqJhusmq649PnQmYxinBXdsXmx_pJ-bh_FDHgP10xUGsf7LtTJe3Ju6yADO9bVcTBXBj-fKwJv1JEpulMGv66YFjLf2cPXGgXs3yTkpV-1Zc5OrngR-0rGvr25JOEE7GUsERI_lTrwkEDkrrw

Requested by

Host: b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com
URL: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 15 Jan 2022 16:46:12 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame A1A1 24 KB
14 KB 99ms
57ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BVulhvByqnFJZ9PSpVtC5D5EjbsxLCPIDVlUWWiV-s5FaK6vC0nZ1gJdHS_3-VKJr5Fgu6lU2dL6T8AAWjuVWqyxvoXMo4-oec5-fZCOePqbscKPlW4GXKvigKFhCB53X-z-iWrynqiyFPhNmu3eu5aLNwYw&cry=1&dbm_d=AKAmf-Aj7Kuf5idCqpsbh5VeK76X5yRjkRI5mIDOjnW-CPGbRl82bRO9msC8-0gK04F5qfz8htGAxVN7aC6M_DAClu8mglxvbLPwKV9jHtyM5qSB-3sIFw4MSJLNFgjaRjhtYj9wfKQ9ktfKo5q8oqZtC-5eNRyOD99GePOagTe960TDeol4RUwd2G030iMb1nwLiE8OV6HrNLEWwpCsvNYj-_rxUoMFraKQpb_oqbkc_rjR3vAGSbtC-OLpZcthtrZtVznN_EtI0mnKS64TlPB1kQRUgrKN3G0YhP33Nt9e93CNycRy6Lqm86pnyCG6LP9gyMNwCcIZGDw-ZD5jMKJCW9Lz_eaVQU19h9GOT_GNU4W5bfYlwZndVg29KM9UkLP5zdskId5-zAJiLvZffCCtyzUwUmVQdxqimcHEU4SzvvBu-wcPilH0p0uHVO_GmsgbazclLUUfZbyn6B2DsLXqLTPxjd4hu51w7OOmbnGl67ni7uKGHt9hEsMt2fwFlSXaV_gteg12iBveez-PoQAWx0yO_TYo6uqgCx69Z-zRFbv_1XtdxEl8WV3BT5UCMCK-mASKff5nhxWDyPFxtQUjkSuhOJvTrOKhY1H-y-LjJKZo6S-r9jCmMGaNxOQmPYKsJSTOtdJXMS0vOTMawG3FnG2lOZSRZAt48dOJjhmKuingphRVY8znJQ8F1JDNBvyd1ExphginF1Jl5f05chuxONrO3Sfr6tCDWjKXPQjZcE7f1T9ZHF5_VE2g6kjJ9oF00wq9MdtvrTSGkS5P8bp_kSxt6bC-lux1807Kaz-E-5Ja0B7mibLayVA1XJwLulgIFgiVz_SXkqQRJsB_jiLQhMWXbG6wHljF7PI43rhon-lj0Md4wsf0cSnxavm4cwt7ao43ZOKEe6qgOLsgMIbo-2UI-e9lLCNc6RLxc-h4zttIjuDHbEk2AFp_wdCVdpYJraZD9IpJ1ekHCZdTrjxgzaNFJNnvjqn2nVE_DmeuFpyi3Z05aZW_7ziEmdan85Lt8InLri35aIzE4qoUIZDbHTmvp64Yy80FSZAsmh7-60C3I3NPQBcQjD61A0m1BFsTOW_A440gtMH4IzxxGjhiWt2HD_mM9swkfKpF6kOyB3peR7vbySjgLMNsANohDsm1pQzQimnQr6owZNwblFBQT26pgTLXf4gK-BgkOj140Njd0UO8Ice3kbc6gp9GqCHSrY9Gn7bHiaMectGuRFtKg_Avvwnzd99d9okePSvLvIozohJ4FeN0rWnk4m7FvAuC_6FmSW8ooxZkInMU70WgaufEeclgVJAlJs2NIeN2ZsXV9FPeDlG8uhsMoSad-ZHPax73DArJ9_EKbMa4zLGArPMZaTy6_JaY-uhak555YJmPmEEppJoawayHpiLPmegweWb7Mn7JFz0M_neD05rRj6bDrCVe2z7XRS0SqWuSDyIwOYaXyF-UjPvDJcr_OUCpwbv5Q6uohkePs3UlciZP8Fv5hPxuLT6sxZO9I_Pfb4irM9Zybbi1TsREX_3EtHq0dqnBqaOKvErhM8QhwOTYKm71JPLt34xZlIMe8nbg2heWCvLqK5JKgUMEnMJ-8oF1qwocp-3-F9IFPcxx4s6k8LFX6iJpJaYKPpMKJ9n0jjSQiJmB50oU2p8KNHV7PtXlfEW3LNg3MiONaFDhpe7b4RL7wwB8CST-RUPTAaUULDiKeyNKCNFEkAS3ran66Bm6hHHqAMGabx4ZkE0KKIvwk7Gd-OkvZ9gtMHsARHINyTL35MREuqEyEsO2xTk8hRWv64Mtn6FRVrclI3-M0rGK_8fs1srR5LNwELUY7fcP1xdcgfnclrYFEVE1lxoQmVdT8FJ4dnBPwo3JmC2slkKSDoBWImuIXPEL2m900LZEe39KmfKCzRm0uXdsxPdrEbqSN6F8tLvIM-qd4KO48lgY7q2fxRZ_i59O6SUzK3N0GGb7JUa9ujEd-UdB4BGNFGek5xi2XdQMD9-OnQMXBkcrjOqhlFixLU0P2kaMFEDYlTqnY6gqXaFjoPHWipNDzZ8RMmUNK5w5adYFQ3JCkPj6h19aQ9e5TV4wexEi7JE49SL87It04owhguHw7RM7wWZteegejY2n2o8pV3Xs1iws0mIMBgAQyDv1HbHtXBihNwf0OPYvZN5OXEwT7h4dp0a-lScVs0fqW7CLtZCIX004EcDesc_rT149zJdV16OCYgZ29lS9yz_5etVpN3SHsldfx9wR3IBamt-s0sXTe9UaqJD1137VuvDwSSVR2Puj8fOPrkG5qlHbMZwldgXlFmP8KBJgkcabIIZJJW3SkNrXtKYJcZ078fXq-0z96OJSwAiHnIu382m04wLvIh19BvqO2QouCnjLMoGbgYoOm7pbN_QKdc2eFVU_CooVcfGJhGTRnECI1qSezUtR7zYFBRs_JomZhAmXT21x2aVrNvr-b4X8A9ySqa_c85OFBiPDmeXjiAoHkjLCrG-5vGcDPablMTr2dwyo4XbE5Yy81eeReK52HyCAUuky5VFiOFreTo8AJlcqmm3to6wl285McsPuqtGRWIt5_T2YPHAu8VwNKZXPWyOE1UC9HAaNlHj-mYQsRApfsVkYRNujlh0uOtUc_8GhNrozA9CPB8S0LvXaPP1VZCfvys6MzBX-yQzMtYG0F56b9vPuBn-6dnJkdatit8FVk8EjYb_ORMfC4ta0fbkuArYdqho8fUtjkEc_ug1NIZx2dzmU37kWyZf01PKpt6lmFtppXrMVTja1KSZW0nagoryav6VnfhN44OhTodU_FTIdAvThFmWv3scSVceW7sysJ3WbMo87FrWQZIfgmYL7EyFi1t_qMkbjwoC0j-jo1hezoQamTm5So7GiUwz6WK4Nmo2rSjywM-PcTC9qk9zAQNLNkcVT5ljWPyyFtzONzJXMhfXOlxYvIQLyoQl7zQdbYxu_DU6nEPh8ICekfouWtj-xb6tQPiY4cmiRdkElPF1rJId-t1zCONtMUmUFu3tFwwqfFjT7w8J_V51ktxUdwYD6dof2d65-2Frm9mpJwKNHk1wq-ZnYYzxY7hNl8G6lk98g3OpCuGbpZ8bgiWrrq_kK1016Xkg0pJlsQiaWMUiCNEozHTztkyCFjDMsVKe_k0QS5jl-wvDwUBK-90v18TVgCa8i0GhK7mQozYl9ghmZbNc&cid=CAASEuRozl-fpgmeZueD6JqJ9fIPpA&rfl=2%2Chttp%253A%252F%252Fwww2.kusports.com%242%2Chttps%253A%252F%252F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%252F%240

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c44519c14f6c1d5efd43b029aa4a05952821587cb5b30ae2710c533785523410

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13981
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame A1A1 42 B
63 B 68ms
52ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CMVBqo2r08YxZYnQHyOtFz-qas0vt-xHCsHqIEsn2mKROTiAAyUWzg97-wYwZEaKsDXVOoH3U3hQOR_hzcoFOvAV4ib5s9IjE2SNKB0AqMD9HPH5Q

Requested by

Host: b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com
URL: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame A1A1 2 KB
1 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/window_focus_fy2019.js

Requested by

Host: b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com
URL: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:43:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 142
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:43:50 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A1A1 121 KB
37 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com
URL: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:46:12 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame A1A1 15 KB
6 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com
URL: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:44:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 132
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 5124071950003790117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:44:00 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame A1A1 0
0 25ms
25ms Image
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQbChDtlRK5O7BrYEV6iAhW-0vzrXNyk2vlDYVsJnf-iT0Ffjjq5ByD_m3U4HxV4NbM-oLvddEg0Bf0_w7xyDTAa5EPwQ
Requested by: Host: b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com
URL: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5329 0
0 73ms
58ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=3891964729167049&rc=
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 qOjxjXcXCvgvcs-4P0zsCT9Wg6D8_9jxJtnS_OGjMvI.js Show response
pagead2.googlesyndication.com/bg/ Frame 5EE1 35 KB
13 KB 45ms
30ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/qOjxjXcXCvgvcs-4P0zsCT9Wg6D8_9jxJtnS_OGjMvI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8e8f18d77170af82f72cfb83f4cec093f5683a0fcffd8f126d9d2fce1a332f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 19:59:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74780
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13349
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 14 Jan 2023 19:59:52 GMT

GET
H3 200 qOjxjXcXCvgvcs-4P0zsCT9Wg6D8_9jxJtnS_OGjMvI.js Show response
pagead2.googlesyndication.com/bg/ Frame 7888 35 KB
13 KB 34ms
21ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/qOjxjXcXCvgvcs-4P0zsCT9Wg6D8_9jxJtnS_OGjMvI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8e8f18d77170af82f72cfb83f4cec093f5683a0fcffd8f126d9d2fce1a332f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 19:59:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74780
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13349
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 14 Jan 2023 19:59:52 GMT

GET
H3 200 qOjxjXcXCvgvcs-4P0zsCT9Wg6D8_9jxJtnS_OGjMvI.js Show response
pagead2.googlesyndication.com/bg/ Frame 559D 35 KB
13 KB 37ms
24ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/qOjxjXcXCvgvcs-4P0zsCT9Wg6D8_9jxJtnS_OGjMvI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8e8f18d77170af82f72cfb83f4cec093f5683a0fcffd8f126d9d2fce1a332f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 19:59:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74780
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13349
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 14 Jan 2023 19:59:52 GMT

GET
H3 200 acj Show response
us-ads.openx.net/w/1.0/ Frame 7D68 319 B
299 B 52ms
29ms Script
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-ads.openx.net/w/1.0/acj?ai=9d12e9a1-f147-46f7-9893-12d015e3acf0&o=3755937594&callback=OX_3755937594&ju=https%3A//www2.kusports.com/&jr=http%3A//www2.kusports.com/&auid=537971110&dims=&adxy=&res=1600x1200x24&plg=pm&ch=UTF-8&tz=0&ws=300x250&ifr=1&mt=1
Requested by: Host: us-ads.openx.net
URL: https://us-ads.openx.net/w/1.0/jstag
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.0.0 /
Resource Hash: 2c71eb3103f2291fe4a690548388a965bde3c77c153dac0fc029c7ae8e3eae53

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
content-encoding: gzip
server: OXGW/17.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 279
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 7D68 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ca4ba00b4ee1c686ca70b4c3504539ede4aee52f0adeda603817ef886134cfda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9C34 0
0 51ms
50ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsud_O1-J_UySaNkGYVc3hqLCwqDNNEr_BcVL1fNkpOYAs0TLyD9Z8_r-3KTUWrOcCSUmSnsy7_Hua0rmV1O7vlyceIrDgZR6NhtwJ_4eijO5KEcsQF9BLwErJnwnZgEU0wcxR-gaO98KdKEfIGjBYhgqv94eCC7KQkMB0So789MZTlbTnDRuTc9phh1rVaMFwViCLxwS4-peAl_P3jPh4bHLysRn6dgfRPsL78GM4LUC7MJJtI7weUjFjenMF8_Gh73knvdP3iNZMDU9yx8ghd-KgJVYi0x7iLc3z3BTf7GkxBip-ZoPdw9u3H_ZiYYbMg6J7MV7H2c2cgR8OROa_aeiQBTnj1vdQ&sig=Cg0ArKJSzLR6HCkwlBKLEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:12 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET pq
media.adfrontiers.com/ Frame 9C34 0
0

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9C34 121 KB
37 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:46:12 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/ Frame A1A1 24 KB
9 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BVulhvByqnFJZ9PSpVtC5D5EjbsxLCPIDVlUWWiV-s5FaK6vC0nZ1gJdHS_3-VKJr5Fgu6lU2dL6T8AAWjuVWqyxvoXMo4-oec5-fZCOePqbscKPlW4GXKvigKFhCB53X-z-iWrynqiyFPhNmu3eu5aLNwYw&cry=1&dbm_d=AKAmf-Aj7Kuf5idCqpsbh5VeK76X5yRjkRI5mIDOjnW-CPGbRl82bRO9msC8-0gK04F5qfz8htGAxVN7aC6M_DAClu8mglxvbLPwKV9jHtyM5qSB-3sIFw4MSJLNFgjaRjhtYj9wfKQ9ktfKo5q8oqZtC-5eNRyOD99GePOagTe960TDeol4RUwd2G030iMb1nwLiE8OV6HrNLEWwpCsvNYj-_rxUoMFraKQpb_oqbkc_rjR3vAGSbtC-OLpZcthtrZtVznN_EtI0mnKS64TlPB1kQRUgrKN3G0YhP33Nt9e93CNycRy6Lqm86pnyCG6LP9gyMNwCcIZGDw-ZD5jMKJCW9Lz_eaVQU19h9GOT_GNU4W5bfYlwZndVg29KM9UkLP5zdskId5-zAJiLvZffCCtyzUwUmVQdxqimcHEU4SzvvBu-wcPilH0p0uHVO_GmsgbazclLUUfZbyn6B2DsLXqLTPxjd4hu51w7OOmbnGl67ni7uKGHt9hEsMt2fwFlSXaV_gteg12iBveez-PoQAWx0yO_TYo6uqgCx69Z-zRFbv_1XtdxEl8WV3BT5UCMCK-mASKff5nhxWDyPFxtQUjkSuhOJvTrOKhY1H-y-LjJKZo6S-r9jCmMGaNxOQmPYKsJSTOtdJXMS0vOTMawG3FnG2lOZSRZAt48dOJjhmKuingphRVY8znJQ8F1JDNBvyd1ExphginF1Jl5f05chuxONrO3Sfr6tCDWjKXPQjZcE7f1T9ZHF5_VE2g6kjJ9oF00wq9MdtvrTSGkS5P8bp_kSxt6bC-lux1807Kaz-E-5Ja0B7mibLayVA1XJwLulgIFgiVz_SXkqQRJsB_jiLQhMWXbG6wHljF7PI43rhon-lj0Md4wsf0cSnxavm4cwt7ao43ZOKEe6qgOLsgMIbo-2UI-e9lLCNc6RLxc-h4zttIjuDHbEk2AFp_wdCVdpYJraZD9IpJ1ekHCZdTrjxgzaNFJNnvjqn2nVE_DmeuFpyi3Z05aZW_7ziEmdan85Lt8InLri35aIzE4qoUIZDbHTmvp64Yy80FSZAsmh7-60C3I3NPQBcQjD61A0m1BFsTOW_A440gtMH4IzxxGjhiWt2HD_mM9swkfKpF6kOyB3peR7vbySjgLMNsANohDsm1pQzQimnQr6owZNwblFBQT26pgTLXf4gK-BgkOj140Njd0UO8Ice3kbc6gp9GqCHSrY9Gn7bHiaMectGuRFtKg_Avvwnzd99d9okePSvLvIozohJ4FeN0rWnk4m7FvAuC_6FmSW8ooxZkInMU70WgaufEeclgVJAlJs2NIeN2ZsXV9FPeDlG8uhsMoSad-ZHPax73DArJ9_EKbMa4zLGArPMZaTy6_JaY-uhak555YJmPmEEppJoawayHpiLPmegweWb7Mn7JFz0M_neD05rRj6bDrCVe2z7XRS0SqWuSDyIwOYaXyF-UjPvDJcr_OUCpwbv5Q6uohkePs3UlciZP8Fv5hPxuLT6sxZO9I_Pfb4irM9Zybbi1TsREX_3EtHq0dqnBqaOKvErhM8QhwOTYKm71JPLt34xZlIMe8nbg2heWCvLqK5JKgUMEnMJ-8oF1qwocp-3-F9IFPcxx4s6k8LFX6iJpJaYKPpMKJ9n0jjSQiJmB50oU2p8KNHV7PtXlfEW3LNg3MiONaFDhpe7b4RL7wwB8CST-RUPTAaUULDiKeyNKCNFEkAS3ran66Bm6hHHqAMGabx4ZkE0KKIvwk7Gd-OkvZ9gtMHsARHINyTL35MREuqEyEsO2xTk8hRWv64Mtn6FRVrclI3-M0rGK_8fs1srR5LNwELUY7fcP1xdcgfnclrYFEVE1lxoQmVdT8FJ4dnBPwo3JmC2slkKSDoBWImuIXPEL2m900LZEe39KmfKCzRm0uXdsxPdrEbqSN6F8tLvIM-qd4KO48lgY7q2fxRZ_i59O6SUzK3N0GGb7JUa9ujEd-UdB4BGNFGek5xi2XdQMD9-OnQMXBkcrjOqhlFixLU0P2kaMFEDYlTqnY6gqXaFjoPHWipNDzZ8RMmUNK5w5adYFQ3JCkPj6h19aQ9e5TV4wexEi7JE49SL87It04owhguHw7RM7wWZteegejY2n2o8pV3Xs1iws0mIMBgAQyDv1HbHtXBihNwf0OPYvZN5OXEwT7h4dp0a-lScVs0fqW7CLtZCIX004EcDesc_rT149zJdV16OCYgZ29lS9yz_5etVpN3SHsldfx9wR3IBamt-s0sXTe9UaqJD1137VuvDwSSVR2Puj8fOPrkG5qlHbMZwldgXlFmP8KBJgkcabIIZJJW3SkNrXtKYJcZ078fXq-0z96OJSwAiHnIu382m04wLvIh19BvqO2QouCnjLMoGbgYoOm7pbN_QKdc2eFVU_CooVcfGJhGTRnECI1qSezUtR7zYFBRs_JomZhAmXT21x2aVrNvr-b4X8A9ySqa_c85OFBiPDmeXjiAoHkjLCrG-5vGcDPablMTr2dwyo4XbE5Yy81eeReK52HyCAUuky5VFiOFreTo8AJlcqmm3to6wl285McsPuqtGRWIt5_T2YPHAu8VwNKZXPWyOE1UC9HAaNlHj-mYQsRApfsVkYRNujlh0uOtUc_8GhNrozA9CPB8S0LvXaPP1VZCfvys6MzBX-yQzMtYG0F56b9vPuBn-6dnJkdatit8FVk8EjYb_ORMfC4ta0fbkuArYdqho8fUtjkEc_ug1NIZx2dzmU37kWyZf01PKpt6lmFtppXrMVTja1KSZW0nagoryav6VnfhN44OhTodU_FTIdAvThFmWv3scSVceW7sysJ3WbMo87FrWQZIfgmYL7EyFi1t_qMkbjwoC0j-jo1hezoQamTm5So7GiUwz6WK4Nmo2rSjywM-PcTC9qk9zAQNLNkcVT5ljWPyyFtzONzJXMhfXOlxYvIQLyoQl7zQdbYxu_DU6nEPh8ICekfouWtj-xb6tQPiY4cmiRdkElPF1rJId-t1zCONtMUmUFu3tFwwqfFjT7w8J_V51ktxUdwYD6dof2d65-2Frm9mpJwKNHk1wq-ZnYYzxY7hNl8G6lk98g3OpCuGbpZ8bgiWrrq_kK1016Xkg0pJlsQiaWMUiCNEozHTztkyCFjDMsVKe_k0QS5jl-wvDwUBK-90v18TVgCa8i0GhK7mQozYl9ghmZbNc&cid=CAASEuRozl-fpgmeZueD6JqJ9fIPpA&rfl=2%2Chttp%253A%252F%252Fwww2.kusports.com%242%2Chttps%253A%252F%252F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7c55617f84818daf4c70cc10ada26ddd5b582b1d1c2c2829b3220487a6db477

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:41:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 264
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9544
x-xss-protection: 0
server: cafe
etag: 6261108306223674270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:41:48 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame A1A1 41 KB
15 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 08:14:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 203530
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Jan 2023 08:14:02 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/ Frame EDD7 24 KB
9 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dy5OyePPJCpzIDUXKEYq8FrF7eHKtwnH9O4ZFD8pEx4w6OsenAluMPy4UN5H3zWJSa8osuSK-IsVl2iZK3om0_HK2kMta-hOY2slT8F416C6k6iNYFSrJubU99Osac-PtsZha5-swZxaLo6HXLEx8mzO1dVw&cry=1&dbm_d=AKAmf-Di6DSIEoVu6QElWuBAHfSJHzpbjBsIhD3-w7Geg4TCx9cMoojTNaRBF_jEa1wsjcUX6EONfRdRU4lqRAKZnqIEmTQ5Oiols3IjYrwBqiXOc-cqTNBUvkPoDL7necxZ-9UeeK3lU2-7t6tDczjMl0Hii27HmsalP4JZVtgelwZJ08tPVlvwR0vriO3NH5agNGUhUgIjJDb3YqZyNdE5LeSzILtDHzvGPRxpykrh-X_Cdq3s_5yEFUQoeLi1kqfM8m5HA856iM9EXk_p3oN5m71xB1KIIkZ5b69WMEg3rUduKvQkn4WkAhX12_LIl20G15JlSeDtX0ejZyKuesCfh9ul83R0pNDHY56NbCuAYSDgjTGSQ1zbyvJCybrnQ-bWX5cTmyojNLjUhMlJeEmpu-9IWb343jFgXBl6LPRnQigWXsi7-L2LKUKOnl6hgbk1_SIxv42lOmrtai8jJYN-FSB5UhjHRxkmNZAUyD57msn22VMMu5QkhUvH9f_5pLqV93k14pcZ89BKIiaKo4tu12I5QHUph1YBY830vc-BLeHiyC566o43vvwHYnyjs37igMjhaW0Z4BTA4vMN4cJ9D0fR-uuyhAqH3M6AV7NebosH0Zboh2l_kAeBOqRLUnJicd-jp3JgDAX9gr23TP2X5ebHWzygOxYL9Ay0QgeXVCrWigRBKURr1PjQyQ76FG8_Pf6It9vTV0eTYYV7j-mQaOKkTmgLCnHLvMuTSliDKK5tGoxYBKBXFl6hzUCAyW0QwZH8Ow9DbZh-7mW2_aKwj_1-VS6wV8HJDxzA8NUhTCbvITr7aify2v6u5q2sX0avAi3f0QRqJByux-wCAVVKz-DA5z4Ud5B5-cQRdKHXUugT8axOeAA3JcJM9SDv7itlfyl3rxEIr2pG6J2osgX38r4c7L9B_Df91Kh-DEodMw2kl7iPIXic0FvZQ5Qjmz21VB1w6bal3G3iTrrCX7npSN-Itrt-MYK-CRDVI0waE8kwWHlsiux9m5Xrvoggoh5V-Uxwpdd2hukNvYmFB9yG0o-gCVTZqzffBWoT7D3jdQBXJkXjSDE8Gs0TmIrxXLcz3DyJEQT90H4-qTaIPs9ph3WAHntbx51pKpZFsaOSg0f-eh6LhD_TyIXzxCqIkC-kL5y6axUnVZM9_XlCJZ62_M9PV_jfNyqMm6XubKaA9MgkBqdU4BtmbLVj38UHPa9qN-D3pU2E8P1oYzLDY8PMi1pgPtVzsAkgQv6zmBWiyrfuWSRyEzgnNfqUD4jq7HAL_pMPaZhumvW-LBog2SJBqNTxFiK-J5K4xdZ7MBq7Tt2eDmp0idrfLJeQpUr2BuAXZLieySTOuxiXqScQT8jn3wxIcT37jYmrXdRwVbib2LqXseeDGrRzaAAFrioOcq0GUSmOMHyFuyS11PBGY6CTKWvYUBCKO5rBLzlY-f-e_kAMf_A-TPRGNZZpl5ioz0Mhc211TA-fHGbtgyb7tvk9L2X6HHah-QNYPucBkYAKh4_06sVLpT8MCeTz0GsxbPjOgjmBDFoJVePDq6HL_-bsAJitc5zpPFh3pmHGa_PneMomK_CCj7CnHWMEhnqZuNU4hYmWpxJ7mBTlA8uPkkREfm3i8TOIM6u3YNLqdRnL5UGI6QQMP0RQncvNlFaGgUsFFuqsfE6RT2klxa21_AuW4m4oIs5jAd7zDTSw5oTpiZ2RddDqAdiUGY0N29A6DGZ_9Ze-lRupsuizVjrUueeVBwJcxdQkp-xaVidzA3pMbCeUE4sybz0MyG5v0UxU-gRJklKVMletxnhqw1-C5UUQHIj_Ddfx_ex0O9tHRTBkcCEeAnWZqN-eNq2c37uV4mTwmQ4YhgHzBqGzdGLufIyQyk2NifMF5S_u31v6lFCHvIC6-wjfCzNO7gDiUfvmTS7RsZ2M4mdMPnTLwhs4UJBz1KbAa72EJvGCmcx1SXMXI6VBYRwHE3XC4JZSYb5J7L8oIZcnfO9QehG-BQBN8P1h-vdTTN_hBYRj_MIfKfcQ35IZX975Uq0_9F5YgoXK83_FhdOLyxuSly4ulhUlEBjgyI1wUW83E_8FByXcv6i505F8bL1c2CirCFnAYCa5WRPbL43R4J_bQKeb1dOyDC8Cs9gz6Q_OgrCsz1q0Wr4f7reYU9ft0-6DTLH4ezdlBdfUqAKYcJZkpFda2fy84_T6Vhukby0A9HrtUgiAzmn2gwk5I6vTcwMWu8hKNtGES2FQQrgZdr_8GujRXCOL8ed2i7Jl-1E5S-y30of2bZIsOMXCMvweBYpT7p-Am0bKLU__2LlSK3Wk4mmIeJpLMaIY4udp-oMQCefGChCvuCXAo3X5LcXQtEjKaz64NIH_T65afGL9zyVSrk_cfyCEzYxSEILMxChhNpmJDKGqEtvRBc0JU7sjKCYYMzGbscWsK-2RANdPsG1GyMM5tIHxYId2Nf1Ptz5cyQrbPI9sAXpmkxrqwmuTrsD9tfTEKnL3i08vaLQ0-9pG9pOUDFJagVrytH0HPrCcH8YFbVTSeMO2ErzN8n9I3bAvU3NeOjDbuRpAJZ3xrqjGp_gPE1z8slgRlV_SNS22weVOxjqONNIkTxMK6ylX6sdaBJ42csFtRVwBU5wc45KwovulqknL0QxF_lzRuHSc1z_i3nJ4HgvQr2yBeo35sQyTu4uzLKeOX0O2IBN-dGm2FPIxEndWaQg5RYOTgyJitH4CbylZJEbVT9ymp9i69KaUnl9Zx5JThS-WeXOg2F8MiXHqrs2RWvN0RlWl5tTqe6zeDdovbIN70latmAV0qKhrHeFOm9j62wGzixcHrUhzz858K6AsEij9ljJLS-oiG7c7Mt45Jx1EiraDZUSufoL3OsLhc1uaKHAJhfIhZUlFiiDnnQXAj3jnpR_-mMNi_-erNZaZtu81xcf8Bk08eiZTEAowCgUd7xbw6U5-gZJbOLxac6jRYSmxIuvJIO-j4cLsiGNNrY10mTT-wyah9_zYLyRKmFC2DWAP7X4HRlL_BoH5mwGjOgKWyUbx0TnyDD8lsRgAKln60sud7SUEFQFtr2Bapxx46sugN6sICL6yqJ2ZlTtxrOdH1BBpc7zHahNpgvpEnZVjWPy7GWmTWY1bTJvOaUMC9dB0xTDerpKpnY6ZmQ9q8ldu1p1HuSbmFQ&cid=CAASEuRousGbHcJ6G1VDH_kxKgPkag&rfl=2%2Chttp%253A%252F%252Fwww2.kusports.com%242%2Chttps%253A%252F%252F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7c55617f84818daf4c70cc10ada26ddd5b582b1d1c2c2829b3220487a6db477

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:41:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 264
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9544
x-xss-protection: 0
server: cafe
etag: 6261108306223674270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:41:48 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame EDD7 41 KB
15 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 08:14:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 203530
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Jan 2023 08:14:02 GMT

GET
DATA 200
OK truncated
/ Frame 9C34 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dad85d4011f3d17e240117a226e68e893a2800a56b1431a2abac9f50589b9196

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9C34 0
0 51ms
51ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvJw_SFw4B_AZXS2CCjkxeBOCGD4mrcNkvLTu-IkZZaTbCEv_6kWmRXu2EGv33MXI5EojrND3U_YlgkZEmaL7Ebb379gVpxsIJdf-8tEx87wCGcjCqysQzEtiL7ReZKGxnZAoJUFXzhPXr7E22JMt9BfVel5-MmWetDIb_6wVhQIyYNeAQPWoCopIGjn28ciSE-76rR4J2KaOSOr_B-3hbaU_NRdfEtkMRE6UffJGP_CNCYc_UAPEm8xL3et3U0T0uwtpWWlc3_8q2igP7-wdUABXXSNI9xTO1_1MTJT39Wn9mAX42eF3wNIkvR5oGu_OfsmyTUaxb27B_1W6wyOJ9QePBBP4qIIHPw&sig=Cg0ArKJSzPuhUAyXJzEBEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:12 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:46:12 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7D68 0
0 51ms
51ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstv6DGnAMS-tTMtRP7UDI9sTbbmsVM-GdyCf0fI-H8_ZE6Rn51NdnbhaV7qdtPzVidb1CDsglvb0t9LmRiV6dTSWw4RBIxoA6r1Hlwly579k87Fm7pq5TMxz5wsaDjxn6tvEK8EjcKyzI_XuYK_F0vqPhFM0DRRPJJD4r8iBGImqSM0263Dxg0t2x7m12jk16LI_MzRY1aqG2p5oTFjuF-gcUygpr02FiIXf1NZ9vMHLF-uBDFh9DmSfBlIdtkl9hDt6LBHZUo7ib61_9_1-e50g7EQFgUUVxdySqXGsVOEgAtUspmES9XIVROF95cYjviEpzugH8wmBqxIuygBiLAFF4Qf71-ZvKO2&sig=Cg0ArKJSzHBTf352KkmIEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:12 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:46:12 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2BF1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDmOX-8pE1KxZtQBgYFHG_U&google_cver=1

43 B
1014 B

28ms
28ms

Image
image/gif

104.90.181.210
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDmOX-8pE1KxZtQBgYFHG_U&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYr8jFlQEwAQ&v=APEucNVl8gnMteskHKVtCZCHXFR2Wtwf_syFby4BSZX91wjL-FofrRQ0Hvuesjdpihv8EOSRfjWl97fOZdqJhusmq649PnQmYxinBXdsXmx_pJ-bh_FDHgP10xUGsf7LtTJe3Ju6yADO9bVcTBXBj-fKwJv1JEpulMGv66YFjLf2cPXGgXs3yTkpV-1Zc5OrngR-0rGvr25JOEE7GUsERI_lTrwkEDkrrw
Protocol: HTTP/1.1
Server: 104.90.181.210 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-90-181-210.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:46:12 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 15 Jan 2022 16:46:12 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDmOX-8pE1KxZtQBgYFHG_U&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2BF1
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YeL6VKCtowhFoRAqlQFmRwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDmOX-8pE1KxZtQBgYFHG_U&google_cver=1

43 B
894 B

22ms
21ms

Image
image/gif

104.90.181.210
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDmOX-8pE1KxZtQBgYFHG_U&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYr8jFlQEwAQ&v=APEucNVl8gnMteskHKVtCZCHXFR2Wtwf_syFby4BSZX91wjL-FofrRQ0Hvuesjdpihv8EOSRfjWl97fOZdqJhusmq649PnQmYxinBXdsXmx_pJ-bh_FDHgP10xUGsf7LtTJe3Ju6yADO9bVcTBXBj-fKwJv1JEpulMGv66YFjLf2cPXGgXs3yTkpV-1Zc5OrngR-0rGvr25JOEE7GUsERI_lTrwkEDkrrw
Protocol: HTTP/1.1
Server: 104.90.181.210 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-90-181-210.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:46:12 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 15 Jan 2022 16:46:12 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDmOX-8pE1KxZtQBgYFHG_U&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 2BF1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEH8Svas8JXn-79FhHKa3fsI&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEH8Svas8JXn-79FhHKa3fsI%26google_cver%3D1

43 B
1 KB

23ms
22ms

Image
image/gif

185.33.220.216
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEH8Svas8JXn-79FhHKa3fsI%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYr8jFlQEwAQ&v=APEucNVl8gnMteskHKVtCZCHXFR2Wtwf_syFby4BSZX91wjL-FofrRQ0Hvuesjdpihv8EOSRfjWl97fOZdqJhusmq649PnQmYxinBXdsXmx_pJ-bh_FDHgP10xUGsf7LtTJe3Ju6yADO9bVcTBXBj-fKwJv1JEpulMGv66YFjLf2cPXGgXs3yTkpV-1Zc5OrngR-0rGvr25JOEE7GUsERI_lTrwkEDkrrw

Protocol

HTTP/1.1

Server

185.33.220.216 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

872.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:46:12 GMT
X-Proxy-Origin: 217.114.215.133; 217.114.215.133; 872.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 1bbf59fc-6ef0-427e-8533-8b91d965e6fe
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:46:12 GMT
X-Proxy-Origin: 217.114.215.133; 217.114.215.133; 872.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 72458a2f-dd04-4946-a565-fa4f1926b0a7
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEH8Svas8JXn-79FhHKa3fsI%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2BF1
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzY2NzY0NTg5NDQ4OTkzMzk5NA%3D%3D

170 B
188 B

43ms
42ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzY2NzY0NTg5NDQ4OTkzMzk5NA%3D%3D

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:46:12 GMT
X-Proxy-Origin: 217.114.215.133; 217.114.215.133; 872.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 9098b514-0db5-4e35-8ae0-a0aab1058470
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzY2NzY0NTg5NDQ4OTkzMzk5NA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2560
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDmOX-8pE1KxZtQBgYFHG_U&google_cver=1

43 B
1014 B

46ms
23ms

Image
image/gif

104.90.181.210
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDmOX-8pE1KxZtQBgYFHG_U&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNVL9QfhQdgLz3biG9OsBAuWwBUCBXEPFIarhSbQgMfgy0HXRFQpClink_QghS5sPCohWcB2Lxl0cTWFHtrvHWo49ebZEXRTGK-5dLs1SagY107_QdKoXGEOpCR2ESPfPKDpFgOPILt6dP5wGhbtkyGPbMBcEA2Z27VUzzUHd34regqKTJCwaxdlaOhbVzZdDmtiZVwsW2BXL_POCmHVfw80hj_GHg
Protocol: HTTP/1.1
Server: 104.90.181.210 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-90-181-210.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:46:12 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 15 Jan 2022 16:46:12 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDmOX-8pE1KxZtQBgYFHG_U&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2560
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YeL6VKCtowhFoRAqlQFmRwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDmOX-8pE1KxZtQBgYFHG_U&google_cver=1

43 B
894 B

24ms
24ms

Image
image/gif

104.90.181.210
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDmOX-8pE1KxZtQBgYFHG_U&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNVL9QfhQdgLz3biG9OsBAuWwBUCBXEPFIarhSbQgMfgy0HXRFQpClink_QghS5sPCohWcB2Lxl0cTWFHtrvHWo49ebZEXRTGK-5dLs1SagY107_QdKoXGEOpCR2ESPfPKDpFgOPILt6dP5wGhbtkyGPbMBcEA2Z27VUzzUHd34regqKTJCwaxdlaOhbVzZdDmtiZVwsW2BXL_POCmHVfw80hj_GHg
Protocol: HTTP/1.1
Server: 104.90.181.210 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-90-181-210.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:46:12 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 15 Jan 2022 16:46:12 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDmOX-8pE1KxZtQBgYFHG_U&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 2560
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEH8Svas8JXn-79FhHKa3fsI&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEH8Svas8JXn-79FhHKa3fsI%26google_cver%3D1

43 B
1 KB

34ms
34ms

Image
image/gif

185.33.220.216
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEH8Svas8JXn-79FhHKa3fsI%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNVL9QfhQdgLz3biG9OsBAuWwBUCBXEPFIarhSbQgMfgy0HXRFQpClink_QghS5sPCohWcB2Lxl0cTWFHtrvHWo49ebZEXRTGK-5dLs1SagY107_QdKoXGEOpCR2ESPfPKDpFgOPILt6dP5wGhbtkyGPbMBcEA2Z27VUzzUHd34regqKTJCwaxdlaOhbVzZdDmtiZVwsW2BXL_POCmHVfw80hj_GHg

Protocol

HTTP/1.1

Server

185.33.220.216 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

872.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:46:12 GMT
X-Proxy-Origin: 217.114.215.133; 217.114.215.133; 872.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 0716bc8d-44a6-4ad6-b32e-5cc052fb2119
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:46:12 GMT
X-Proxy-Origin: 217.114.215.133; 217.114.215.133; 872.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 4d595cd9-1e78-422d-8bb5-7b6e3352d7b2
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEH8Svas8JXn-79FhHKa3fsI%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2560
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzY2NzY0NTg5NDQ4OTkzMzk5NA%3D%3D

170 B
188 B

42ms
41ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzY2NzY0NTg5NDQ4OTkzMzk5NA%3D%3D

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:46:12 GMT
X-Proxy-Origin: 217.114.215.133; 217.114.215.133; 872.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 8414c098-9f8c-4a16-9656-68c46172e7a6
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzY2NzY0NTg5NDQ4OTkzMzk5NA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame E9E7 0
0 50ms
49ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst-16JGuuxJzT-QLTKdMbD8P-viAqCAyJ_DpCFUrfYoUFN_1Tl-GAJJrMQi_3F5yDTGO_sL4Xp0WboUOFIAlf3OITj20jeTlf8lJJ1EwKfd92J1pHeooQjGXFU9ZBI4jJE5J-aLKjG1fcrU0_SpP_Z9o1_bwUxSw7isRKlp6BxW136R7NWGBo5jnV-LIeOBXzM-s6wSQF34WHrOKNqBsfH2HzpvzYVkY_uaT3H0iTxEq9Di_Kz0X8dDDi4ZydpyLKzsZWIBs9mdfnyi_vIbNS703B0xVjvatVU5y0CaRnJYHPMTzBteO6vQAvycx9Z8aURSawbhUL15HQTDby43sv_ksX2kDXrGQw&sig=Cg0ArKJSzH5ocTBBpHnjEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:12 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 jstag Show response
us-ads.openx.net/w/1.0/ Frame E9E7 49 KB
18 KB 30ms
30ms Script
text/javascript 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-ads.openx.net/w/1.0/jstag
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.0.0 /
Resource Hash: 6e0f2f29e2e272a9c39fc0ba95adac0edc0cd8f9dd1a49987fcb4f5dd4e868d0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:12 GMT
content-encoding: gzip
server: OXGW/17.0.0
vary: Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: max-age=3600
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18036
expires: Sat, 15 Jan 2022 17:46:12 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E9E7 121 KB
37 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:46:12 GMT

GET
H/1.1 200
OK ma1tq3l10cm4 Show response
hal9000.redintelligence.net/zone/ Frame A1A1 11 KB
4 KB 91ms
21ms Script
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/ma1tq3l10cm4?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC8cNDU_riYZfvK8OV7_UPhsqlsAK1zfmDV5zfuavlDPAuEAEgiIC_FGCV8pyCrAfIAQmpAjTwtOc1J7M-qAMBqgSBAk_Qw8qw5wE7Ha7g29JS-QXz1HF11kPMUMM4EFkhi2OFj6vsD87Jv6J8h3Kp3QcHmkNViixa7pvJVN52vMznloPKDAswfW5SCrC2WKtde2izQlQhwvTWsVCC7OObymhFBxyWmygA8spILKFyT5Bou48Gng5kAQZbYxPLOCcdK8q1h4YEf9Ew-_fzjd9cvBQlhP0naE0DlumVxc3G6bjmoyJ6vuQvTVuKmwExtGTg7G_VZU0WIm-2xjN9cgKpWNsIWn0VIsIFYogJW0vpOQiStWMMzq1ew8iaQ16IcHSGQyTifgpUJblKW8sFptrIKvJVSXiAXqOY84ajNjA4yglHlHv3wASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIgOGAEBABGB2ACgOYCwHICwGADAGwE9yZ6w3QEwDYEwPYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASEuRozl-fpgmeZueD6JqJ9fIPpA%26sig%3DAOD64_1NFG0z-MTlBmf-98ylx5sF6FnqKg%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-DgN8wAP-igVJa7E-5MQe2OG28pwVhTggbI_HjI43CTGWZqr2iqajl5tiwhzjV8RTOGDbIsyZUbwTkdW1cMxgK_rZuvm-p-t9QjSKARfkof7W9MZBSuz201brQX3e8bT42dEQPWax-nFlR7wOGYQUk3_l2DFg%26cry%3D1%26dbm_d%3DAKAmf-AcANq7qfJZrVdbrQwNib-9e5hVdNmqOwFfPDtc0_k_hcocM3oq_9tQL7eiB70L5y8_El8Lf44oEDYPL9Q2XpGjIqN5wWqsuHyNBXf9BDfTcRJa6hmIFaTfo2R3b1a_gI_umFHymR_Jit0s1D2Lxjs7HishTV_9frRLh6Xr_A4q742Z_7F9vgJW9RwXow0NYSCwOeIDfRDW6ROYUs_MHxJevriggZcXQn_RD1cQaATzdqlQOc0d3Z_W9hRJXXR4expdB64l12EAQhs616AsSye_3Iufui4mEHqM_fWpKm4nhvGuiJMTv8Kp0LrSle5XT0x-WIEN4GHL7nOecPFNLjoNgn-ssMrQ4-fJ6h7oOJ-11bKS_8AEAWiQT3XH3ijgHLGzS1rjMavfoGfOc2qldC8Pf2OuuA%26adurl%3D
Requested by: Host: b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com
URL: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 26fed8bb7169b720f1b469a3aa57111caaedc19849e034bb363db2bfac2bc302

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:46:12 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3881
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK 4727t6qteyti Show response
hal9000.redintelligence.net/zone/ Frame EDD7 11 KB
4 KB 89ms
21ms Script
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/4727t6qteyti?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCp1aCU_riYaqfMeKKjuwP0biyyAq1zfmDV_zYuavlDPAuEAEgiIC_FGCV8pyCrAfIAQmpAjTwtOc1J7M-qAMBqgSAAk_QOocKilDNYl2FcctR1IkCFy72v_QVEthqk8fdRRmOR9hDpEpgdaew58oxo3AhKUyw1gw4kdWwcLTQSYQhbJiNtpQr2abe2lDirJSEJgXCcuXBafjevAB0VXn-h8SjWzYIrv2Ywna5FE6PQd5yWakXQUqQS4h-_EVlD8smZAW4DDLuXpK5_RFqfuV5SHWOMMTB0GmKMXcogC7828lH5MwsQRyoUrwAR61Xwb1unIHv5PEajLj7AfoSyx-XTVK3IEH2xgYs2DQ4JyYZZIJAbqaGQafdohM-NdEWXVA0HdsyKKeS_DcpqfOTQig_kwU81v-hEiGqZ33LHrIfmccVDvLABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRousGbHcJ6G1VDH_kxKgPkag%26sig%3DAOD64_25MlZ0oVQky1Q2eNURrKaFiomzkw%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-DBJNbtxMhooN3k_rPRIrmR-rhTRHg08Wrk2MEM112bJP6Z4cbTFqyQQ1CFFcPQcq-AHeIyLcXm4PVR3dIdib1p0-f-sd7cGnPFjJQdH__RoWUgn64gsh7x13zedIEjdoRMg8Pt3LIiUNhn0uzI0dJEPuFv4w%26cry%3D1%26dbm_d%3DAKAmf-CT2l3ni5tbz3bGjDJ-LSIHbWxObwA5ub-urwJ-frlWFpzybnAFY4ukeabO3dSftrCSN0xfQsPR6tWmIsyeXHA6IzqKwgTSa6jXBlpeep_VNsJto9WmLMYUfwWAmQWXUOlkr03Dby6uUNEqehIyEZpbl8bgxKp-5c8-9Df0L6Az0cnWzB9LquvGGQclBKz-FzGcSZpxWRQDAaOcAeNC-2iZToBQy99jpbR2om_OdZrfQsLv90KsCmFE1P4BKjYDFQBQqt7hr6jQxVbNPnfjvxZGhHRfdWNdfyFHlGRGk4ymh0rgqmbGPmpfWu_LhQALwfSrjjwytG7pfGKbnX-1UscX0zemgR90awuULLAFaXqShsiSsG6ZrxSxCXBMflOoV7YWNnrWLLt-AT2D1V832onZxznx1g%26adurl%3D
Requested by: Host: 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com
URL: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: cedff87a7168431a68b8637ab3ea4a7d78601c5d6c52cebf176285141db7853d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:46:12 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3878
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 acj Show response
us-ads.openx.net/w/1.0/ Frame E9E7 284 B
263 B 40ms
40ms Script
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-ads.openx.net/w/1.0/acj?ai=a4cc6828-e0ab-4e9c-a441-58d54ed8601a&o=5414384330&callback=OX_5414384330&ju=https%3A//www2.kusports.com/&jr=http%3A//www2.kusports.com/&auid=537971111&dims=&adxy=&res=1600x1200x24&plg=pm&ch=UTF-8&tz=0&ws=300x250&ifr=1&mt=1&nl=50&ul=137
Requested by: Host: us-ads.openx.net
URL: https://us-ads.openx.net/w/1.0/jstag
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.0.0 /
Resource Hash: 90d8a10390c5e1cb48abd2de30230841e00742f389ced199cfa625440f5f1bab

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
content-encoding: gzip
server: OXGW/17.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 243
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame A336 640 B
316 B 54ms
28ms Document
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNW-UEYNG8jd6v-2AMr73dRKqaVBXXBuW98TS90SD5E_A1WyaTxaN00PWafIKksdaXEqECytElXiRfLcg-hoOSbdjEue4g1ZfEAx5zBuMtIBC3jHKk7vTjMuVBTa8xPhXOnn1n7v8GjyL2PSe86gFk1VIEiSqPdEz1hgf88ranb__1eGkJXdmzbujHbH8YXMkcA_nw2CaGcVt6yhQFLqA2d92LEVxQ

Requested by

Host: 4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com
URL: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 15 Jan 2022 16:46:12 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame E862 24 KB
14 KB 81ms
56ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C4sd352JZm6fMlFFoaPs9HaOgCJIwN3U98QifWP0q8XwN87U0XSklL29lni4yUz2Qa6xoiE8zE18MGG7ZRZ-BfOmrKWPUJxbBLGwMrfcB6XQFmNXWhMmXU2LxQjnk8ThAmhV_6Sx7Sd_b1HB7KQDsUFUwpdg&cry=1&dbm_d=AKAmf-DVJD7tYlz8h3nYM22lY04sP4_7ppihjU_V6N-pQ-x86FPgqxsLEurej9HfHYCFLBYcPbz77FYZ4g-z2NWMdGkm_1WKObPHLdrNToM_raGoxLrnAa8uVNvqynovnvnAg4en-IadyY6ODq0VT0qEf8J6QaEhGbOE9v-MrCvLyZUtz7AH51zrSmUG-UR1OmbbnAmDVdqMYpN9KJf4lb48CXJcrMsGNs6DHI0993u3-4JatQGGEJGxvjbQ4r2e1hW3MS231S7xW2xU3AMJufPKqxoYONfttw13JI-_ltNWNXb07nflLz8HM87iEEl4QDzDtiymFK2ftaolNsPPF1jiam4oguqRtj2gBLWVfNwcXkpLoXtO7MN79Z0WvrCGOeTW0JLN6tV8XJBnW6JiSg8hASLwoIGkMRX0u6Ixx1XrNkNN_kZ32VCfr_K_t_Kty8D50vwqsYrLntq7XmvGz1dOJOv0nIEjUUw_v5oAfmBSRwcTmSMyZ-bNJ6sUmGPsJUC0CoTnOVYs-ttSVTnuj2PXBpn1xHHGyPoUqD9MWEUiKmgK8w9qzu9CPKQ_zxm38KGuleJlkXLRaD9WgHxxQutLcMT1dGkR1T4WgcXk7owsrBIQRprh_BTthrUc9d-_OjqGtVVK3A1qZfAFg1cH1OLlGpoJmcR5oyVbesfVpeia9chfr0yEoPZjPbsmgSJZoVdKb6rxy1TWxH_gklbp6dbJkVVpj8goSRCDGerxXOqcmL2cd7gpz2k7Uxs_b-svgA7Fo48cu_rmaJomTDBwxjCAjw88kqtqr-rQzDJEJOehz3JfNEyP9ZWwWGHepxcdMUBknV4Bx2t62N-yTDUBx4w5uu6WBvC6SdBD4kGpmcwAp4if0pWqNJouJ3ZDznJpb038LWCRcuudj0YX_b0vt9YDxIsia0KBE-AMmG59lqWPs-zPJMqfg9etKyiCAcBaSSaw-kQVOL3SK5iWrcFT7UaeXynCgplSczI8AHiFRhkjfWdR_b5ktZf4iReHO9JZrn6vgIolfOnxsw16Em_t_3iZHio43mNDjyfeK8qHsuUJ9bFMGlsmTLdwbggRg4LRXLfHf_8W2iZ3ng8K3frBGoWr1mfftwoBdcQGxw4C-xrIySe27yZ901teHyy9y86VHrxBvVxKzq63xIV-AWW3PGHPjITR0mKC8vqZdmYVBFtw1UmTUMpP7o9FqcKWBCo7XfOYXY94Lz6lUwXliqCIfmF2cLURHWRqLHKWQosyWm-xcHyzfvbJ_qrwYPou5xjNsemLh2SAHMR0mZoWeNnaCw4eploDarH1LkSWrhnSIw_bLsgn8VjSiUAQqqhI4UBSRnCWXe1NuujYA4LNGsIujwVA9yutnb3WO3bKtlAg3OLL09WFDua0koXOAIkeu9r6xFFP-Z1lsAQkHcF2_PJA-_cz1gArc1CLfYGNLSvjSn4BUQWwAoswGGcLUoWiZhOkPGxaNus1D8061ulth36YSJ1pvtYNXLEAOa96Dvq_5i54jkvlmLBE_DIBoZFKFQETk6qWvzYRVaNWc51qwYgQnRzPu072hygYPGYy_eJRNDhs5v2ZfNcwJO4-FbJfJi5ckbHEuH2CY4Exd_GY12kvg5RUjrTs-YcsdZVwSzy4IMr2NuQ_qbZWwu-OMfuTCQh4esjGb7Ch3LkdAIETUfwTgJ9ogjQIApAu7Kk3WjTPY-WP-oZFvvoweWY3ZKE0bVIkXsgLeeffElsD0aXFf2p_4kv6YP9-TlU1_L8Obx7PX2JwkCKhPCpsu1UZvZPB9Xq7xwKJeNJAtZJ0BU0dUXFgk0NWBGWvnFyjn74PLbB9bwjP7lcTHvDr54SVgeJNc1jeX9-0IXaVBa0aaxqoezYHFWJ6ZCC4IjjXUyEbPptUfIOhAcSd7SFWYxxwmk0dfodP51wx3BeXtJL8tYU3PA3MPZKS2bs8rrJQGXYqZ1mUCIaLAgmbr3EV6JeP4aXUoIgoBJNAwyzs5HH7oSQ4Z8oXSioQsDRyaDrupd_Vq6fHixK1Jw41ggaPribIc_VEN8FsG1A_d2g3ESg90t66EFezbmKsDBQLqOoGHmg2PZE79bBiotATjHQfAMi19e4igw0hfPgQO4qcv6VgTbiFRFV08xSBFc_fQlfkSiuSlvNyi_B9FiR07YwtWK_Q5v-knftwm1xyyiBHDIQjKWJju2k8oKv8uf2aPfucywDecAmsbCAWtXnhiFgcxph29rldtfZrhNNqUP_oZyIyq4uBcnplW6UOT_7QuDT9WnXC5eaeOL8_HXp0f_Wa8CVuzOAKgO_enrvycunijQB4e6AlwNdSLcGWuHjLBdnNIiS77dJDV6I2rZmnUfmyFsJltojpywcKNXHlMYSqJTHdmT877lm21rhzINQjIIXDVN0o0Gh0oOiKO8zTTRCgqkdet2THLQagOMNEXwfJcv8bMqIF7fXzBH4ttvx91rcLs9tdmn0WV2bS4j6UEI4rCLL9XhBERRVb1cVO8qrbZPrrAhFyGDlFaZffmldxTIuZuCkE_5EdDTOdnd1I51z5sPS9W-BESzAubTLXVMEnaGuIvBaqVodUjlR3-6Y2jwlw-UsINSsXTJ2fDYykXOvf_cMu1HISYanfqEA549UQc2uzOL83V_WLnC-8FUgk-apdVmafXgBYeDawSy_Vq9F5Gx32yvudENObaEAEbOjOo06HkqcY4A_ThyA4qYHGtjynAo9zOAZPejpgrXbDpcXWbFsY18VBz5xgjknMjaSVfPtQV9jDWRixkB-LGz3G2JzalEQiLapAMcSGA8s7JM48Q4tQ_aB5cza6jaLvywAeOGtT97mvI_xnN_6MdBeFgqkLgBHHRdSnVneuasRPknUQfb38u06fZJYHZUeAcF5a4pfMBff4fChqbO5OkmDcYEgEHM_8v5T2r7M0wFy4Kokf0iXP7xlCMlnFnwQ1WIQyBsvLfq48Fm8ZgHTTcs8MdtxmCBLqVqqUN6XeurTkcUCfqg1KpUS5iagEsYwULuBwXFCASI-uLdja8rgFJrqWSXCwce3QLX6FmS0kBNVGENs9P_aV5Pad3VgeQZBFjJvAFS14MelFPG4WOcAFEMrFWt6sdAYxWWY-FQ5cQp7pbkea8b8CSDfalqpHx5MjC8skzIegKGF6OjDgVPCfeGj67uhrJA&cid=CAASEuRoroIiPKjCf6dsKu9afwGTvw&rfl=2%2Chttp%253A%252F%252Fwww2.kusports.com%242%2Chttps%253A%252F%252F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%252F%240

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

97a4bf7fc982c52bf4a6843c9849b79b298b178f7044b9826ebd309c4619b864

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14083
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame E862 42 B
63 B 48ms
48ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C6zO1fb4P97FMlRzTJKfFopPLZiyHovYz9QzZkje2Y5ij6gdFH-9tIice4PNKh_ztW7DUYME_kX3dhTHGdQTmgnhE2w1hl7TyvndplbJsMpRq2yeA

Requested by

Host: 4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com
URL: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame E862 2 KB
1 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/window_focus_fy2019.js

Requested by

Host: 4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com
URL: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:43:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 142
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:43:50 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E862 121 KB
37 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com
URL: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:46:12 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame E862 15 KB
6 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com
URL: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:44:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 132
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 5124071950003790117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:44:00 GMT

GET
DATA 200
OK truncated
/ Frame E9E7 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 566b04352d09352a6ce5bdf3846adb8a29fc91878ff39603aeb9a42ec556e3c0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 7FC8 22 KB
8 KB 21ms
19ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 13 Jan 2022 08:14:03 GMT
expires: Fri, 13 Jan 2023 08:14:03 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 203529
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 35A7 22 KB
8 KB 18ms
17ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 13 Jan 2022 08:14:03 GMT
expires: Fri, 13 Jan 2023 08:14:03 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 203529
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 7888 0
9 B 16ms
15ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?nR64QA
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 559D 0
9 B 16ms
16ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?PYVC7A
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame A0BA 0
9 B 16ms
16ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?yS2abw
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 5EE1 0
9 B 16ms
15ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?Hfn3jg
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H/1.1

200
OK

request.php Show response
hal900025.redintelligence.net/ Frame EDD7
Redirect Chain

https://hal900025.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=b4a1fa435f&subid=&uid=be250ebcec86a09e&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900025.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=b4a1fa435f&subid=&uid=be250ebcec86a09e&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

132ms
95ms

Script
application/x-javascript

138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900025.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=b4a1fa435f&subid=&uid=be250ebcec86a09e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCp1aCU_riYaqfMeKKjuwP0biyyAq1zfmDV_zYuavlDPAuEAEgiIC_FGCV8pyCrAfIAQmpAjTwtOc1J7M-qAMBqgSAAk_QOocKilDNYl2FcctR1IkCFy72v_QVEthqk8fdRRmOR9hDpEpgdaew58oxo3AhKUyw1gw4kdWwcLTQSYQhbJiNtpQr2abe2lDirJSEJgXCcuXBafjevAB0VXn-h8SjWzYIrv2Ywna5FE6PQd5yWakXQUqQS4h-_EVlD8smZAW4DDLuXpK5_RFqfuV5SHWOMMTB0GmKMXcogC7828lH5MwsQRyoUrwAR61Xwb1unIHv5PEajLj7AfoSyx-XTVK3IEH2xgYs2DQ4JyYZZIJAbqaGQafdohM-NdEWXVA0HdsyKKeS_DcpqfOTQig_kwU81v-hEiGqZ33LHrIfmccVDvLABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRousGbHcJ6G1VDH_kxKgPkag%26sig%3DAOD64_25MlZ0oVQky1Q2eNURrKaFiomzkw%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-DBJNbtxMhooN3k_rPRIrmR-rhTRHg08Wrk2MEM112bJP6Z4cbTFqyQQ1CFFcPQcq-AHeIyLcXm4PVR3dIdib1p0-f-sd7cGnPFjJQdH__RoWUgn64gsh7x13zedIEjdoRMg8Pt3LIiUNhn0uzI0dJEPuFv4w%26cry%3D1%26dbm_d%3DAKAmf-CT2l3ni5tbz3bGjDJ-LSIHbWxObwA5ub-urwJ-frlWFpzybnAFY4ukeabO3dSftrCSN0xfQsPR6tWmIsyeXHA6IzqKwgTSa6jXBlpeep_VNsJto9WmLMYUfwWAmQWXUOlkr03Dby6uUNEqehIyEZpbl8bgxKp-5c8-9Df0L6Az0cnWzB9LquvGGQclBKz-FzGcSZpxWRQDAaOcAeNC-2iZToBQy99jpbR2om_OdZrfQsLv90KsCmFE1P4BKjYDFQBQqt7hr6jQxVbNPnfjvxZGhHRfdWNdfyFHlGRGk4ymh0rgqmbGPmpfWu_LhQALwfSrjjwytG7pfGKbnX-1UscX0zemgR90awuULLAFaXqShsiSsG6ZrxSxCXBMflOoV7YWNnrWLLt-AT2D1V832onZxznx1g%26adurl%3D&documentReferer=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=7878561870351&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com
URL: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: d0985972aa33739352497b4b484a5576a12d1756a2dfacbccfdec0f9cdcfed81

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:46:12 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 81242400162929400710612011840025
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 1306
Expires: Sat, 15 Jan 2022 16:46:12 +0100

Redirect headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:46:12 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=b4a1fa435f&subid=&uid=be250ebcec86a09e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCp1aCU_riYaqfMeKKjuwP0biyyAq1zfmDV_zYuavlDPAuEAEgiIC_FGCV8pyCrAfIAQmpAjTwtOc1J7M-qAMBqgSAAk_QOocKilDNYl2FcctR1IkCFy72v_QVEthqk8fdRRmOR9hDpEpgdaew58oxo3AhKUyw1gw4kdWwcLTQSYQhbJiNtpQr2abe2lDirJSEJgXCcuXBafjevAB0VXn-h8SjWzYIrv2Ywna5FE6PQd5yWakXQUqQS4h-_EVlD8smZAW4DDLuXpK5_RFqfuV5SHWOMMTB0GmKMXcogC7828lH5MwsQRyoUrwAR61Xwb1unIHv5PEajLj7AfoSyx-XTVK3IEH2xgYs2DQ4JyYZZIJAbqaGQafdohM-NdEWXVA0HdsyKKeS_DcpqfOTQig_kwU81v-hEiGqZ33LHrIfmccVDvLABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRousGbHcJ6G1VDH_kxKgPkag%26sig%3DAOD64_25MlZ0oVQky1Q2eNURrKaFiomzkw%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-DBJNbtxMhooN3k_rPRIrmR-rhTRHg08Wrk2MEM112bJP6Z4cbTFqyQQ1CFFcPQcq-AHeIyLcXm4PVR3dIdib1p0-f-sd7cGnPFjJQdH__RoWUgn64gsh7x13zedIEjdoRMg8Pt3LIiUNhn0uzI0dJEPuFv4w%26cry%3D1%26dbm_d%3DAKAmf-CT2l3ni5tbz3bGjDJ-LSIHbWxObwA5ub-urwJ-frlWFpzybnAFY4ukeabO3dSftrCSN0xfQsPR6tWmIsyeXHA6IzqKwgTSa6jXBlpeep_VNsJto9WmLMYUfwWAmQWXUOlkr03Dby6uUNEqehIyEZpbl8bgxKp-5c8-9Df0L6Az0cnWzB9LquvGGQclBKz-FzGcSZpxWRQDAaOcAeNC-2iZToBQy99jpbR2om_OdZrfQsLv90KsCmFE1P4BKjYDFQBQqt7hr6jQxVbNPnfjvxZGhHRfdWNdfyFHlGRGk4ymh0rgqmbGPmpfWu_LhQALwfSrjjwytG7pfGKbnX-1UscX0zemgR90awuULLAFaXqShsiSsG6ZrxSxCXBMflOoV7YWNnrWLLt-AT2D1V832onZxznx1g%26adurl%3D&documentReferer=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=7878561870351&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Sat, 15 Jan 2022 16:46:12 +0100

GET
H/1.1

200
OK

request.php Show response
hal90008.redintelligence.net/ Frame A1A1
Redirect Chain

https://hal90008.redintelligence.net/request.php?zone=ma1tq3l10cm4&nw=20&renderingType=javascript&namespace=a6b19f6e16&subid=&uid=a1637dc014bd30d7&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90008.redintelligence.net/request.php?zone=ma1tq3l10cm4&nw=20&renderingType=javascript&namespace=a6b19f6e16&subid=&uid=a1637dc014bd30d7&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

4 KB
2 KB

123ms
85ms

Script
application/x-javascript

138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90008.redintelligence.net/request.php?zone=ma1tq3l10cm4&nw=20&renderingType=javascript&namespace=a6b19f6e16&subid=&uid=a1637dc014bd30d7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC8cNDU_riYZfvK8OV7_UPhsqlsAK1zfmDV5zfuavlDPAuEAEgiIC_FGCV8pyCrAfIAQmpAjTwtOc1J7M-qAMBqgSBAk_Qw8qw5wE7Ha7g29JS-QXz1HF11kPMUMM4EFkhi2OFj6vsD87Jv6J8h3Kp3QcHmkNViixa7pvJVN52vMznloPKDAswfW5SCrC2WKtde2izQlQhwvTWsVCC7OObymhFBxyWmygA8spILKFyT5Bou48Gng5kAQZbYxPLOCcdK8q1h4YEf9Ew-_fzjd9cvBQlhP0naE0DlumVxc3G6bjmoyJ6vuQvTVuKmwExtGTg7G_VZU0WIm-2xjN9cgKpWNsIWn0VIsIFYogJW0vpOQiStWMMzq1ew8iaQ16IcHSGQyTifgpUJblKW8sFptrIKvJVSXiAXqOY84ajNjA4yglHlHv3wASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIgOGAEBABGB2ACgOYCwHICwGADAGwE9yZ6w3QEwDYEwPYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASEuRozl-fpgmeZueD6JqJ9fIPpA%26sig%3DAOD64_1NFG0z-MTlBmf-98ylx5sF6FnqKg%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-DgN8wAP-igVJa7E-5MQe2OG28pwVhTggbI_HjI43CTGWZqr2iqajl5tiwhzjV8RTOGDbIsyZUbwTkdW1cMxgK_rZuvm-p-t9QjSKARfkof7W9MZBSuz201brQX3e8bT42dEQPWax-nFlR7wOGYQUk3_l2DFg%26cry%3D1%26dbm_d%3DAKAmf-AcANq7qfJZrVdbrQwNib-9e5hVdNmqOwFfPDtc0_k_hcocM3oq_9tQL7eiB70L5y8_El8Lf44oEDYPL9Q2XpGjIqN5wWqsuHyNBXf9BDfTcRJa6hmIFaTfo2R3b1a_gI_umFHymR_Jit0s1D2Lxjs7HishTV_9frRLh6Xr_A4q742Z_7F9vgJW9RwXow0NYSCwOeIDfRDW6ROYUs_MHxJevriggZcXQn_RD1cQaATzdqlQOc0d3Z_W9hRJXXR4expdB64l12EAQhs616AsSye_3Iufui4mEHqM_fWpKm4nhvGuiJMTv8Kp0LrSle5XT0x-WIEN4GHL7nOecPFNLjoNgn-ssMrQ4-fJ6h7oOJ-11bKS_8AEAWiQT3XH3ijgHLGzS1rjMavfoGfOc2qldC8Pf2OuuA%26adurl%3D&documentReferer=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=2725659489093&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com
URL: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Server: 138.201.63.150 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 23b9cc8583292bf65bcc948442988b792c204328c8a2978bde28deffd59355db

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:46:12 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 17465700169443000710624011840008
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 1311
Expires: Sat, 15 Jan 2022 16:46:12 +0100

Redirect headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:46:12 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=ma1tq3l10cm4&nw=20&renderingType=javascript&namespace=a6b19f6e16&subid=&uid=a1637dc014bd30d7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC8cNDU_riYZfvK8OV7_UPhsqlsAK1zfmDV5zfuavlDPAuEAEgiIC_FGCV8pyCrAfIAQmpAjTwtOc1J7M-qAMBqgSBAk_Qw8qw5wE7Ha7g29JS-QXz1HF11kPMUMM4EFkhi2OFj6vsD87Jv6J8h3Kp3QcHmkNViixa7pvJVN52vMznloPKDAswfW5SCrC2WKtde2izQlQhwvTWsVCC7OObymhFBxyWmygA8spILKFyT5Bou48Gng5kAQZbYxPLOCcdK8q1h4YEf9Ew-_fzjd9cvBQlhP0naE0DlumVxc3G6bjmoyJ6vuQvTVuKmwExtGTg7G_VZU0WIm-2xjN9cgKpWNsIWn0VIsIFYogJW0vpOQiStWMMzq1ew8iaQ16IcHSGQyTifgpUJblKW8sFptrIKvJVSXiAXqOY84ajNjA4yglHlHv3wASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIgOGAEBABGB2ACgOYCwHICwGADAGwE9yZ6w3QEwDYEwPYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASEuRozl-fpgmeZueD6JqJ9fIPpA%26sig%3DAOD64_1NFG0z-MTlBmf-98ylx5sF6FnqKg%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-DgN8wAP-igVJa7E-5MQe2OG28pwVhTggbI_HjI43CTGWZqr2iqajl5tiwhzjV8RTOGDbIsyZUbwTkdW1cMxgK_rZuvm-p-t9QjSKARfkof7W9MZBSuz201brQX3e8bT42dEQPWax-nFlR7wOGYQUk3_l2DFg%26cry%3D1%26dbm_d%3DAKAmf-AcANq7qfJZrVdbrQwNib-9e5hVdNmqOwFfPDtc0_k_hcocM3oq_9tQL7eiB70L5y8_El8Lf44oEDYPL9Q2XpGjIqN5wWqsuHyNBXf9BDfTcRJa6hmIFaTfo2R3b1a_gI_umFHymR_Jit0s1D2Lxjs7HishTV_9frRLh6Xr_A4q742Z_7F9vgJW9RwXow0NYSCwOeIDfRDW6ROYUs_MHxJevriggZcXQn_RD1cQaATzdqlQOc0d3Z_W9hRJXXR4expdB64l12EAQhs616AsSye_3Iufui4mEHqM_fWpKm4nhvGuiJMTv8Kp0LrSle5XT0x-WIEN4GHL7nOecPFNLjoNgn-ssMrQ4-fJ6h7oOJ-11bKS_8AEAWiQT3XH3ijgHLGzS1rjMavfoGfOc2qldC8Pf2OuuA%26adurl%3D&documentReferer=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=2725659489093&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Sat, 15 Jan 2022 16:46:12 +0100

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/ Frame E862 24 KB
9 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C4sd352JZm6fMlFFoaPs9HaOgCJIwN3U98QifWP0q8XwN87U0XSklL29lni4yUz2Qa6xoiE8zE18MGG7ZRZ-BfOmrKWPUJxbBLGwMrfcB6XQFmNXWhMmXU2LxQjnk8ThAmhV_6Sx7Sd_b1HB7KQDsUFUwpdg&cry=1&dbm_d=AKAmf-DVJD7tYlz8h3nYM22lY04sP4_7ppihjU_V6N-pQ-x86FPgqxsLEurej9HfHYCFLBYcPbz77FYZ4g-z2NWMdGkm_1WKObPHLdrNToM_raGoxLrnAa8uVNvqynovnvnAg4en-IadyY6ODq0VT0qEf8J6QaEhGbOE9v-MrCvLyZUtz7AH51zrSmUG-UR1OmbbnAmDVdqMYpN9KJf4lb48CXJcrMsGNs6DHI0993u3-4JatQGGEJGxvjbQ4r2e1hW3MS231S7xW2xU3AMJufPKqxoYONfttw13JI-_ltNWNXb07nflLz8HM87iEEl4QDzDtiymFK2ftaolNsPPF1jiam4oguqRtj2gBLWVfNwcXkpLoXtO7MN79Z0WvrCGOeTW0JLN6tV8XJBnW6JiSg8hASLwoIGkMRX0u6Ixx1XrNkNN_kZ32VCfr_K_t_Kty8D50vwqsYrLntq7XmvGz1dOJOv0nIEjUUw_v5oAfmBSRwcTmSMyZ-bNJ6sUmGPsJUC0CoTnOVYs-ttSVTnuj2PXBpn1xHHGyPoUqD9MWEUiKmgK8w9qzu9CPKQ_zxm38KGuleJlkXLRaD9WgHxxQutLcMT1dGkR1T4WgcXk7owsrBIQRprh_BTthrUc9d-_OjqGtVVK3A1qZfAFg1cH1OLlGpoJmcR5oyVbesfVpeia9chfr0yEoPZjPbsmgSJZoVdKb6rxy1TWxH_gklbp6dbJkVVpj8goSRCDGerxXOqcmL2cd7gpz2k7Uxs_b-svgA7Fo48cu_rmaJomTDBwxjCAjw88kqtqr-rQzDJEJOehz3JfNEyP9ZWwWGHepxcdMUBknV4Bx2t62N-yTDUBx4w5uu6WBvC6SdBD4kGpmcwAp4if0pWqNJouJ3ZDznJpb038LWCRcuudj0YX_b0vt9YDxIsia0KBE-AMmG59lqWPs-zPJMqfg9etKyiCAcBaSSaw-kQVOL3SK5iWrcFT7UaeXynCgplSczI8AHiFRhkjfWdR_b5ktZf4iReHO9JZrn6vgIolfOnxsw16Em_t_3iZHio43mNDjyfeK8qHsuUJ9bFMGlsmTLdwbggRg4LRXLfHf_8W2iZ3ng8K3frBGoWr1mfftwoBdcQGxw4C-xrIySe27yZ901teHyy9y86VHrxBvVxKzq63xIV-AWW3PGHPjITR0mKC8vqZdmYVBFtw1UmTUMpP7o9FqcKWBCo7XfOYXY94Lz6lUwXliqCIfmF2cLURHWRqLHKWQosyWm-xcHyzfvbJ_qrwYPou5xjNsemLh2SAHMR0mZoWeNnaCw4eploDarH1LkSWrhnSIw_bLsgn8VjSiUAQqqhI4UBSRnCWXe1NuujYA4LNGsIujwVA9yutnb3WO3bKtlAg3OLL09WFDua0koXOAIkeu9r6xFFP-Z1lsAQkHcF2_PJA-_cz1gArc1CLfYGNLSvjSn4BUQWwAoswGGcLUoWiZhOkPGxaNus1D8061ulth36YSJ1pvtYNXLEAOa96Dvq_5i54jkvlmLBE_DIBoZFKFQETk6qWvzYRVaNWc51qwYgQnRzPu072hygYPGYy_eJRNDhs5v2ZfNcwJO4-FbJfJi5ckbHEuH2CY4Exd_GY12kvg5RUjrTs-YcsdZVwSzy4IMr2NuQ_qbZWwu-OMfuTCQh4esjGb7Ch3LkdAIETUfwTgJ9ogjQIApAu7Kk3WjTPY-WP-oZFvvoweWY3ZKE0bVIkXsgLeeffElsD0aXFf2p_4kv6YP9-TlU1_L8Obx7PX2JwkCKhPCpsu1UZvZPB9Xq7xwKJeNJAtZJ0BU0dUXFgk0NWBGWvnFyjn74PLbB9bwjP7lcTHvDr54SVgeJNc1jeX9-0IXaVBa0aaxqoezYHFWJ6ZCC4IjjXUyEbPptUfIOhAcSd7SFWYxxwmk0dfodP51wx3BeXtJL8tYU3PA3MPZKS2bs8rrJQGXYqZ1mUCIaLAgmbr3EV6JeP4aXUoIgoBJNAwyzs5HH7oSQ4Z8oXSioQsDRyaDrupd_Vq6fHixK1Jw41ggaPribIc_VEN8FsG1A_d2g3ESg90t66EFezbmKsDBQLqOoGHmg2PZE79bBiotATjHQfAMi19e4igw0hfPgQO4qcv6VgTbiFRFV08xSBFc_fQlfkSiuSlvNyi_B9FiR07YwtWK_Q5v-knftwm1xyyiBHDIQjKWJju2k8oKv8uf2aPfucywDecAmsbCAWtXnhiFgcxph29rldtfZrhNNqUP_oZyIyq4uBcnplW6UOT_7QuDT9WnXC5eaeOL8_HXp0f_Wa8CVuzOAKgO_enrvycunijQB4e6AlwNdSLcGWuHjLBdnNIiS77dJDV6I2rZmnUfmyFsJltojpywcKNXHlMYSqJTHdmT877lm21rhzINQjIIXDVN0o0Gh0oOiKO8zTTRCgqkdet2THLQagOMNEXwfJcv8bMqIF7fXzBH4ttvx91rcLs9tdmn0WV2bS4j6UEI4rCLL9XhBERRVb1cVO8qrbZPrrAhFyGDlFaZffmldxTIuZuCkE_5EdDTOdnd1I51z5sPS9W-BESzAubTLXVMEnaGuIvBaqVodUjlR3-6Y2jwlw-UsINSsXTJ2fDYykXOvf_cMu1HISYanfqEA549UQc2uzOL83V_WLnC-8FUgk-apdVmafXgBYeDawSy_Vq9F5Gx32yvudENObaEAEbOjOo06HkqcY4A_ThyA4qYHGtjynAo9zOAZPejpgrXbDpcXWbFsY18VBz5xgjknMjaSVfPtQV9jDWRixkB-LGz3G2JzalEQiLapAMcSGA8s7JM48Q4tQ_aB5cza6jaLvywAeOGtT97mvI_xnN_6MdBeFgqkLgBHHRdSnVneuasRPknUQfb38u06fZJYHZUeAcF5a4pfMBff4fChqbO5OkmDcYEgEHM_8v5T2r7M0wFy4Kokf0iXP7xlCMlnFnwQ1WIQyBsvLfq48Fm8ZgHTTcs8MdtxmCBLqVqqUN6XeurTkcUCfqg1KpUS5iagEsYwULuBwXFCASI-uLdja8rgFJrqWSXCwce3QLX6FmS0kBNVGENs9P_aV5Pad3VgeQZBFjJvAFS14MelFPG4WOcAFEMrFWt6sdAYxWWY-FQ5cQp7pbkea8b8CSDfalqpHx5MjC8skzIegKGF6OjDgVPCfeGj67uhrJA&cid=CAASEuRoroIiPKjCf6dsKu9afwGTvw&rfl=2%2Chttp%253A%252F%252Fwww2.kusports.com%242%2Chttps%253A%252F%252F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7c55617f84818daf4c70cc10ada26ddd5b582b1d1c2c2829b3220487a6db477

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:41:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 264
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9544
x-xss-protection: 0
server: cafe
etag: 6261108306223674270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:41:48 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame E862 41 KB
15 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 08:14:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 203530
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Jan 2023 08:14:02 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame A336
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEHO1l6kG4sTqLtWPLJuW0Uk&google_cver=1

43 B
61 B

25ms
24ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEHO1l6kG4sTqLtWPLJuW0Uk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNW-UEYNG8jd6v-2AMr73dRKqaVBXXBuW98TS90SD5E_A1WyaTxaN00PWafIKksdaXEqECytElXiRfLcg-hoOSbdjEue4g1ZfEAx5zBuMtIBC3jHKk7vTjMuVBTa8xPhXOnn1n7v8GjyL2PSe86gFk1VIEiSqPdEz1hgf88ranb__1eGkJXdmzbujHbH8YXMkcA_nw2CaGcVt6yhQFLqA2d92LEVxQ
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
via: 1.1 google
server: OXGW/17.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEHO1l6kG4sTqLtWPLJuW0Uk&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame A336 43 B
207 B 30ms
29ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNW-UEYNG8jd6v-2AMr73dRKqaVBXXBuW98TS90SD5E_A1WyaTxaN00PWafIKksdaXEqECytElXiRfLcg-hoOSbdjEue4g1ZfEAx5zBuMtIBC3jHKk7vTjMuVBTa8xPhXOnn1n7v8GjyL2PSe86gFk1VIEiSqPdEz1hgf88ranb__1eGkJXdmzbujHbH8YXMkcA_nw2CaGcVt6yhQFLqA2d92LEVxQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
content-encoding: gzip
server: OXGW/17.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame A336
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEA2_xIOjN1p8PSv_uCfO9zE&google_cver=1

23 B
172 B

87ms
43ms

Image
image/gif

104.90.104.248
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEA2_xIOjN1p8PSv_uCfO9zE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNW-UEYNG8jd6v-2AMr73dRKqaVBXXBuW98TS90SD5E_A1WyaTxaN00PWafIKksdaXEqECytElXiRfLcg-hoOSbdjEue4g1ZfEAx5zBuMtIBC3jHKk7vTjMuVBTa8xPhXOnn1n7v8GjyL2PSe86gFk1VIEiSqPdEz1hgf88ranb__1eGkJXdmzbujHbH8YXMkcA_nw2CaGcVt6yhQFLqA2d92LEVxQ
Protocol: H2
Server: 104.90.104.248 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-90-104-248.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 15 Jan 2022 16:46:12 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEA2_xIOjN1p8PSv_uCfO9zE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame A336 23 B
172 B 144ms
42ms Image
image/gif 104.90.104.248
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNW-UEYNG8jd6v-2AMr73dRKqaVBXXBuW98TS90SD5E_A1WyaTxaN00PWafIKksdaXEqECytElXiRfLcg-hoOSbdjEue4g1ZfEAx5zBuMtIBC3jHKk7vTjMuVBTa8xPhXOnn1n7v8GjyL2PSe86gFk1VIEiSqPdEz1hgf88ranb__1eGkJXdmzbujHbH8YXMkcA_nw2CaGcVt6yhQFLqA2d92LEVxQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.90.104.248 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-90-104-248.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 15 Jan 2022 16:46:12 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame E9E7 0
0 50ms
50ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssYayHVtsbMynbb6pGIoIDBF2YQNIWQUgrkFLdB7AkddKw2WuEd3JXA39F2sz2jIywlSVxWat-qPDltZLIQPZGamr9eTVICaF0IlsIByIXGgQ6_2DDrnGB8Hiz61bB1gw0ZFXwRErMSRf0UWTRUx_8iJIWt4Tikbb5Lz8tLg2QFPDL6Iu-51t76j5BY9WOhcJEBXs9xis0bd6eAZv98qjRlWXp0IGxEZgTE2W3ZtxN7JsRTRvutOVnKyddiUfTHvV_ArMLOKHW9Ul62JOtf16QOgEmLirSEHdSXiwd6xtqdJ6788XX3yuA8r-XOKUQkd22c8XdKsGyw4D50FwSRNpnWCVXxfhkZne9n&sig=Cg0ArKJSzL1x8wooWtftEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:12 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:46:12 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D2A2 0
20 B 52ms
52ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=3891964729167049&bg=!ExClEFTNAAaocxMpqHM7ACkAdvg8WjXATTXu7EyvN7gJ9Fr0UyTnnUyzd5ISI5JzPj6cChW8kJydVgIAAAF4UgAAAARoAQeZAwBEYlNAdqutwf6hEbsJI5_kGYThsPscbKKlmVOWVx8wsRqrPklD5rKFs3sku93BwRjGSIdysnYyy_BzINT4BPDRKTMdCa8jz1GpF9HtQHnMB7EIlGstAAo_oQTZOQffO7A9tth0W-JvCriueC8T4OZoZIySbnLFysziMGHQPRfiwxgeFr3tI_F8HgSm7sqBTWgJw4wPX0rnZsqgtaOosExv8kgUXFWOkM1RqqOL609-s20mNUX2E10CWcwKMsZIogOWc6n6_8KJk-SwkA2EeedPFay5FsEPxtU2qC6g5VUwjit6EmEfZvT-w7JUzhTFvKm13MKYcl2gQ5CLQZaq-RRRNyb3ShFcKEX8jeICWtBiTUCn1a7stSACxOKHR_O_Iy8_eNfnUL8mpzJ_tOniS3nybfDhzcvCnKNwUkOQQXoXYjJxkG_XCYcANvryNdZoyves5b2NLFnSBvaIV18uKbJYrhmb5PEAceR4I08BlqirDwaljocFluh-nIgMXBpPaH8EEIe1gl8OaPVk8F8jGl_Xi150gSGEkBRuIiyrE6hNBlBSTH7egPJGwxFyrNyM7CTTPLz-zEW0gzvoJ8rzn39QSMKwgZDqdsts2gDBr-JcfUFPQfWhtbkyzgFgohMs3HedTM3hlpkysaiYhYRozYbkMI3YqPMgPI5CQOSJDyQCYf2kb1RbEbhm3JBuY_wlg3TtaMe2cnDvBu8zAefloYRlYoLHfdn0vHQ-KHceSAaVa8uKM13YnF1ot1KlZtIN24gOO9z9xUs6qRg6OAxEStgN6fusOPur8NmeqTWtmUwnPBzlR1xCPp3WZNYebtLQN1s0u8d9QaS4mk574DT74cGBKCs1NdpyhL_jcrw3mriqi-WHNiS2KqTmmS7qsHcOoc_2hoGb5YpA7ogAhX8nZiiUHSzAT8jkzYowcZLNyfUZfkpvrzwsAqUgoMJnZA9dSC5ZM9rNOSJhHJr741akfTdvH9GTuDrNQX1cagyddRcfdWsgegIm7q2eoLdMIfhsq5A

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8D9B 0
20 B 51ms
51ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=4383024012816796&bg=!Z2SlZCDNAAaocxMpqHM7ACkAdvg8Wk9hS58r64apfszeUnLLt-PMLWUKTkZGTacSCzHSfo246DKRBAIAAAGvUgAAAARoAQeZAwcBRS9AWGFttXqYV_AGerUcoe_HQH6YllZppj1h5dnPK-g4h4IX3xrluLxrcYxxnIxsjEcivpqQOsf0Y_NspBrndrMQ_cysS6ss-z30jPjjaE7HZm-xYsgezWaWoyNQWgVc29SIyfwOyLsOf3AlhBxJ4ODPSbN0PZt_U-A7dpwHpuhrB9ow1ORajpDYdF_IDiL8V8HXvFDzZirVuSLjHu8LWgXFsusxnHkoqe2cbW1PKHLTTsmXjeLnJCNqbH2FggZyE-dHhF57tgAgI46UMQZ9TqNyAwGrRuSTqcVAoZH1waS7PFTMRq2nXAR0rN5JDVMzpDpWobu3zgHTFCtoo8djQTrH_EDSGJQXR2KvZtWIKWBeMnjGBK0883wdD7AVpX0LQx9HH1pmie3Rw7UsXoCShFqpgx1l1z5wn_z00AFMlu45hlRVq-m9AR-qQKUYTMvrpUXfOK6OWWfijTeDl183P7_qmABM1aiDP9Wschjdy1LrYue_oG0LjVo0WcZNWubp8E7o4H3k8Qlduc2Irj9Oy-gm1rj8ABEAsVD-GPzD-tzCOhQrEjHPMyMvdsGmo2_ZtQQ0fCpEHVU-p17EGLW3N3BG03qmAzv09TWb3chq_-sqEA-3lx9mDdFOELfxmpNqOuOUsfAKkJSpL7aLzJsxcGhzq3Vebe-ZDRLSU_WfB3P1S9wujozunayBZ1bwLMqi23VY82PykEW8n4_B5HOBSqJRvOcmxUPWAEMGamCiX5bANz7Kt9xrFZq5lVd6224RGV_3EwZsOFiJ5WLmqk5ZcQ3ktesR8FkZVugZUxmqe0R_MJNu31T9UjPir1OTUwKPGFZ0h_2Y4Ls4v_wyw-GjIStrBAZKEqgVkU_0wGm100bmK1HspdHgVpnLh5iSzZFHMdsVtpBTitZ468wkq9aVW9jif2H8QAEyQ2BEOJqWjHVIf_f6ItYHpZSYs_rK1m2zPl1ZAO___OMfL8sWu2YFAzlOYNK7k7HI9eTdN3GXAJenWnJ_MmyIDGO6DuQPwOEQq1oafxgr

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 qOjxjXcXCvgvcs-4P0zsCT9Wg6D8_9jxJtnS_OGjMvI.js Show response
pagead2.googlesyndication.com/bg/ Frame 7FC8 35 KB
13 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/qOjxjXcXCvgvcs-4P0zsCT9Wg6D8_9jxJtnS_OGjMvI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8e8f18d77170af82f72cfb83f4cec093f5683a0fcffd8f126d9d2fce1a332f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 19:59:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74780
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13349
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 14 Jan 2023 19:59:52 GMT

GET
H3 200 qOjxjXcXCvgvcs-4P0zsCT9Wg6D8_9jxJtnS_OGjMvI.js Show response
pagead2.googlesyndication.com/bg/ Frame 35A7 35 KB
13 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/qOjxjXcXCvgvcs-4P0zsCT9Wg6D8_9jxJtnS_OGjMvI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8e8f18d77170af82f72cfb83f4cec093f5683a0fcffd8f126d9d2fce1a332f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 19:59:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74780
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13349
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 14 Jan 2023 19:59:52 GMT

GET
H/1.1 200
OK 4727t6qteyti Show response
hal9000.redintelligence.net/zone/ Frame E862 11 KB
4 KB 56ms
20ms Script
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/4727t6qteyti?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCvrFtU_riYbmMKeKf7_UPgsqfoAa1zfmDV_zYuavlDPAuEAEgiIC_FGCV8pyCrAfIAQmpAjTwtOc1J7M-qAMBqgSAAk_QCVZ53bx-78fW3XLkZMHjGSNBaK2wt_C5XIDIuYcLcsvbQ2H4ID-GMMOAq73EyK7Veg8TTd1dEkI6sOCkqCV2l-vJDfFKk3UIcsDwqZKmvNb7pNheGF4eFd96wwEfqIIe5JGHayWjN5lsP64gxjqnj_RzyWogZG1B4A060j20H0HxO87LchPqtK53iWf6RESiCTZhhHVioHq3ofXvnlk3qSHn6D8svpcFTY_spd6Cu5Fv7fSs0eyqQx_7zqUNwPOs6D1Goz8NziPHS4uFFHet-lC_FO3IIyBfvlbw7wpxNsoWiwxHxf7IZ9e5IbJzlsRzfIivOv6IZPGEI45wKnzABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRoroIiPKjCf6dsKu9afwGTvw%26sig%3DAOD64_0SJFaC_x4MmaareCf01T_rlokZPg%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-CehRanKTktAeqTh3qAg7Xc6O0W3GA7XTwbBeaY72y03KkQ2foNs2i-wwY_2fCvKb_qZGp4XAVKG-wJ4S_frZ6261QQmNxK3O4AFMKWVYubafgUP7P9YVkGqC5Pc-VUw8rLBAwztWzB7UFh3qwEqzPX1fewxA%26cry%3D1%26dbm_d%3DAKAmf-DLtRhMBcWsTkTMGzjmgpmocS802jghByrVLGK5-dV4boYbvfx-0LpUf6Bk-3Ldj4m4WWu4YMivz0lEyYA7l0KMMTgICbfivDTNz_DOffkSEtFJNg_L4WnEc58-YxFAteRMHj-sZkS7vT3FeGj1YigeHHjE3dKYZzA7wm0opsGNb_TvVRIIatpbxJXAOKVIigkXOMSwnFP10IG8FaNWTxbx70usphS__c5X_u8bUPiaGv6WO017BHmhqRWPNGaiEOtQa0PP4BzWzcM01qoztmI5dHf36mgwFqkO8sX3jzHdh2UC-nsOm1f5i9Roi7931M0rfHCcq3xmmKxfnDL2UM4S0KHlfd8HA5UwhFkxiRuCIcBpk2NbPK4JkwJrrF3T3ixt2GxW6nSf13pxogpjLzUsB8cPig%26adurl%3D
Requested by: Host: 4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com
URL: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 18ed51fac6f3daf5687ac69a7846cc7ed20362711b965ff622a0cc6367cfb156

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:46:12 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3881
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3EBA 0
20 B 53ms
53ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=1570703855209959&bg=!ZGelZyPNAAaocxMpqHM7ACkAdvg8WntyeXPhxr6Z4E7aJZD8G-nsueJNvpLygNDSJjfNJarb4v0I4gIAAAGfUgAAAANoAQeZAw2flIzQZkb2ffLsg2nfC7DN_i6e9dMJKNhNWDFMY2xIRRymFVY1Irh9t0VoLTmPeZkBXueB1Zp35SASdFWtVlHekGx6vp0uVe3hLX2usoXLBijozw6ILQfyKS9NHxDnj2YQ7T5gKHu03Zw1FPFAvK4N1OgxJRCV6euyG07Qcppc_x7rFmku7Qu-kfhvM5wX2SNpB1DfLe2IOShy2RpF_DX3HDrTeCdw4v9crWlGecNjdEQSJFCRiW-VweWh1_ftMvFWYASzg8qDTkhAajjBxqKmrEw6-JIjIQeGMZ91SLJLvUtVkOaSN6HVu2g3RjQ2sB_QIA5O83RDDgZDSW53_DaBb32OW531MB9PE34fYzSK-aGo0okEzTp1C9edy2nmEI2ueh64l3p2F42Q7zDJEIVMIDETYNRSBiGI8FN-Kda5tgzhBeMxbN4-Qar3QMZFpulsko2rBpqFSZQia_UGznqfAsF0O-ZnMPx1jrbzOEBmCQ_i1OtJ8_fvUnmnpZcra6YpUTIBlnok7PvIppNVilq8F0-NQ2YQu2VA1xFHuZDNm54ZtQq-PvuC_N3wmprPbPzjnljQEbfJotky4Zr9h71gNBuNh_-sC1bKIMJy4dmk97Mq_by4LXdVOD4cAMgwxrgXkw0cOrDHX9av7Wzl9vml8c-g-7ejyNovz6cAFXsp95lfORzm54Z_GUzNXPTo4orJdtgqgrWeE6x8uFQt3PgNuOrF9U51LbFnCahrSxQ9Gj-JEtYxOJzg_w368v2gNB8ogG5jNMQckCOJzOCm0LzbX-XsbU9radwPWr2GCOqefocfezPJGXWWdc906Szwod-ghgPUdEpJIOR68-8tUwdVBrMRc-YZcDz87OwkidxYke8Ol3rPKMxv7bEKkMJLs1GGEN5a7XVqeuQ_SpLGMeDIj1LVPyP4pVwuznmCEuyJN5py35XmPES4CGPqeXx4ARLrkfodkNT8hnxCauKnfl_8Rgar-wXoIYNnDXT5vmQCh3pOgbh4W1yIz6mhS6XTprLQZQ2glLO_JSGiMQXb

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 5D9B 22 KB
8 KB 15ms
15ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 13 Jan 2022 08:14:03 GMT
expires: Fri, 13 Jan 2023 08:14:03 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 203529
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8976 0
20 B 52ms
52ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=1831815141991545&bg=!ERKlElbNAAaocxMpqHM7ACkAdvg8WiTQgQEvatomQtUC94oK3c9UqqHObvabGMZpGVS-SWRLh02BYgIAAAGHUgAAAAJoAQcKAIr8VRLtpje8LH3YhZQkMdlcoyvB-aO0IlzuF3rhZHlWzSUxZsaGEv4avq_UjR9GUZwWnF7Qiu2jN-Z4T7fPy6my5uCn1l9fiTpWvGdCDEE0i2fr7UJBSnnoBWLN5-WgTDfQmh66OASmhHGeKlwhcUw0IaZeiPYsvMQEqtY6kA7g5UKQsq81e-mHxBOZAw6paQ-601RpgOlTltetMA5pDhbLCZQ58QUOIvCflp8VH0bKYVSUqGlPntm4XrQkW8LvZUn7y1H8MG03spmPgL8HjU0xMkFhdbufZqKAwyhWSi-bYzov8Hg_3baddDvw4RV8yLxXofbSraUx3ypatZmsl4jrwEUIL2q3OzxhSxKTutbl1GiZ8TEy5C_3laF4ndQQsdhT9zNq7imkdyuOMuS2X0krndkSkIealYCicWNTdzk7w4OBrgdHJAUERjAj9ui5quscAf9lkdyOiy6SqwzEMoCCuZzO5M6U_OE3QDH1LCKsKWDZKrpwM9vresNJCJ92YUc9w9fldQQEyBaLekDkaYsAdQtT45abuaFWeGJiMsCOeVYQ96_CzPyhRz6uZbpvFcIkpRRd18wIAcOJPN2OeopNhPpMjGmPuXMho6qZ2j5XtU6au_MEHODbDHcYUcjlp7AtTUfKWF-3Y2XKKNdG6MyvdVQ8idH9EAtTNkqas6Bmg95gSCSJyYjC5JNA0S1uYdgomJ_UsgkCkDG7EzhKN5qYhbe4zLSFgEsaTfrRIHVZhup8nicOPgBCU7Iur7nqKhGoF95Zew2_rc_sFqtRNVEjae8YqTN7FFq_y-5aNmzkb44ZOHfgy25tr693TaNWZ5kSRegzvSuYny_3Jnk8urrqfLkRfUpTXk9cd1JWI1yszjwVvSZbZKyEjkA66t0y9emqbvtJrWTSOd7vCTfFtMW0g-s4hFZkPZP47DfDlGYqMYBvp_t9VGVnL45X7OTbrc-iSS2YI8Clfx_Po8K-OP5mpTaQTdv9vhGj-coJAfx7K2SoXh10w2g8ieUxbeWuKgHyQG7S7nD206VR9VXC4SBZUivUTn8aJM4Fcl8sR8D9CuAPR0U4Mb-9wywb1_zKcFbJ7dkl3FHp6v6XcXtjz0QBcd_WKq-1aBqylYktjD4UMAiqYhdHI7xwZYp22eVeVX21pICrHEfzuhnh8_QPiCtDjhQU3eRST-3q64GK1h9OB8Z2ejm-zu0CgMWMOadsM60YKu14--XxAHTHZA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK request.php Show response
hal900021.redintelligence.net/ Frame E862 2 KB
1 KB 3059ms
3001ms Script
application/x-javascript 144.76.238.55
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900021.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=83bc2da85b&subid=&uid=d968c2b418e2bf4d&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCvrFtU_riYbmMKeKf7_UPgsqfoAa1zfmDV_zYuavlDPAuEAEgiIC_FGCV8pyCrAfIAQmpAjTwtOc1J7M-qAMBqgSAAk_QCVZ53bx-78fW3XLkZMHjGSNBaK2wt_C5XIDIuYcLcsvbQ2H4ID-GMMOAq73EyK7Veg8TTd1dEkI6sOCkqCV2l-vJDfFKk3UIcsDwqZKmvNb7pNheGF4eFd96wwEfqIIe5JGHayWjN5lsP64gxjqnj_RzyWogZG1B4A060j20H0HxO87LchPqtK53iWf6RESiCTZhhHVioHq3ofXvnlk3qSHn6D8svpcFTY_spd6Cu5Fv7fSs0eyqQx_7zqUNwPOs6D1Goz8NziPHS4uFFHet-lC_FO3IIyBfvlbw7wpxNsoWiwxHxf7IZ9e5IbJzlsRzfIivOv6IZPGEI45wKnzABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRoroIiPKjCf6dsKu9afwGTvw%26sig%3DAOD64_0SJFaC_x4MmaareCf01T_rlokZPg%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-CehRanKTktAeqTh3qAg7Xc6O0W3GA7XTwbBeaY72y03KkQ2foNs2i-wwY_2fCvKb_qZGp4XAVKG-wJ4S_frZ6261QQmNxK3O4AFMKWVYubafgUP7P9YVkGqC5Pc-VUw8rLBAwztWzB7UFh3qwEqzPX1fewxA%26cry%3D1%26dbm_d%3DAKAmf-DLtRhMBcWsTkTMGzjmgpmocS802jghByrVLGK5-dV4boYbvfx-0LpUf6Bk-3Ldj4m4WWu4YMivz0lEyYA7l0KMMTgICbfivDTNz_DOffkSEtFJNg_L4WnEc58-YxFAteRMHj-sZkS7vT3FeGj1YigeHHjE3dKYZzA7wm0opsGNb_TvVRIIatpbxJXAOKVIigkXOMSwnFP10IG8FaNWTxbx70usphS__c5X_u8bUPiaGv6WO017BHmhqRWPNGaiEOtQa0PP4BzWzcM01qoztmI5dHf36mgwFqkO8sX3jzHdh2UC-nsOm1f5i9Roi7931M0rfHCcq3xmmKxfnDL2UM4S0KHlfd8HA5UwhFkxiRuCIcBpk2NbPK4JkwJrrF3T3ixt2GxW6nSf13pxogpjLzUsB8cPig%26adurl%3D&documentReferer=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=2971851641375&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/4727t6qteyti?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCvrFtU_riYbmMKeKf7_UPgsqfoAa1zfmDV_zYuavlDPAuEAEgiIC_FGCV8pyCrAfIAQmpAjTwtOc1J7M-qAMBqgSAAk_QCVZ53bx-78fW3XLkZMHjGSNBaK2wt_C5XIDIuYcLcsvbQ2H4ID-GMMOAq73EyK7Veg8TTd1dEkI6sOCkqCV2l-vJDfFKk3UIcsDwqZKmvNb7pNheGF4eFd96wwEfqIIe5JGHayWjN5lsP64gxjqnj_RzyWogZG1B4A060j20H0HxO87LchPqtK53iWf6RESiCTZhhHVioHq3ofXvnlk3qSHn6D8svpcFTY_spd6Cu5Fv7fSs0eyqQx_7zqUNwPOs6D1Goz8NziPHS4uFFHet-lC_FO3IIyBfvlbw7wpxNsoWiwxHxf7IZ9e5IbJzlsRzfIivOv6IZPGEI45wKnzABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRoroIiPKjCf6dsKu9afwGTvw%26sig%3DAOD64_0SJFaC_x4MmaareCf01T_rlokZPg%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-CehRanKTktAeqTh3qAg7Xc6O0W3GA7XTwbBeaY72y03KkQ2foNs2i-wwY_2fCvKb_qZGp4XAVKG-wJ4S_frZ6261QQmNxK3O4AFMKWVYubafgUP7P9YVkGqC5Pc-VUw8rLBAwztWzB7UFh3qwEqzPX1fewxA%26cry%3D1%26dbm_d%3DAKAmf-DLtRhMBcWsTkTMGzjmgpmocS802jghByrVLGK5-dV4boYbvfx-0LpUf6Bk-3Ldj4m4WWu4YMivz0lEyYA7l0KMMTgICbfivDTNz_DOffkSEtFJNg_L4WnEc58-YxFAteRMHj-sZkS7vT3FeGj1YigeHHjE3dKYZzA7wm0opsGNb_TvVRIIatpbxJXAOKVIigkXOMSwnFP10IG8FaNWTxbx70usphS__c5X_u8bUPiaGv6WO017BHmhqRWPNGaiEOtQa0PP4BzWzcM01qoztmI5dHf36mgwFqkO8sX3jzHdh2UC-nsOm1f5i9Roi7931M0rfHCcq3xmmKxfnDL2UM4S0KHlfd8HA5UwhFkxiRuCIcBpk2NbPK4JkwJrrF3T3ixt2GxW6nSf13pxogpjLzUsB8cPig%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.238.55 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.55.238.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 33df52041074c387e9c5b1660f5cedc057cca1ece0f7c446c4a898b112003757

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:46:12 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 81424300148569000710612011840021
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 893
Expires: Sat, 15 Jan 2022 16:46:12 +0100

GET
H3 200 qOjxjXcXCvgvcs-4P0zsCT9Wg6D8_9jxJtnS_OGjMvI.js Show response
pagead2.googlesyndication.com/bg/ Frame 5D9B 35 KB
13 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/qOjxjXcXCvgvcs-4P0zsCT9Wg6D8_9jxJtnS_OGjMvI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8e8f18d77170af82f72cfb83f4cec093f5683a0fcffd8f126d9d2fce1a332f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 19:59:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74780
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13349
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 14 Jan 2023 19:59:52 GMT

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 59BE
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=17465700169443000710624011840008&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=17465700169443000710624011840008&actionid=879111&produktid=ratenkredit&dt_url=

0
629 B

206ms
145ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=17465700169443000710624011840008&actionid=879111&produktid=ratenkredit&dt_url=

Requested by

Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request.php?zone=ma1tq3l10cm4&nw=20&renderingType=javascript&namespace=a6b19f6e16&subid=&uid=a1637dc014bd30d7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC8cNDU_riYZfvK8OV7_UPhsqlsAK1zfmDV5zfuavlDPAuEAEgiIC_FGCV8pyCrAfIAQmpAjTwtOc1J7M-qAMBqgSBAk_Qw8qw5wE7Ha7g29JS-QXz1HF11kPMUMM4EFkhi2OFj6vsD87Jv6J8h3Kp3QcHmkNViixa7pvJVN52vMznloPKDAswfW5SCrC2WKtde2izQlQhwvTWsVCC7OObymhFBxyWmygA8spILKFyT5Bou48Gng5kAQZbYxPLOCcdK8q1h4YEf9Ew-_fzjd9cvBQlhP0naE0DlumVxc3G6bjmoyJ6vuQvTVuKmwExtGTg7G_VZU0WIm-2xjN9cgKpWNsIWn0VIsIFYogJW0vpOQiStWMMzq1ew8iaQ16IcHSGQyTifgpUJblKW8sFptrIKvJVSXiAXqOY84ajNjA4yglHlHv3wASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIgOGAEBABGB2ACgOYCwHICwGADAGwE9yZ6w3QEwDYEwPYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASEuRozl-fpgmeZueD6JqJ9fIPpA%26sig%3DAOD64_1NFG0z-MTlBmf-98ylx5sF6FnqKg%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-DgN8wAP-igVJa7E-5MQe2OG28pwVhTggbI_HjI43CTGWZqr2iqajl5tiwhzjV8RTOGDbIsyZUbwTkdW1cMxgK_rZuvm-p-t9QjSKARfkof7W9MZBSuz201brQX3e8bT42dEQPWax-nFlR7wOGYQUk3_l2DFg%26cry%3D1%26dbm_d%3DAKAmf-AcANq7qfJZrVdbrQwNib-9e5hVdNmqOwFfPDtc0_k_hcocM3oq_9tQL7eiB70L5y8_El8Lf44oEDYPL9Q2XpGjIqN5wWqsuHyNBXf9BDfTcRJa6hmIFaTfo2R3b1a_gI_umFHymR_Jit0s1D2Lxjs7HishTV_9frRLh6Xr_A4q742Z_7F9vgJW9RwXow0NYSCwOeIDfRDW6ROYUs_MHxJevriggZcXQn_RD1cQaATzdqlQOc0d3Z_W9hRJXXR4expdB64l12EAQhs616AsSye_3Iufui4mEHqM_fWpKm4nhvGuiJMTv8Kp0LrSle5XT0x-WIEN4GHL7nOecPFNLjoNgn-ssMrQ4-fJ6h7oOJ-11bKS_8AEAWiQT3XH3ijgHLGzS1rjMavfoGfOc2qldC8Pf2OuuA%26adurl%3D&documentReferer=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=2725659489093&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 Mannheim, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sat, 15 Jan 2022 05:46:12 GMT
server: Microsoft-IIS/10.0
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
access-control-allow-origin: *
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Sat, 15 Jan 2022 16:46:12 GMT
content-length: 0

Redirect headers

Server: nginx/1.17.5
Date: Sat, 15 Jan 2022 16:46:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Keep-Alive: timeout=20
X-Powered-By: PHP/7.2.21
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Range, Content-Disposition, Content-Type, Authorization
Access-Control-Allow-Credentials: true
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=17465700169443000710624011840008&actionid=879111&produktid=ratenkredit&dt_url=
Strict-Transport-Security: max-age=63072000;includeSubdomains;preload max-age=15768000
X-IPLB-Request-ID: D972D785:D6D8_91EFC182:01BB_61E2FA54_BC696D9:4418
X-IPLB-Instance: 40027
Cache-control: private

GET
H2

200

/ Show response
adv-srv.office-partner.de/ Frame 0F31
Redirect Chain

https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

930 B
742 B

71ms
17ms

Document
text/html

5.1.80.163
CREOLINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request.php?zone=ma1tq3l10cm4&nw=20&renderingType=javascript&namespace=a6b19f6e16&subid=&uid=a1637dc014bd30d7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC8cNDU_riYZfvK8OV7_UPhsqlsAK1zfmDV5zfuavlDPAuEAEgiIC_FGCV8pyCrAfIAQmpAjTwtOc1J7M-qAMBqgSBAk_Qw8qw5wE7Ha7g29JS-QXz1HF11kPMUMM4EFkhi2OFj6vsD87Jv6J8h3Kp3QcHmkNViixa7pvJVN52vMznloPKDAswfW5SCrC2WKtde2izQlQhwvTWsVCC7OObymhFBxyWmygA8spILKFyT5Bou48Gng5kAQZbYxPLOCcdK8q1h4YEf9Ew-_fzjd9cvBQlhP0naE0DlumVxc3G6bjmoyJ6vuQvTVuKmwExtGTg7G_VZU0WIm-2xjN9cgKpWNsIWn0VIsIFYogJW0vpOQiStWMMzq1ew8iaQ16IcHSGQyTifgpUJblKW8sFptrIKvJVSXiAXqOY84ajNjA4yglHlHv3wASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIgOGAEBABGB2ACgOYCwHICwGADAGwE9yZ6w3QEwDYEwPYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASEuRozl-fpgmeZueD6JqJ9fIPpA%26sig%3DAOD64_1NFG0z-MTlBmf-98ylx5sF6FnqKg%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-DgN8wAP-igVJa7E-5MQe2OG28pwVhTggbI_HjI43CTGWZqr2iqajl5tiwhzjV8RTOGDbIsyZUbwTkdW1cMxgK_rZuvm-p-t9QjSKARfkof7W9MZBSuz201brQX3e8bT42dEQPWax-nFlR7wOGYQUk3_l2DFg%26cry%3D1%26dbm_d%3DAKAmf-AcANq7qfJZrVdbrQwNib-9e5hVdNmqOwFfPDtc0_k_hcocM3oq_9tQL7eiB70L5y8_El8Lf44oEDYPL9Q2XpGjIqN5wWqsuHyNBXf9BDfTcRJa6hmIFaTfo2R3b1a_gI_umFHymR_Jit0s1D2Lxjs7HishTV_9frRLh6Xr_A4q742Z_7F9vgJW9RwXow0NYSCwOeIDfRDW6ROYUs_MHxJevriggZcXQn_RD1cQaATzdqlQOc0d3Z_W9hRJXXR4expdB64l12EAQhs616AsSye_3Iufui4mEHqM_fWpKm4nhvGuiJMTv8Kp0LrSle5XT0x-WIEN4GHL7nOecPFNLjoNgn-ssMrQ4-fJ6h7oOJ-11bKS_8AEAWiQT3XH3ijgHLGzS1rjMavfoGfOc2qldC8Pf2OuuA%26adurl%3D&documentReferer=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=2725659489093&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.1.80.163 , Germany, ASN205948 (CREOLINE-AS, DE),
Reverse DNS: s17177.creolineserver.com
Software: nginx /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/

Response headers

server: nginx
date: Sat, 15 Jan 2022 16:46:12 GMT
content-type: text/html
content-length: 552
x-accel-version: 0.01
last-modified: Thu, 06 May 2021 15:37:28 GMT
etag: "3a2-5c1ab16b3be00-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip

Redirect headers

server: keycdn-engine
date: Sat, 15 Jan 2022 16:46:12 GMT
content-type: text/html
content-length: 162
location: https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
expires: Sat, 22 Jan 2022 16:46:12 GMT
cache-control: max-age=604800
link: <http://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
x-cache: HIT
x-edge-location: defr
access-control-allow-origin: *

GET
H/1.1 200
OK link.html Show response
track.webgains.com/ Frame A1A1 1 KB
2 KB 310ms
137ms Script
text/html 46.236.13.147
PULSANT-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=17465700169443000710624011840008&nw=1
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 6f5eb7661d48a294be311abff67f47fb6d1494d394ab1f57a6370ab9beff8ee3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:46:12 GMT
Last-Modified: Sat, 15 Jan 2022 16:46:12 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 1233
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3

200

activityi;dc_pre=CN3ehcKatPUCFUYeGwod2kcNXw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5393761128647.316 Show response
8019191.fls.doubleclick.net/ Frame 086D
Redirect Chain

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5393761128647.316?
https://8019191.fls.doubleclick.net/activityi;dc_pre=CN3ehcKatPUCFUYeGwod2kcNXw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5393761128647.316?

391 B
345 B

61ms
36ms

Document
text/html

142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8019191.fls.doubleclick.net/activityi;dc_pre=CN3ehcKatPUCFUYeGwod2kcNXw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5393761128647.316?

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

cafe /

Resource Hash

882b8a5ab07c077ca5d4e151cee083b9c9d17edb021c5ef42ba9912766dfad66

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 15 Jan 2022 16:46:12 GMT
expires: Sat, 15 Jan 2022 16:46:12 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 322
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 15 Jan 2022 16:46:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://8019191.fls.doubleclick.net/activityi;dc_pre=CN3ehcKatPUCFUYeGwod2kcNXw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5393761128647.316?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK request_content.php Show response
hal90008.redintelligence.net/ Frame ECEE 7 KB
2 KB 54ms
19ms Document
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90008.redintelligence.net/request_content.php?s=17465700169443000710624011840008&a=123726c4
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request.php?zone=ma1tq3l10cm4&nw=20&renderingType=javascript&namespace=a6b19f6e16&subid=&uid=a1637dc014bd30d7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC8cNDU_riYZfvK8OV7_UPhsqlsAK1zfmDV5zfuavlDPAuEAEgiIC_FGCV8pyCrAfIAQmpAjTwtOc1J7M-qAMBqgSBAk_Qw8qw5wE7Ha7g29JS-QXz1HF11kPMUMM4EFkhi2OFj6vsD87Jv6J8h3Kp3QcHmkNViixa7pvJVN52vMznloPKDAswfW5SCrC2WKtde2izQlQhwvTWsVCC7OObymhFBxyWmygA8spILKFyT5Bou48Gng5kAQZbYxPLOCcdK8q1h4YEf9Ew-_fzjd9cvBQlhP0naE0DlumVxc3G6bjmoyJ6vuQvTVuKmwExtGTg7G_VZU0WIm-2xjN9cgKpWNsIWn0VIsIFYogJW0vpOQiStWMMzq1ew8iaQ16IcHSGQyTifgpUJblKW8sFptrIKvJVSXiAXqOY84ajNjA4yglHlHv3wASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIgOGAEBABGB2ACgOYCwHICwGADAGwE9yZ6w3QEwDYEwPYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASEuRozl-fpgmeZueD6JqJ9fIPpA%26sig%3DAOD64_1NFG0z-MTlBmf-98ylx5sF6FnqKg%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-DgN8wAP-igVJa7E-5MQe2OG28pwVhTggbI_HjI43CTGWZqr2iqajl5tiwhzjV8RTOGDbIsyZUbwTkdW1cMxgK_rZuvm-p-t9QjSKARfkof7W9MZBSuz201brQX3e8bT42dEQPWax-nFlR7wOGYQUk3_l2DFg%26cry%3D1%26dbm_d%3DAKAmf-AcANq7qfJZrVdbrQwNib-9e5hVdNmqOwFfPDtc0_k_hcocM3oq_9tQL7eiB70L5y8_El8Lf44oEDYPL9Q2XpGjIqN5wWqsuHyNBXf9BDfTcRJa6hmIFaTfo2R3b1a_gI_umFHymR_Jit0s1D2Lxjs7HishTV_9frRLh6Xr_A4q742Z_7F9vgJW9RwXow0NYSCwOeIDfRDW6ROYUs_MHxJevriggZcXQn_RD1cQaATzdqlQOc0d3Z_W9hRJXXR4expdB64l12EAQhs616AsSye_3Iufui4mEHqM_fWpKm4nhvGuiJMTv8Kp0LrSle5XT0x-WIEN4GHL7nOecPFNLjoNgn-ssMrQ4-fJ6h7oOJ-11bKS_8AEAWiQT3XH3ijgHLGzS1rjMavfoGfOc2qldC8Pf2OuuA%26adurl%3D&documentReferer=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=2725659489093&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: a27e5998d98661a0c20715938c7bd2db693dc2e692ad6d5d1ba024ebe89a51ec

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/

Response headers

Date: Sat, 15 Jan 2022 16:46:12 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Sat, 15 Jan 2022 16:46:12 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2040
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame A1A1
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=17465700169443000710624011840008
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=17465700169443000710624011840008
https://ad-server.eu/wm/pb/native.png

68 B
312 B

211ms
36ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com
URL: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:51:24 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Sat, 15 Jan 2022 16:46:12 GMT
Server: nginx/1.19.7
X-IPLB-Request-ID: D972D785:D6F0_91EFC182:01BB_61E2FA54_BC97FB4:297E9
X-Powered-By: PHP/7.2.34
X-IPLB-Instance: 40028
Strict-Transport-Security: max-age=63072000;includeSubdomains;preload, max-age=15768000
Content-Type: text/html; charset=UTF-8
Location: https://ad-server.eu/wm/pb/native.png
Cache-control: private
Transfer-Encoding: chunked
Keep-Alive: timeout=20

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame A1A1 43 B
704 B 109ms
40ms Image
image/gif 104.92.94.3
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519595&v=14098&q=379097&r=296283&pref1=17465700169443000710624011840008&pv=1

Requested by

Host: b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com
URL: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.92.94.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-94-3.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:46:12 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame B4E5 1 KB
749 B 16ms
15ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com
URL: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Sat, 15 Jan 2022 13:26:12 GMT
expires: Sun, 16 Jan 2022 13:26:12 GMT
cache-control: public, max-age=86400
age: 12000
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame A1A1 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a83dc53f429c3248845f2813eeebe61a6c65d0a188bfe7d545cc6e2dcb5bd6c0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame D817
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=81242400162929400710612011840025&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=81242400162929400710612011840025&actionid=731824&produktid=businessgiro&dt_url=

0
200 B

183ms
147ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=81242400162929400710612011840025&actionid=731824&produktid=businessgiro&dt_url=

Requested by

Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=b4a1fa435f&subid=&uid=be250ebcec86a09e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCp1aCU_riYaqfMeKKjuwP0biyyAq1zfmDV_zYuavlDPAuEAEgiIC_FGCV8pyCrAfIAQmpAjTwtOc1J7M-qAMBqgSAAk_QOocKilDNYl2FcctR1IkCFy72v_QVEthqk8fdRRmOR9hDpEpgdaew58oxo3AhKUyw1gw4kdWwcLTQSYQhbJiNtpQr2abe2lDirJSEJgXCcuXBafjevAB0VXn-h8SjWzYIrv2Ywna5FE6PQd5yWakXQUqQS4h-_EVlD8smZAW4DDLuXpK5_RFqfuV5SHWOMMTB0GmKMXcogC7828lH5MwsQRyoUrwAR61Xwb1unIHv5PEajLj7AfoSyx-XTVK3IEH2xgYs2DQ4JyYZZIJAbqaGQafdohM-NdEWXVA0HdsyKKeS_DcpqfOTQig_kwU81v-hEiGqZ33LHrIfmccVDvLABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRousGbHcJ6G1VDH_kxKgPkag%26sig%3DAOD64_25MlZ0oVQky1Q2eNURrKaFiomzkw%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-DBJNbtxMhooN3k_rPRIrmR-rhTRHg08Wrk2MEM112bJP6Z4cbTFqyQQ1CFFcPQcq-AHeIyLcXm4PVR3dIdib1p0-f-sd7cGnPFjJQdH__RoWUgn64gsh7x13zedIEjdoRMg8Pt3LIiUNhn0uzI0dJEPuFv4w%26cry%3D1%26dbm_d%3DAKAmf-CT2l3ni5tbz3bGjDJ-LSIHbWxObwA5ub-urwJ-frlWFpzybnAFY4ukeabO3dSftrCSN0xfQsPR6tWmIsyeXHA6IzqKwgTSa6jXBlpeep_VNsJto9WmLMYUfwWAmQWXUOlkr03Dby6uUNEqehIyEZpbl8bgxKp-5c8-9Df0L6Az0cnWzB9LquvGGQclBKz-FzGcSZpxWRQDAaOcAeNC-2iZToBQy99jpbR2om_OdZrfQsLv90KsCmFE1P4BKjYDFQBQqt7hr6jQxVbNPnfjvxZGhHRfdWNdfyFHlGRGk4ymh0rgqmbGPmpfWu_LhQALwfSrjjwytG7pfGKbnX-1UscX0zemgR90awuULLAFaXqShsiSsG6ZrxSxCXBMflOoV7YWNnrWLLt-AT2D1V832onZxznx1g%26adurl%3D&documentReferer=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=7878561870351&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 Mannheim, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sat, 15 Jan 2022 05:46:12 GMT
server: Microsoft-IIS/10.0
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
access-control-allow-origin: *
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Sat, 15 Jan 2022 16:46:12 GMT
content-length: 0

Redirect headers

Server: nginx/1.17.5
Date: Sat, 15 Jan 2022 16:46:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Keep-Alive: timeout=20
X-Powered-By: PHP/7.2.21
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Range, Content-Disposition, Content-Type, Authorization
Access-Control-Allow-Credentials: true
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=81242400162929400710612011840025&actionid=731824&produktid=businessgiro&dt_url=
Strict-Transport-Security: max-age=63072000;includeSubdomains;preload max-age=15768000
X-IPLB-Request-ID: D972D785:D6DE_91EFC182:01BB_61E2FA54_BCA40F5:297E8
X-IPLB-Instance: 40028
Cache-control: private

GET
H2

200

/ Show response
adv-srv.office-partner.de/ Frame 4746
Redirect Chain

https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

930 B
741 B

71ms
18ms

Document
text/html

5.1.80.163
CREOLINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=b4a1fa435f&subid=&uid=be250ebcec86a09e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCp1aCU_riYaqfMeKKjuwP0biyyAq1zfmDV_zYuavlDPAuEAEgiIC_FGCV8pyCrAfIAQmpAjTwtOc1J7M-qAMBqgSAAk_QOocKilDNYl2FcctR1IkCFy72v_QVEthqk8fdRRmOR9hDpEpgdaew58oxo3AhKUyw1gw4kdWwcLTQSYQhbJiNtpQr2abe2lDirJSEJgXCcuXBafjevAB0VXn-h8SjWzYIrv2Ywna5FE6PQd5yWakXQUqQS4h-_EVlD8smZAW4DDLuXpK5_RFqfuV5SHWOMMTB0GmKMXcogC7828lH5MwsQRyoUrwAR61Xwb1unIHv5PEajLj7AfoSyx-XTVK3IEH2xgYs2DQ4JyYZZIJAbqaGQafdohM-NdEWXVA0HdsyKKeS_DcpqfOTQig_kwU81v-hEiGqZ33LHrIfmccVDvLABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRousGbHcJ6G1VDH_kxKgPkag%26sig%3DAOD64_25MlZ0oVQky1Q2eNURrKaFiomzkw%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-DBJNbtxMhooN3k_rPRIrmR-rhTRHg08Wrk2MEM112bJP6Z4cbTFqyQQ1CFFcPQcq-AHeIyLcXm4PVR3dIdib1p0-f-sd7cGnPFjJQdH__RoWUgn64gsh7x13zedIEjdoRMg8Pt3LIiUNhn0uzI0dJEPuFv4w%26cry%3D1%26dbm_d%3DAKAmf-CT2l3ni5tbz3bGjDJ-LSIHbWxObwA5ub-urwJ-frlWFpzybnAFY4ukeabO3dSftrCSN0xfQsPR6tWmIsyeXHA6IzqKwgTSa6jXBlpeep_VNsJto9WmLMYUfwWAmQWXUOlkr03Dby6uUNEqehIyEZpbl8bgxKp-5c8-9Df0L6Az0cnWzB9LquvGGQclBKz-FzGcSZpxWRQDAaOcAeNC-2iZToBQy99jpbR2om_OdZrfQsLv90KsCmFE1P4BKjYDFQBQqt7hr6jQxVbNPnfjvxZGhHRfdWNdfyFHlGRGk4ymh0rgqmbGPmpfWu_LhQALwfSrjjwytG7pfGKbnX-1UscX0zemgR90awuULLAFaXqShsiSsG6ZrxSxCXBMflOoV7YWNnrWLLt-AT2D1V832onZxznx1g%26adurl%3D&documentReferer=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=7878561870351&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.1.80.163 , Germany, ASN205948 (CREOLINE-AS, DE),
Reverse DNS: s17177.creolineserver.com
Software: nginx /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/

Response headers

server: nginx
date: Sat, 15 Jan 2022 16:46:12 GMT
content-type: text/html
content-length: 552
x-accel-version: 0.01
last-modified: Thu, 06 May 2021 15:37:28 GMT
etag: "3a2-5c1ab16b3be00-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip

Redirect headers

server: keycdn-engine
date: Sat, 15 Jan 2022 16:46:12 GMT
content-type: text/html
content-length: 162
location: https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
expires: Sat, 22 Jan 2022 16:46:12 GMT
cache-control: max-age=604800
link: <http://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
x-cache: HIT
x-edge-location: defr
access-control-allow-origin: *

GET
H/1.1 200
OK link.html Show response
track.webgains.com/ Frame EDD7 1 KB
2 KB 298ms
142ms Script
text/html 46.236.13.147
PULSANT-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=81242400162929400710612011840025&nw=1
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: c24504fe9b34ce21928481d553fc45f0953a457c992669d2e43ae2e1d7fd808b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:46:13 GMT
Last-Modified: Sat, 15 Jan 2022 16:46:13 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 1233
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3

200

activityi;dc_pre=CPLhhcKatPUCFQidhQodybQL_Q;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2989694414256.576 Show response
8019191.fls.doubleclick.net/ Frame 616E
Redirect Chain

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2989694414256.576?
https://8019191.fls.doubleclick.net/activityi;dc_pre=CPLhhcKatPUCFQidhQodybQL_Q;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2989694414256.576?

391 B
344 B

195ms
174ms

Document
text/html

142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8019191.fls.doubleclick.net/activityi;dc_pre=CPLhhcKatPUCFQidhQodybQL_Q;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2989694414256.576?

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

cafe /

Resource Hash

857041d7b1555e8d5527928f733b9c52b11d149c95b8fd4ae87ccb781ec84119

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 15 Jan 2022 16:46:12 GMT
expires: Sat, 15 Jan 2022 16:46:12 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 321
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 15 Jan 2022 16:46:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://8019191.fls.doubleclick.net/activityi;dc_pre=CPLhhcKatPUCFQidhQodybQL_Q;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2989694414256.576?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK request_content.php Show response
hal900025.redintelligence.net/ Frame E6BC 7 KB
2 KB 55ms
19ms Document
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900025.redintelligence.net/request_content.php?s=81242400162929400710612011840025&a=a646e1c7
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=b4a1fa435f&subid=&uid=be250ebcec86a09e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCp1aCU_riYaqfMeKKjuwP0biyyAq1zfmDV_zYuavlDPAuEAEgiIC_FGCV8pyCrAfIAQmpAjTwtOc1J7M-qAMBqgSAAk_QOocKilDNYl2FcctR1IkCFy72v_QVEthqk8fdRRmOR9hDpEpgdaew58oxo3AhKUyw1gw4kdWwcLTQSYQhbJiNtpQr2abe2lDirJSEJgXCcuXBafjevAB0VXn-h8SjWzYIrv2Ywna5FE6PQd5yWakXQUqQS4h-_EVlD8smZAW4DDLuXpK5_RFqfuV5SHWOMMTB0GmKMXcogC7828lH5MwsQRyoUrwAR61Xwb1unIHv5PEajLj7AfoSyx-XTVK3IEH2xgYs2DQ4JyYZZIJAbqaGQafdohM-NdEWXVA0HdsyKKeS_DcpqfOTQig_kwU81v-hEiGqZ33LHrIfmccVDvLABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRousGbHcJ6G1VDH_kxKgPkag%26sig%3DAOD64_25MlZ0oVQky1Q2eNURrKaFiomzkw%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-DBJNbtxMhooN3k_rPRIrmR-rhTRHg08Wrk2MEM112bJP6Z4cbTFqyQQ1CFFcPQcq-AHeIyLcXm4PVR3dIdib1p0-f-sd7cGnPFjJQdH__RoWUgn64gsh7x13zedIEjdoRMg8Pt3LIiUNhn0uzI0dJEPuFv4w%26cry%3D1%26dbm_d%3DAKAmf-CT2l3ni5tbz3bGjDJ-LSIHbWxObwA5ub-urwJ-frlWFpzybnAFY4ukeabO3dSftrCSN0xfQsPR6tWmIsyeXHA6IzqKwgTSa6jXBlpeep_VNsJto9WmLMYUfwWAmQWXUOlkr03Dby6uUNEqehIyEZpbl8bgxKp-5c8-9Df0L6Az0cnWzB9LquvGGQclBKz-FzGcSZpxWRQDAaOcAeNC-2iZToBQy99jpbR2om_OdZrfQsLv90KsCmFE1P4BKjYDFQBQqt7hr6jQxVbNPnfjvxZGhHRfdWNdfyFHlGRGk4ymh0rgqmbGPmpfWu_LhQALwfSrjjwytG7pfGKbnX-1UscX0zemgR90awuULLAFaXqShsiSsG6ZrxSxCXBMflOoV7YWNnrWLLt-AT2D1V832onZxznx1g%26adurl%3D&documentReferer=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=7878561870351&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 4e6e5361585f92082157908f64a8d9829cced7a8af27c3ca91717b1c89ee7376

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/

Response headers

Date: Sat, 15 Jan 2022 16:46:12 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Sat, 15 Jan 2022 16:46:12 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2075
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame EDD7
Redirect Chain

https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=81242400162929400710612011840025
https://ad-server.eu/wm/pb/native.png

68 B
312 B

198ms
36ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com
URL: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:51:24 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Sat, 15 Jan 2022 16:46:12 GMT
Server: nginx/1.17.5
X-IPLB-Request-ID: D972D785:D6E4_91EFC182:01BB_61E2FA54_BC6AB10:4417
X-Powered-By: PHP/7.2.21
X-IPLB-Instance: 40027
Strict-Transport-Security: max-age=63072000;includeSubdomains;preload, max-age=15768000
Content-Type: text/html; charset=UTF-8
Location: https://ad-server.eu/wm/pb/native.png
Cache-control: private
Transfer-Encoding: chunked
Keep-Alive: timeout=20

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame EDD7 43 B
704 B 72ms
44ms Image
image/gif 104.92.94.3
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519595&v=14098&q=379097&r=296283&pref1=81242400162929400710612011840025&pv=1

Requested by

Host: 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com
URL: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.92.94.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-94-3.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:46:12 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 641E 1 KB
749 B 15ms
15ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com
URL: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Sat, 15 Jan 2022 13:26:12 GMT
expires: Sun, 16 Jan 2022 13:26:12 GMT
cache-control: public, max-age=86400
age: 12000
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame EDD7 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2216c784a7bc43a18d75912086d025ebb405e3383fc629112c2761204e9e9257

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7FC8 0
20 B 51ms
51ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BXd3FVPriYau_CNXggAfFopjAAQAAAAA4AeAEAg&bg=!REelRwPNAAaocxMpqHM7ACkAdvg8Wh0bPAxhJ3QRUHUK4IMlc7cijYFfjrIrygBfJuoJtjlQLuVGhgIAAADIUgAAAAJoAQeZA1qVu9lwtGmg2kCayt3-yad9w0z9O2U0iJh12AqPmM2K2ATLiB4UJt1qk8oVu7edtacgGr3UaEGvMb2T4q2rXwmuUbRxUCRVnsffXRwIX5UA2JpOvVf5Ww3yFol_yOoTt3fESit1C81uVvlOBQ-rBsaaZt2dovzCIErggEqOfM4J7NNM56kIs2zylTSK4iHJTstb2yMcXN822LVUvdWGeoFiAVMRs9MKH-3dpLBHl5AP9RRJAbRu5agbmDKqRJwHNptDephkPg0bV6oom1W3kiEn7rleS7Wbs8xN_Xo6Vf6wOPi04kYaiCGBk7svwhXR8kv816boW0rP9Y88TmVJ0NM_WY6VusASVl-nvcKzPkB9JsLY5W9_0YrooI4jLr1MH4S82Mn9Qy-u2fLMSZO5b6KqAdogCXGAYZcXr5IxCJ_-CHf3Atd-lxfa8s_jc5bxPHOnI4kOQngQoFh6AOrfVQJBT_T_E6TFMX1caZWZAkz7S0HfyrfAY-pUNCmSIasykj2LsUCnm3tSnEgeIqz6XIJ_7a0WqcoeNFldVY_P-IcLYV8mnOzJ8feoTkW4hNHtRqPsVQOrdyC003yxBWNDuq37Wzzy158pOFyi_Ztr0wrRRzED5my82drEDhndwVKGboKgkwh7QgYmCCFfpbVVAWM7UHp4ZAAgKhuFk0MyN7Nc1GNOX3rNIGUjgTkaM5b6GpdOtqG-sZ6B1_cEd49UUQTAL7yTErK5Tu4DBpD2qY1Jur5VNE40YrJt00dtNkbWYVPUp3rZNnfmU0ANkqKMCAody-niqoDFjUmcgOB809k-tUrWNhRCR7TIy0sDeRs0gw3q17R34WYTkbnE3Bjt-t7s14jujXMOPV73c_kEgH5jdk3I_CVR0MiazotzHt74hX473fP-dhCm5vm-jAReJTIvLkL2rtUfyOZsCQdMBZ8XAc3l6WGJ0xVRI9rc06yNu5AG4ejri_zGdtVT74TZhlVQ5FeYJrnxY_P3lMDPTFHWvwcH49xq8vUhCixP1GKYnNitqw4xWWLV_C0D_UY8xSz4cCsBw6anpxyz_rCPpdDOKRzWxA3EUI2C3V_kY07HhLBHzx4KlAuxPawYAF8Qx0QSrkYbf2iCWjFVw0midKOi1v2UhWozlillr7o

Requested by

Host: b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com
URL: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame ECEE 4 KB
1 KB 65ms
25ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=17465700169443000710624011840008&a=123726c4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ad246d47536dacf0256646042ec184678bfc630fcb638d9199bd66cf8cb5e457

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 15 Jan 2022 14:48:09 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 15 Jan 2022 16:46:12 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 15 Jan 2022 16:46:12 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame ECEE 92 KB
92 KB 193ms
158ms Image
image/png 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=300&height=150&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/postbank_pool_privatkredit_1200x627.jpg
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=17465700169443000710624011840008&a=123726c4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: ccbbfe34587b9216ec92730b773d6d7d9475245deb57b51c2de33b4e75d9b4ec

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:46:12 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Apache
Connection: close
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame ECEE 76 KB
77 KB 106ms
69ms Image
image/png 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=300&height=150&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=17465700169443000710624011840008&a=123726c4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e34b90ed73f1affbb41c4e045406f6622cefa8bb1273ad16f711702bf724b6e5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:46:12 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Apache
Connection: close
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame ECEE 79 KB
79 KB 128ms
88ms Image
image/png 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=300&height=150&url=https://cdn.contentspread.net/24i/advertiser/3839/creativesup/father_daughter_1200x627.jpg
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=17465700169443000710624011840008&a=123726c4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: d8d3e3a5bf96a290c869d63b852d4a75519fe19b22b20a4ffe063e83233afe89

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:46:12 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Apache
Connection: close
Transfer-Encoding: chunked
Content-Type: image/png

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8D9B 42 B
64 B 51ms
51ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvkQH7zBbFVVZrPsBpUtUy3YGmBbOA-1yd1W90tl2u_sbNTseekw-_VgJM0AtjNtVrqapm61RBe5KG4cQshbJOfyn-U-f3jwasThkseKt2tgiASnLoV&sig=Cg0ArKJSzJZiQNbNokUkEAE&id=lidar2&mcvt=1010&p=845,990,1095,1290&mtos=1010,1010,1010,1010,1010&tos=1010,0,0,0,0&v=20220112&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=19&adk=2978949804&rs=4&la=0&cr=0&vs=4&r=v&rst=1642265171023&rpt=877&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8976 42 B
64 B 83ms
82ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvw9hyDi7niig9IuRJzOlE_XKZ_N0k9cow3pge-X1l1bJ7hONBoq_AjEOZpqaU83EI45DzsSLBHeq-NaZ4D6hvaeCT3gHGnutDXciQDvL6rqnq5N7mv&sig=Cg0ArKJSzPeTeJ1_kPGMEAE&id=lidar2&mcvt=1011&p=90,436,180,1164&mtos=1011,1011,1011,1011,1011&tos=1011,0,0,0,0&v=20220112&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=19&adk=3960793290&rs=4&la=0&cr=0&vs=4&r=v&rst=1642265170818&rpt=1075&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 35A7 0
20 B 52ms
51ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B6CaaVPriYY-zCIeW9u8PlZyamA8AAAAAOAHgBAI&bg=!QkGlQQXNAAaocxMpqHM7ACkAdvg8WrWdtsVoV7_1dJ5SxwUH539_U9LdBzsYHt3Xm0v27OjpKbPuPgIAAADjUgAAAAJoAQeZA1FQdYlOoqTRFrY5VRgkJVQEV2LQ9tVYIBqmLWNIfOQ-tLdQyeJTrNYrx15OFjIIksgf4c2zhMngf4A_kqsHTqpqOsIJuPeDHYYmVIgXkvHp9v8ncGXgTrXn9VbEYu4xsL1ccZ5j4ZBF2f3fqc67dAk8UIHcWaTTqo1u0Jhb72C4rd0U1A3PpsX0ujpMRD37jidETDBrIv-hd1g8ZhgKfcSqX7PkC2RVCrnsc_NS6RPMj0uSrmENdmGibtOis_YRZSU1JHQ4Dnzzt68IOWJ9hDt-kea1owI-UtE-B6J6i_XtlRqxE9mDVnIf0ayIAsFfB8sYN1T2ay6cA6mynnUAH_iQUUjJHsDVDgiC2BiOGWJqc8ru72a33vpO8Og9Z_r8toie4GRLCU50wgjZ5Jc1tW4Deuh-daoActtnjXKZQBS8guGYUogjfVg4PMc438eP9j18YAzClAfjEs1-KJvdd98M7mT89pzp7FkiKCPeqlOWftPB7Qru0l6BrIfh1LzRz8Yj33OcInqeisHokLQuvszY4tclWTQqjhj_fiTs49Ig5CBFpqbS0BRDmDCY0Abjqql_q9OEY_3i3GYXt5A6WbcfhbOf0c0MPO6Jq055MFpMNr14GJns70oHxMBn2r5BJ4QKLKKWkZqVyVCJxs5u894MrluA7CWkJuMShW2NLIOfi1yzezLnxrLQxwKnSMtuDAp4TrmI9yIW_aIc4kju6DgueJOcoaiS9S0nxfINgAz2KoNbOh9myEkH5EMkie4_f8ixJZFNFNFAZQYNGIx3hPvosGZqYOcElqnZsNngpa5pUkV4Ufg0d0bCNKbLbPPdnzSQJGVS1I4k8CMl6UIKplcIOn2__YULYQ_RZd-d1JOYmQLGoy7rIoeVagiLGJERhYjBIpileeyMlqZRydPkBOV4PFq3z6wQ52x188FvW6Nb32-WhwF1h_kMMsx-fef5cOnYt_tYxbFMbQwsgYUBqYc5s6Q8T2UBj6OYigPySKjlq66HN_N_-xrxZQFMbJv0IM7iXNqVZA69HfAAF3AfhRc1Fo943PdG58InSp5uWZhqBwuXebEH8-Rs1UPKbbR-rqgRhMyXh03nYOfhdpgXGaN45Re8lWB5kEH7Zq3cicwFS7o

Requested by

Host: 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com
URL: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame E6BC 1 KB
492 B 48ms
25ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=81242400162929400710612011840025&a=a646e1c7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9c1521286e7dd2d6f8c2262b15bca8867bcae973a83879accdd00e1cb9831e5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900025.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 15 Jan 2022 14:58:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 15 Jan 2022 16:46:12 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 15 Jan 2022 16:46:12 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame E6BC 16 KB
16 KB 56ms
19ms Image
image/png 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/pb_goldschmied_1200x627.jpg
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=81242400162929400710612011840025&a=a646e1c7
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 798887e5cbeee3b6c08e9f0457e3e2835fa8ed597d1ef9790b8eaaa7e5037ddf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900025.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:46:12 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16465
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame E6BC 16 KB
16 KB 58ms
20ms Image
image/png 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=81242400162929400710612011840025&a=a646e1c7
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 27fc5c9aa4e536997504db13ac60a2fd93818a7c2b6a99d7343cc25ee18f565e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900025.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:46:12 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16531
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame E6BC 17 KB
17 KB 59ms
20ms Image
image/png 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/3839/creativesup/father_daughter_1200x627.jpg
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=81242400162929400710612011840025&a=a646e1c7
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: eec52c7d12e973096b88a50d8988890a90fef401ef8f4050fecf6252b7b36a64

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900025.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:46:12 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16857
Vary: Accept-Encoding
Content-Type: image/png

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B4E5
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEMBOv99iJtQJDvHH0HV622c&google_cver=1&google_push=AYg5qPKlpkL68ZANQ0g0xU5wpPR93jtqKplxv-mhyTKwSxjPvRyqVQyyK8qZoDIF18IAxtrdBnP8kEXcrTrGFfNo...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPKlpkL68ZANQ0g0xU5wpPR93jtqKplxv-mhyTKwSxjPvRyqVQyyK8qZoDIF18IAxtrdBnP8kEXcrTrGFfNoOo8k1zpFfu7Z

170 B
188 B

45ms
45ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPKlpkL68ZANQ0g0xU5wpPR93jtqKplxv-mhyTKwSxjPvRyqVQyyK8qZoDIF18IAxtrdBnP8kEXcrTrGFfNoOo8k1zpFfu7Z

Requested by

Host: b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com
URL: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 15 Jan 2022 16:46:13 GMT
Server: MT3 4133 baa842e master zrh-pixel-x10 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPKlpkL68ZANQ0g0xU5wpPR93jtqKplxv-mhyTKwSxjPvRyqVQyyK8qZoDIF18IAxtrdBnP8kEXcrTrGFfNoOo8k1zpFfu7Z
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 15 Jan 2022 16:46:12 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame B4E5 70 B
264 B 41ms
39ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESENqMxwEnNBHQlzSrjIl9_HA&google_cver=1&google_push=AYg5qPKQKUwx0tqJmgs5rKK8RlcyIhK1dSuTJii9ImkuZoJaIzpxvIxWHzqx0R2pHjLP94enckgcyG7sULOSxnOHzDKXTnFykh5r
Requested by: Host: b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com
URL: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B4E5
Redirect Chain

https://fksnk.com/cs/google?google_gid=CAESEH_h84emGnIOelv-bhqKWiY&google_cver=1&google_push=AYg5qPLY8VLf7IdrDTMj124EsegTh8dlvGQP1bGZTEDgwhiSA0LUht53eaIECxu0_Nng8XsIlPHkcWUxS_DQ3zvyP7bQID7iGBkO
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=QTE1ODA4M0M1Mjk4NDhDRg==

170 B
188 B

45ms
45ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=QTE1ODA4M0M1Mjk4NDhDRg==

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=QTE1ODA4M0M1Mjk4NDhDRg==
date: Sat, 15 Jan 2022 16:46:13 GMT
content-language: en-US
content-type: text/html;charset=ISO-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B4E5
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESELsQyuw4f-stzhzbodWXikM&google_cver=1&google_push=AYg5qPKOGqXoJYdCG-EQgmQCOvDh_FvcgQ8-3YaUIJnau_RmmoSHzN0WyG4Q0x4W63Uc0DKL6ftTkI7Ay0KBlvzA...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=p1mLQiACSBGi4j809dxpVA2&google_push=AYg5qPKOGqXoJYdCG-EQgmQCOvDh_FvcgQ8-3YaUIJnau_RmmoSHzN0WyG4Q0x4W63Uc0DKL6ftTkI7Ay0KBlvzAtskRpUfY2giz

170 B
188 B

46ms
46ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=p1mLQiACSBGi4j809dxpVA2&google_push=AYg5qPKOGqXoJYdCG-EQgmQCOvDh_FvcgQ8-3YaUIJnau_RmmoSHzN0WyG4Q0x4W63Uc0DKL6ftTkI7Ay0KBlvzAtskRpUfY2giz

Requested by

Host: b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com
URL: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 15 Jan 2022 16:46:12 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.15.12
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=p1mLQiACSBGi4j809dxpVA2&google_push=AYg5qPKOGqXoJYdCG-EQgmQCOvDh_FvcgQ8-3YaUIJnau_RmmoSHzN0WyG4Q0x4W63Uc0DKL6ftTkI7Ay0KBlvzAtskRpUfY2giz
x-host: tde-deliveryengine-production-78c5c78457-hk7ht
alt-svc: clear
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B4E5
Redirect Chain

https://a.c.appier.net/gcm?google_gid=CAESEEJythMgl24bv6WxPbsu5HM&google_cver=1&google_push=AYg5qPKR_N8RyVswxnEY6JWvQZaRkx2GzDRUwQg7_EcZXw3_yLsrI5RTIt8J_1Fqkepq2HVVCHt52wzbAqgQSqRvvn-TtE8KI8l8
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=NUk0Tzk1bVVEaGlaSVNGZFZmcmlZUQ%3D%3D&google_push=AYg5qPKR_N8RyVswxnEY6JWvQZaRkx2GzDRUwQg7_EcZXw3_yLsrI5RTIt8J_1Fqkepq2HVVCHt52wzbAqgQS...

170 B
188 B

43ms
42ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=NUk0Tzk1bVVEaGlaSVNGZFZmcmlZUQ%3D%3D&google_push=AYg5qPKR_N8RyVswxnEY6JWvQZaRkx2GzDRUwQg7_EcZXw3_yLsrI5RTIt8J_1Fqkepq2HVVCHt52wzbAqgQSqRvvn-TtE8KI8l8

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=NUk0Tzk1bVVEaGlaSVNGZFZmcmlZUQ%3D%3D&google_push=AYg5qPKR_N8RyVswxnEY6JWvQZaRkx2GzDRUwQg7_EcZXw3_yLsrI5RTIt8J_1Fqkepq2HVVCHt52wzbAqgQSqRvvn-TtE8KI8l8
date: Sat, 15 Jan 2022 16:46:13 GMT
cache-control: no-store
server: nginx
content-type: text/html; charset=utf-8
content-length: 243
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

GET
H2 204 /
cc.adingo.jp/adx/push/ Frame B4E5 0
44 B 779ms
255ms Image
text/plain 54.92.96.182
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.adingo.jp/adx/push/?google_gid=CAESEOR57ksIRSwzy5ySfqNd8zg&google_cver=1&google_push=AYg5qPJBpKmD1Le4GgwiNlm0dC6zP5rH9ZL0GN04K2TunRNjrSOI1hReC6MSpebYDeCORynN9fo-Qk69hVEKLoAnsQ9HI3mB3k2q
Requested by: Host: b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com
URL: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.92.96.182 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-92-96-182.ap-northeast-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:13 GMT
server: awselb/2.0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B4E5
Redirect Chain

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEMknQmXofPJ_HIUbZqdw_Ak&google_cver=1&google_push=AYg5qPII4khjOtlW5O-tQnb3ZJkAeG8DhZCOaw-Xy3KXmdFzLfwYNGv-FrJiiPipbiEG37IK5QLFkbpC6ubw1BdyORBkFse...
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPII4khjOtlW5O-tQnb3ZJkAeG8DhZCOaw-Xy3KXmdFzLfwYNGv-FrJiiPipbiEG37IK5QLFkbpC6ubw1BdyORBkFse1xq_WRA&google_hm=MjAzOTc1M...

170 B
188 B

44ms
43ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPII4khjOtlW5O-tQnb3ZJkAeG8DhZCOaw-Xy3KXmdFzLfwYNGv-FrJiiPipbiEG37IK5QLFkbpC6ubw1BdyORBkFse1xq_WRA&google_hm=MjAzOTc1MTEwOTQ3NDM3OTc5Ng==

Requested by

Host: b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com
URL: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPII4khjOtlW5O-tQnb3ZJkAeG8DhZCOaw-Xy3KXmdFzLfwYNGv-FrJiiPipbiEG37IK5QLFkbpC6ubw1BdyORBkFse1xq_WRA&google_hm=MjAzOTc1MTEwOTQ3NDM3OTc5Ng==
Date: Sat, 15 Jan 2022 16:46:13 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame B4E5 0
12 B 24ms
23ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KNPObHOicDi8akXkx3My-RO3qMZkTPAR1Fn8ZaOQAHzYNI0NTmhclNuRKS5FU5hKID6Oss-A

Requested by

Host: b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com
URL: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:12 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 641E
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEMBOv99iJtQJDvHH0HV622c&google_cver=1&google_push=AYg5qPKmP5yF8mzOd73dOouWBjj0DZnjUa4IdH7V6xq_E5bfQlwDKB_caqvv0IvLuxPdVNV0z7-asiNUsZM5Z7L5...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPKmP5yF8mzOd73dOouWBjj0DZnjUa4IdH7V6xq_E5bfQlwDKB_caqvv0IvLuxPdVNV0z7-asiNUsZM5Z7L5qA7qhJjmMk0

170 B
188 B

28ms
28ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPKmP5yF8mzOd73dOouWBjj0DZnjUa4IdH7V6xq_E5bfQlwDKB_caqvv0IvLuxPdVNV0z7-asiNUsZM5Z7L5qA7qhJjmMk0

Requested by

Host: 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com
URL: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 15 Jan 2022 16:46:13 GMT
Server: MT3 4133 baa842e master zrh-pixel-x31 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPKmP5yF8mzOd73dOouWBjj0DZnjUa4IdH7V6xq_E5bfQlwDKB_caqvv0IvLuxPdVNV0z7-asiNUsZM5Z7L5qA7qhJjmMk0
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 15 Jan 2022 16:46:12 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 641E
Redirect Chain

https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESEIWCdXedUseGsqPS7RfJQd0&google_cver=1&google_push=AYg5qPJqQvJosPPK4SxI5dESyQCWHKp5TGzD1S45a26iFPO0ZvG2VdBbEAiqZoSXRPhsFWsjvR1DlLoLAw...
https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESEIWCdXedUseGsqPS7RfJQd0&google_cver=1&google_push=AYg5qPJqQvJosPPK4SxI5dESyQCWHKp5TGzD1S45a26iFPO0ZvG2VdBbEAiqZoSXRPhsFWsjvR1DlLoLAw...
https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AYg5qPJqQvJosPPK4SxI5dESyQCWHKp5TGzD1S45a26iFPO0ZvG2VdBbEAiqZoSXRPhsFWsjvR1DlLoLAwQnJzQZV8zFbypImycj&google_hm=

170 B
188 B

44ms
42ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AYg5qPJqQvJosPPK4SxI5dESyQCWHKp5TGzD1S45a26iFPO0ZvG2VdBbEAiqZoSXRPhsFWsjvR1DlLoLAwQnJzQZV8zFbypImycj&google_hm=

Requested by

Host: 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com
URL: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 15 Jan 2022 16:46:13 GMT
server: nginx
access-control-allow-origin: *
transfer-encoding: chunked
access-control-allow-methods: POST, GET, OPTIONS
p3p: CP="NOI DEV OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AYg5qPJqQvJosPPK4SxI5dESyQCWHKp5TGzD1S45a26iFPO0ZvG2VdBbEAiqZoSXRPhsFWsjvR1DlLoLAwQnJzQZV8zFbypImycj&google_hm=
cache-control: no-cache
content-type: text/html; charset=UTF-8
access-control-allow-headers: Origin
keep-alive: timeout=10

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 641E
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEDP3rocSLTNbqOulRlwpJdE&google_cver=1&google_push=AYg5qPJsf-zPvX4myIaE70yrf-ihd2t0bPbHRE84-QntxZuki0zkg17bOsIGR5zCJPSSHxYKgp897QFW8AzmMFKihvBI...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEDP3rocSLTNbqOulRlwpJdE&google_cver=1&google_push=AYg5qPJsf-zPvX4myIaE70yrf-ihd2t0bPbHRE84-QntxZuki0zkg17bOsIGR5zCJPSSHxYKgp897QFW8AzmMF...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJsf-zPvX4myIaE70yrf-ihd2t0bPbHRE84-QntxZuki0zkg17bOsIGR5zCJPSSHxYKgp897QFW8AzmMFKihvBI8ODys_I5&google_hm=ZZ2FITpHRh2yc89-JAMvmg==

170 B
188 B

50ms
49ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJsf-zPvX4myIaE70yrf-ihd2t0bPbHRE84-QntxZuki0zkg17bOsIGR5zCJPSSHxYKgp897QFW8AzmMFKihvBI8ODys_I5&google_hm=ZZ2FITpHRh2yc89-JAMvmg==

Requested by

Host: 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com
URL: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJsf-zPvX4myIaE70yrf-ihd2t0bPbHRE84-QntxZuki0zkg17bOsIGR5zCJPSSHxYKgp897QFW8AzmMFKihvBI8ODys_I5&google_hm=ZZ2FITpHRh2yc89-JAMvmg==
Date: Sat, 15 Jan 2022 16:46:13 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 641E
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBKhbf3kQIy5ERSPJFg24p8&google_cver=1&google_push=AYg5qPKUIYtMYvXfwquDcmKVCOPBrqAmLX45FvTPnSaUXbdMBQAzvUZ9DOR1eMrgheYt8iYycUM...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1lHMkE1RzItTy1INVAz&google_push=AYg5qPKUIYtMYvXfwquDcmKVCOPBrqAmLX45FvTPnSaUXbdMBQAzvUZ9DOR1eMrgheYt8iYycUMHal_G5A_qdOsyGJGJtV53oSK6

170 B
188 B

43ms
43ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1lHMkE1RzItTy1INVAz&google_push=AYg5qPKUIYtMYvXfwquDcmKVCOPBrqAmLX45FvTPnSaUXbdMBQAzvUZ9DOR1eMrgheYt8iYycUMHal_G5A_qdOsyGJGJtV53oSK6

Requested by

Host: 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com
URL: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1lHMkE1RzItTy1INVAz&google_push=AYg5qPKUIYtMYvXfwquDcmKVCOPBrqAmLX45FvTPnSaUXbdMBQAzvUZ9DOR1eMrgheYt8iYycUMHal_G5A_qdOsyGJGJtV53oSK6
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 641E
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEDp1Sz3XqYiBYjkV3WQjfu4&google_cver=1&google_push=AYg5qPJ2xFNKoPhLAVdxC2wSA8uGRZN3q26eLleQnmSqbtiZaqm8bajPjATxJnlDSX2p0aonBU_SiKNq8rEo97Tu...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJ2xFNKoPhLAVdxC2wSA8uGRZN3q26eLleQnmSqbtiZaqm8bajPjATxJnlDSX2p0aonBU_SiKNq8rEo97TuCHfkw3lacB0

170 B
188 B

44ms
44ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJ2xFNKoPhLAVdxC2wSA8uGRZN3q26eLleQnmSqbtiZaqm8bajPjATxJnlDSX2p0aonBU_SiKNq8rEo97TuCHfkw3lacB0

Requested by

Host: 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com
URL: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 15 Jan 2022 16:46:13 GMT
via: 1.1 9128c49d19c76fd86ec4c647434ccb0a.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA50-C1
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJ2xFNKoPhLAVdxC2wSA8uGRZN3q26eLleQnmSqbtiZaqm8bajPjATxJnlDSX2p0aonBU_SiKNq8rEo97TuCHfkw3lacB0
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: H3ZaivAm3N5k3OthpWB2IEciN2AMSDgfqE1xQvAlAXe-5O6l_elZzA==

GET
H2 204 exptsync
ads.yieldmo.com/ Frame 641E 0
35 B 247ms
40ms Image
text/plain 99.81.30.72
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.yieldmo.com/exptsync?google_gid=CAESECy2KusFFuRwp-kIxOZiWRw&google_cver=1&google_push=AYg5qPKvfjp-O4Up2sTv1jPpZiURyfZy97oiQCNoUFhTV1rDPpJIJqsWg9xsD74gm7TuiYjfNgWiEgrJszN9VzzF5u9oH4K2ofQ
Requested by: Host: 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com
URL: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.81.30.72 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-81-30-72.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:13 GMT

GET
H2 200 dot.gif
s0.2mdn.net/ Frame 641E 43 B
577 B 66ms
23ms Image
image/gif 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESENOXEd61OIKik0nr1rdGHx4&google_cver=1&google_push=AYg5qPLX-agE1xEnLtGi_ghFtkZk1uggdrlHE0uDQ7UndukDqVU6XajqoO_iDzPU6IYm_0-cotGtLLpKDqZ3fjfHE-zhm5fdRkla

Requested by

Host: 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com
URL: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:12 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jan 2022 16:46:12 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 641E 0
12 B 23ms
22ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J2dGFRuzTxVLJuy8J8tcdfDeufibzSeNx6HH5BxhC5cVULSXJx8tjRe-mFZrVBmkuX8Tx8zg

Requested by

Host: 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com
URL: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:12 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 dc_pre=CN3ehcKatPUCFUYeGwod2kcNXw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5393761128647.316
adservice.google.com/ddm/fls/z/ Frame 086D 42 B
63 B 52ms
52ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CN3ehcKatPUCFUYeGwod2kcNXw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5393761128647.316

Requested by

Host: 8019191.fls.doubleclick.net
URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=CN3ehcKatPUCFUYeGwod2kcNXw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5393761128647.316?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8019191.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5D9B 0
20 B 51ms
51ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BesayVPriYZi2G4yP9u8PhvGwoA8AAAAAOAHgBAI&bg=!ICOlI2fNAAaocxMpqHM7ACkAdvg8WgcSTd3wtSh0wOb-Ii6TWp74cnKU1n1OmWBSSF4cUB5yqylI_QIAAADdUgAAAARoAQcKAB5Njt3RmQN-l1hWdWidBsrWLZaVtYVACB3ntxrd9dmZA1H1iQtk_2iRvwKezuaoQXqfYfT_OjDyumScJc0QkckdWw6cLpRn2gh09cFTvlr7aVEQh63ldGLT_2luolHYLBBv_H0zCFg0895rWKFwhZgUlBCf88yJHNffh8aaBt2z41z6W5GsLokXly7LeofK3_LJjPXO54EPH7AElX7Zrz9MmYNQQCyCVX_KRq5sb6jEgIgAsBmcJcKmnVsSW1DZ-WEmBnskG46wpIbDLeswt6dSk7e2sHjNQQHTMvMsKBBS38gEbf5kEMgbQw2jmui7xoUo2RJ8Earj9puhy5BR61JQaHpaODRQcZreeNCRYxVFH383pu8Cq0crGVp3s02l00HMLpY7Y5pwKkBwyO3UgHWZtHSI1EsJ90PNYyZB27DgRbO5EDYJMlcDMTsFrOZRZ_4Kx6fWHEHF7MgXr3J8dxZ5ob9wgrB-xbSc7VBxLUspNhxj6TdxoY9D6Gi_8GlK7T-DtdTA2BYyFHanGn1VekLUyvoEc4AGgAgkxTL24ArU-TfO5694C7uPoRdutPZI3lIol4U_5xXXBjhPJbFRgJoCm5QigxpuvQQj2AxI-2K4hZjqOaVNDc9Yc6lwxw96UXCSquqLbuMJ43o8VM5K3w6-KHGxqbbPJjEWKite74MyZ6bXAZ1Llh2De9gWUdF3624m3c9_BAB_QvB5zclCiWhN3I3PxXTxqiQrNzB3_U7BA455Rr7agrNwsGtqrFEBFceDXN8KHhnr6zS0Pge1lwaoh0n42DYToITa6vZeaYSkpxGZFmVBgQJkhGwut3KnjfpskUqoXR9FkdTIbjRE-VSAMtxTPV81Ah9uZXzB0RdpEV6GQA2yVXNdsLfpDJNBVqum_xn_ClUstzdiWvjhjrwLyL5qsvOL5R5KhrDNFsWh7t7y-Oq3vO-q3WLd8j96_ATic91hVbOqNmSBYQGBUSZ5JZgzJ02nMCWxyYa08fIqKPNy0RHniw8Swdub5Dw1zOm8rzS0SgTKkywaiZO_H355NlIiuhXyuHaNSqZGr5LhpQ8X2kX6kwX-oLL3mIhaLr6LjdGGK6tk0Wk8RAhIPPnSfBn0c-n0384h4zSLEYexrqUhMUg-F7KuBGZ9K3n_FuGqPqbMg4P4EdkKdNnX__dbc3o

Requested by

Host: 4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com
URL: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal90008.redintelligence.net/ Frame ECEE 0
150 B 60ms
20ms Script
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90008.redintelligence.net/viewability?s=17465700169443000710624011840008&a=07e5ee83&vb=m
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=17465700169443000710624011840008&a=123726c4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/request_content.php?s=17465700169443000710624011840008&a=123726c4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:46:13 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v18/ Frame ECEE 13 KB
13 KB 64ms
21ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v18/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

72dbd696f7961daf9049faacc868865d959f3d126f40d5271f48d5d9a0ccc652

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal90008.redintelligence.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 21:39:33 GMT
x-content-type-options: nosniff
age: 414400
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13072
x-xss-protection: 0
last-modified: Wed, 10 Nov 2021 18:17:36 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 10 Jan 2023 21:39:33 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v18/ Frame ECEE 13 KB
13 KB 59ms
18ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v18/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

428f1eb7935944229430ac0fdce0033f05d9b8c1c020b87c681dd7a78ab4dd19

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal90008.redintelligence.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 14:56:27 GMT
x-content-type-options: nosniff
age: 265786
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13080
x-xss-protection: 0
last-modified: Wed, 10 Nov 2021 18:10:26 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 12 Jan 2023 14:56:27 GMT

GET
H/1.1 200
OK viewability Show response
hal900025.redintelligence.net/ Frame E6BC 0
150 B 56ms
19ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900025.redintelligence.net/viewability?s=81242400162929400710612011840025&a=e45c1e69&vb=m
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=81242400162929400710612011840025&a=a646e1c7
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900025.redintelligence.net/request_content.php?s=81242400162929400710612011840025&a=a646e1c7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:46:13 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame 0F31 82 KB
32 KB 70ms
47ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv-srv.office-partner.de
URL: https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ad0b78f813e0ef6e16b184d90752a03a202ab783d64eece14f47c479d42f64e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adv-srv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:13 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32555
x-xss-protection: 0
last-modified: Sat, 15 Jan 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 15 Jan 2022 16:46:13 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame 4746 82 KB
32 KB 91ms
68ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv-srv.office-partner.de
URL: https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ba40cde54de95f1bbb5de694538c72569471a09e1755b478dc451b22ae8e4d23

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adv-srv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:13 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32550
x-xss-protection: 0
last-modified: Sat, 15 Jan 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 15 Jan 2022 16:46:13 GMT

GET
H3 200 dc_pre=CPLhhcKatPUCFQidhQodybQL_Q;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2989694414256.576
adservice.google.com/ddm/fls/z/ Frame 616E 42 B
63 B 55ms
55ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CPLhhcKatPUCFQidhQodybQL_Q;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2989694414256.576

Requested by

Host: 8019191.fls.doubleclick.net
URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=CPLhhcKatPUCFQidhQodybQL_Q;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2989694414256.576?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8019191.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame A1A1 51 KB
51 KB 102ms
19ms Script
application/javascript 18.66.248.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=17465700169443000710624011840008&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-117.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c6ce2b47cde7cf913a3c34ddce355fa9c75012577dd34c35928add8676cb7fa0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: wvDglZsFnxZ0eZ1mUErJkFMo1VNidWYJ
via: 1.1 57b1c45cee24c7bbeb8b5420d5868740.cloudfront.net (CloudFront)
last-modified: Tue, 09 Nov 2021 11:05:10 GMT
server: AmazonS3
age: 43950
etag: "ec0ced40cbb5211db06b8a36f209e442"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Sat, 15 Jan 2022 04:33:44 GMT
x-amz-cf-pop: DUS51-P1
accept-ranges: bytes
content-length: 51794
x-amz-cf-id: QAthq6Emgu4Mn4WeTc4Z7OMiVeb6ma3QSvCgFlh2ToI9qQdFa40Fmg==

GET
H/1.1 200
OK link.html
track.webgains.com/ Frame A1A1 3 KB
3 KB 120ms
43ms Image
image/png 46.236.13.147
PULSANT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgcampaignid=99582&viewref=95521700140469100757601011840028&wglinkid=2513135
Requested by: Host: b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com
URL: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:46:13 GMT
Last-Modified: Sat, 15 Jan 2022 16:46:13 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: image/png
Content-Length: 2808
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame EDD7 51 KB
51 KB 96ms
36ms Script
application/javascript 18.66.248.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=81242400162929400710612011840025&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-117.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c6ce2b47cde7cf913a3c34ddce355fa9c75012577dd34c35928add8676cb7fa0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: wvDglZsFnxZ0eZ1mUErJkFMo1VNidWYJ
via: 1.1 57b1c45cee24c7bbeb8b5420d5868740.cloudfront.net (CloudFront)
last-modified: Tue, 09 Nov 2021 11:05:10 GMT
server: AmazonS3
age: 43950
etag: "ec0ced40cbb5211db06b8a36f209e442"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Sat, 15 Jan 2022 04:33:44 GMT
x-amz-cf-pop: DUS51-P1
accept-ranges: bytes
content-length: 51794
x-amz-cf-id: i6IX73DKHdBSFAlBLfLmD2QUjm9JghbkOEYm1aPsCNPDsc4fo8Ej4A==

GET
H/1.1 200
OK link.html
track.webgains.com/ Frame EDD7 3 KB
3 KB 120ms
43ms Image
image/png 46.236.13.147
PULSANT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgcampaignid=99582&viewref=51911300147520600710680011840017&wglinkid=2513135
Requested by: Host: 11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com
URL: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:46:13 GMT
Last-Modified: Sat, 15 Jan 2022 16:46:13 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: image/png
Content-Length: 2808
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 5061 0
0 52ms
51ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssQG_SAxDh1mwTKywH5YfA4GHVjwOwhadKk5VbaY2Q9nbB8wZUhcAAXej7lmRsrUr-1kkOXe6EwoSQlPLRQRvdb-21tgH1rUIV71HGxxEnFrJ8RC0XNreIXJoGyynd8yo2u05wHZ5_XC1mRWFr8RGyY4ziOGX9V9uZdmvxcCBInFp81BcQdknXJV-6CRRPoClUJJQUoS66Bo5KeCjDKU02wvelmc_q3ZGiXRdlU2JcvdtW5JhtkHHBG2coldElYfICQUoS_-OB2jZe6doLZXpvOpe20-xwl3BOWdnJ8Cf7xlrhq03mrD1JSTRiJ2g&sai=AMfl-YSAI-ajed0z9Y1q28QGOKPPa-9RSyOFocDD7TU6OdvjHAXBa0sdB1w8Z6Pv6zflQIqXOi4p5tLB0oD8I5Fl7pt5QYv7JGohhPsToncg8sSddBJHEaItHFRPsPYD7LGa&sig=Cg0ArKJSzJv7K1eqcwg6EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:46:13 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 5061 11 KB
9 KB 31ms
30ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f00b6fca183c5f3667b35193d424be89bcaae7b80080bbde6c5ed344463bc21

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8685
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 5061 17 KB
6 KB 49ms
49ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:46:13 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9C34 42 B
64 B 49ms
49ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstjnxBI7pL-0zfet5VG5VsY6swK0Jg9TpXqMibIL-LF-R4aEPsWpoZu56VnPUjUimI7_brGIn8CC-ErTVWvYAny7DZBEVX6nBuS8HhqYVdVG3_2qKBc&sig=Cg0ArKJSzFvqwzHI444lEAE&id=lidar2&mcvt=1000&p=0,0,250,300&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220112&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=19&adk=1055926600&rs=4&la=0&cr=0&vs=4&r=v&rst=1642265172136&rpt=134&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame D309 13 KB
5 KB 16ms
15ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:45:32 GMT
expires: Sun, 15 Jan 2023 16:45:32 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 41
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 7661 783 B
533 B 27ms
27ms Document
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

61539c7c34cf36c47b07c794d999213771a4bf2609f19d5baef084bf8576ac84

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-WdJcxWrx0vIbvQixk+ct2w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 15 Jan 2022 16:46:13 GMT
date: Sat, 15 Jan 2022 16:46:13 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-WdJcxWrx0vIbvQixk+ct2w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 511
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 qOjxjXcXCvgvcs-4P0zsCT9Wg6D8_9jxJtnS_OGjMvI.js Show response
pagead2.googlesyndication.com/bg/ Frame D309 35 KB
13 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/qOjxjXcXCvgvcs-4P0zsCT9Wg6D8_9jxJtnS_OGjMvI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8e8f18d77170af82f72cfb83f4cec093f5683a0fcffd8f126d9d2fce1a332f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 19:59:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74781
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13349
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 14 Jan 2023 19:59:52 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7661 0
0 56ms
55ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=4262051528554942&rc=
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame D309 0
9 B 15ms
15ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?1549Ow
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:13 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5061 0
20 B 54ms
54ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=4262051528554942&bg=!FBelF1PNAAaocxMpqHM7ACkAdvg8WoP4ZAe-Y-Fsl0EzVaOQThp55uP8H2tJvrnogdlJTZGmvtT1sQIAAABVUgAAAAZoAQcKAAzi_h8JG7iNMGW_6ViZAwdy8retsk3AqBchhpE75bH_GdjWbCKVwMRSdUuxcUhF5eIdvq5mo6pb73XFX4n8v9r-ozEqpXaJ79YnJmNQtp-X8qQbuiaVAFiIygyacG7rjXqbGuBhH3-1KQzED6pbZlMxz17BUJ1xHinQZtsSVRNT9CBooKJQgnOpCQ-Io7DUuy2VVczSX6V5Y42fiHaJNlmOutghG5fRb-im71UK9dUatcYp00nGDMNmW8HHg8rQsw08tuyIot-Ie8f9lK5bABCuLVEu2S2fpKDvH5fP1ra_COCY7wgymv_f2_tCihIHh-WImsLALK7bAvUTKDTsFf0knbGZzaGU2ZTnaWgDvyChTcgdJR2-NLmJi2bub1KnWg2vZ-BA5l1C8zWD6WxAJG45k1ksHLkZPz29gX9uTDoRvW_rBF4JAMqcLE9T6UDor5RKIM9e8CUYVweHaT-0pPiGOu86yaDJEuFSo4So7ytGXWGYPTIPbNuLvYJJXzC6qXh3IFfiQ5TS04fEKGBoZ-nDYC_Ud184sOK6QsihN4D9FlPrLC6lVXNeFVNzzdomkEdl67PEX-aWeNDv8S5-CQbJE7XQZUuCdewuYEQw7rufH8FaXXDYSlZ9W9doGC9LCqMsVo0RoQBqRB-xNNuY_g5Q-dx67EzBJnIdkNRC_AF5-yWXtGq6opbRLPZcC8o1XiocFJZxw-7JPU5KIt4w3q4wZjAB0heJdmpAfUSyzEoVDVj4LvyTErjrV5KpLCp3muB1I9tUBsoEtq1ZvGsKPq4XBojfwghgf-N8mZ_xf2WZpxLc1YC1KLMRMLqQRG-6QYCl2-NnrDZGEA-dT7nTWvXvnM3c3N8NOjWxDXl7YeUeoPKXBPNq62ivOVSlnIgAKXY-_qREOhvaLF0rmpS4mEj2nD8B0slIX577mWzTUv5Io45z1wLSaaeMesuOHyXa12TJwbUZrxsZ4TQUu6RbxVH16_dswowhlnH7a8v1NUTNJJTEb3NX9K2jAl-MHcpuULSq2NHauyFnfDwEmSUdmUt-_9gr8tqs

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A1A1 42 B
64 B 51ms
50ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssByE6jnnmpjn7dWuavcfH5HZCpFVPHVYaBsZq_zDy0C_ZlJydfOa_2fMhnw6_PItURtZnqMZH1fjTsRRiH314yXYUhw4VbsRgW7jLR&sai=AMfl-YTTijnvemgOQz0ZbH57mhJRL2TKclM0pKPOMGLzBUNioMsNCV_3wNrobH7uSWxnizheaDdwPDbpBDFmD7NbIV5eXJihJMZhqFk&sig=Cg0ArKJSzHRG9IVdkh4UEAE&cid=CAASEuRozl-fpgmeZueD6JqJ9fIPpA&id=lidar2&mcvt=1162&p=0,0,600,300&mtos=1162,1162,1162,1162,1162&tos=1162,0,0,0,0&v=20220112&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=880606352&rs=4&la=0&cr=0&vs=4&r=v&rst=1642265171908&rpt=908&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame EDD7 42 B
64 B 50ms
50ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss_6VcjySFmL97Ap3SJtg6dm1zNFK4zAC6s2SxgjrP3uBXO_zaLW0Qa2DtUj0k1EBcPuEHIjd4zCGsV83lk05UrQmrwCiJajH7k0sx-&sai=AMfl-YRrgUXOM1izwqHrh3nxpnRs7OVlJVWVpjsnE9wuB9dWHrAPzV4dKxaUn8rJWP5RA3aOejqautYJcqqZF5fAjXKDewfeIDxgwIY&sig=Cg0ArKJSzLJKC6wl_qTIEAE&cid=CAASEuRousGbHcJ6G1VDH_kxKgPkag&id=lidar2&mcvt=1130&p=0,0,90,728&mtos=1130,1130,1130,1130,1130&tos=1130,0,0,0,0&v=20220112&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=3055526604&rs=4&la=0&cr=0&vs=4&r=v&rst=1642265171999&rpt=861&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal90008.redintelligence.net/ Frame ECEE 0
150 B 58ms
20ms Script
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90008.redintelligence.net/viewability?s=17465700169443000710624011840008&a=07e5ee83&vb=v
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=17465700169443000710624011840008&a=123726c4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/request_content.php?s=17465700169443000710624011840008&a=123726c4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:46:14 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK viewability Show response
hal900025.redintelligence.net/ Frame E6BC 0
150 B 59ms
21ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900025.redintelligence.net/viewability?s=81242400162929400710612011840025&a=e45c1e69&vb=v
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=81242400162929400710612011840025&a=a646e1c7
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900025.redintelligence.net/request_content.php?s=81242400162929400710612011840025&a=a646e1c7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:46:14 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame A1A1 16 B
232 B 89ms
88ms Fetch
application/json 54.72.0.164
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.72.0.164 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-72-0-164.eu-west-1.compute.amazonaws.com

Software

nginx / PHP/7.4.25

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 15 Jan 2022 16:46:14 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.25
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 172ms
36ms Preflight 54.72.0.164
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.0.164 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-0-164.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sat, 15 Jan 2022 16:46:14 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame EDD7 16 B
232 B 101ms
100ms Fetch
application/json 54.72.0.164
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.72.0.164 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-72-0-164.eu-west-1.compute.amazonaws.com

Software

nginx / PHP/7.4.25

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 15 Jan 2022 16:46:14 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.25
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 156ms
37ms Preflight 54.72.0.164
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.0.164 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-0-164.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sat, 15 Jan 2022 16:46:14 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5061 42 B
64 B 50ms
50ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstb0xD7geZ4n7uo2tlh7rDd0LconKuh1QpCt2cHA6UXtY4rvtWfXbJ3JY4kN9W9uBSx_PoBuFhPZM32Obfczuu4Iq7ShP4qAoDQFYjCk4R4L1ki4Y5x&sig=Cg0ArKJSzFxSMOyMy5zxEAE&id=lidar2&mcvt=1000&p=205,990,805,1290&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220112&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=19&adk=1250131073&rs=4&la=0&cr=0&vs=4&r=v&rst=1642265170664&rpt=2582&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK common.js Show response
maps.google.com/maps-api-v3/api/js/47/5/intl/de_ALL/ 77 KB
29 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://maps.google.com/maps-api-v3/api/js/47/5/intl/de_ALL/common.js

Requested by

Host: maps.google.com
URL: http://maps.google.com/maps/api/js?sensor=true

Protocol

HTTP/1.1

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

565a604b8d2449fcbbe6a76e51f0b8f5c6b85e912c87e81bb9aa2c7f86b8cd07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 19:25:01 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 249673
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 28716
X-XSS-Protection: 0
Last-Modified: Tue, 11 Jan 2022 02:10:25 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="maps-api-js"
Vary: Accept-Encoding, Origin
Report-To: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
Content-Type: text/javascript
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Expires: Thu, 12 Jan 2023 19:25:01 GMT

GET
H/1.1 200
OK util.js Show response
maps.google.com/maps-api-v3/api/js/47/5/intl/de_ALL/ 298 KB
92 KB 34ms
17ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://maps.google.com/maps-api-v3/api/js/47/5/intl/de_ALL/util.js

Requested by

Host: maps.google.com
URL: http://maps.google.com/maps/api/js?sensor=true

Protocol

HTTP/1.1

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d8749b19ba5041e508d173b873b9ac49b4d2fa9bab220cd1299e654fdd0f27a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 19:25:01 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 249673
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 93199
X-XSS-Protection: 0
Last-Modified: Tue, 11 Jan 2022 02:10:25 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="maps-api-js"
Vary: Accept-Encoding, Origin
Report-To: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
Content-Type: text/javascript
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Expires: Thu, 12 Jan 2023 19:25:01 GMT

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame BF35
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=81424300148569000710612011840021&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=81424300148569000710612011840021&actionid=879111&produktid=ratenkredit&dt_url=

0
182 B

122ms
122ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=81424300148569000710612011840021&actionid=879111&produktid=ratenkredit&dt_url=

Requested by

Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=83bc2da85b&subid=&uid=d968c2b418e2bf4d&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCvrFtU_riYbmMKeKf7_UPgsqfoAa1zfmDV_zYuavlDPAuEAEgiIC_FGCV8pyCrAfIAQmpAjTwtOc1J7M-qAMBqgSAAk_QCVZ53bx-78fW3XLkZMHjGSNBaK2wt_C5XIDIuYcLcsvbQ2H4ID-GMMOAq73EyK7Veg8TTd1dEkI6sOCkqCV2l-vJDfFKk3UIcsDwqZKmvNb7pNheGF4eFd96wwEfqIIe5JGHayWjN5lsP64gxjqnj_RzyWogZG1B4A060j20H0HxO87LchPqtK53iWf6RESiCTZhhHVioHq3ofXvnlk3qSHn6D8svpcFTY_spd6Cu5Fv7fSs0eyqQx_7zqUNwPOs6D1Goz8NziPHS4uFFHet-lC_FO3IIyBfvlbw7wpxNsoWiwxHxf7IZ9e5IbJzlsRzfIivOv6IZPGEI45wKnzABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRoroIiPKjCf6dsKu9afwGTvw%26sig%3DAOD64_0SJFaC_x4MmaareCf01T_rlokZPg%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-CehRanKTktAeqTh3qAg7Xc6O0W3GA7XTwbBeaY72y03KkQ2foNs2i-wwY_2fCvKb_qZGp4XAVKG-wJ4S_frZ6261QQmNxK3O4AFMKWVYubafgUP7P9YVkGqC5Pc-VUw8rLBAwztWzB7UFh3qwEqzPX1fewxA%26cry%3D1%26dbm_d%3DAKAmf-DLtRhMBcWsTkTMGzjmgpmocS802jghByrVLGK5-dV4boYbvfx-0LpUf6Bk-3Ldj4m4WWu4YMivz0lEyYA7l0KMMTgICbfivDTNz_DOffkSEtFJNg_L4WnEc58-YxFAteRMHj-sZkS7vT3FeGj1YigeHHjE3dKYZzA7wm0opsGNb_TvVRIIatpbxJXAOKVIigkXOMSwnFP10IG8FaNWTxbx70usphS__c5X_u8bUPiaGv6WO017BHmhqRWPNGaiEOtQa0PP4BzWzcM01qoztmI5dHf36mgwFqkO8sX3jzHdh2UC-nsOm1f5i9Roi7931M0rfHCcq3xmmKxfnDL2UM4S0KHlfd8HA5UwhFkxiRuCIcBpk2NbPK4JkwJrrF3T3ixt2GxW6nSf13pxogpjLzUsB8cPig%26adurl%3D&documentReferer=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=2971851641375&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 Mannheim, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sat, 15 Jan 2022 05:46:15 GMT
server: Microsoft-IIS/10.0
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
access-control-allow-origin: *
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Sat, 15 Jan 2022 16:46:15 GMT
content-length: 0

Redirect headers

Server: nginx/1.19.7
Date: Sat, 15 Jan 2022 16:46:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Keep-Alive: timeout=20
X-Powered-By: PHP/7.2.34
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Range, Content-Disposition, Content-Type, Authorization
Access-Control-Allow-Credentials: true
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=81424300148569000710612011840021&actionid=879111&produktid=ratenkredit&dt_url=
Strict-Transport-Security: max-age=63072000;includeSubdomains;preload max-age=15768000
X-IPLB-Request-ID: D972D785:D6E4_91EFC182:01BB_61E2FA57_BC6AC94:4417
X-IPLB-Instance: 40027
Cache-control: private

GET
H2

200

htlp Show response
futalis.de/ Frame 91C0
Redirect Chain

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=81424300148569000710612011840021&ra_cnt_active=1&ra_cnt=1
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1145042063

350 B
409 B

76ms
24ms

Document
text/html

49.12.16.151
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1145042063
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=83bc2da85b&subid=&uid=d968c2b418e2bf4d&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCvrFtU_riYbmMKeKf7_UPgsqfoAa1zfmDV_zYuavlDPAuEAEgiIC_FGCV8pyCrAfIAQmpAjTwtOc1J7M-qAMBqgSAAk_QCVZ53bx-78fW3XLkZMHjGSNBaK2wt_C5XIDIuYcLcsvbQ2H4ID-GMMOAq73EyK7Veg8TTd1dEkI6sOCkqCV2l-vJDfFKk3UIcsDwqZKmvNb7pNheGF4eFd96wwEfqIIe5JGHayWjN5lsP64gxjqnj_RzyWogZG1B4A060j20H0HxO87LchPqtK53iWf6RESiCTZhhHVioHq3ofXvnlk3qSHn6D8svpcFTY_spd6Cu5Fv7fSs0eyqQx_7zqUNwPOs6D1Goz8NziPHS4uFFHet-lC_FO3IIyBfvlbw7wpxNsoWiwxHxf7IZ9e5IbJzlsRzfIivOv6IZPGEI45wKnzABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRoroIiPKjCf6dsKu9afwGTvw%26sig%3DAOD64_0SJFaC_x4MmaareCf01T_rlokZPg%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-CehRanKTktAeqTh3qAg7Xc6O0W3GA7XTwbBeaY72y03KkQ2foNs2i-wwY_2fCvKb_qZGp4XAVKG-wJ4S_frZ6261QQmNxK3O4AFMKWVYubafgUP7P9YVkGqC5Pc-VUw8rLBAwztWzB7UFh3qwEqzPX1fewxA%26cry%3D1%26dbm_d%3DAKAmf-DLtRhMBcWsTkTMGzjmgpmocS802jghByrVLGK5-dV4boYbvfx-0LpUf6Bk-3Ldj4m4WWu4YMivz0lEyYA7l0KMMTgICbfivDTNz_DOffkSEtFJNg_L4WnEc58-YxFAteRMHj-sZkS7vT3FeGj1YigeHHjE3dKYZzA7wm0opsGNb_TvVRIIatpbxJXAOKVIigkXOMSwnFP10IG8FaNWTxbx70usphS__c5X_u8bUPiaGv6WO017BHmhqRWPNGaiEOtQa0PP4BzWzcM01qoztmI5dHf36mgwFqkO8sX3jzHdh2UC-nsOm1f5i9Roi7931M0rfHCcq3xmmKxfnDL2UM4S0KHlfd8HA5UwhFkxiRuCIcBpk2NbPK4JkwJrrF3T3ixt2GxW6nSf13pxogpjLzUsB8cPig%26adurl%3D&documentReferer=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=2971851641375&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 49.12.16.151 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: lb-1.futalis.de
Software: /
Resource Hash: 582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/

Response headers

content-length: 350
content-type: text/html; charset=utf-8

Redirect headers

date: Sat, 15 Jan 2022 16:46:15 GMT
server: Apache
p3p: policyref="https://www.retailads.net//w3c/p3p.xml",CP="NOI CUR OUR STP"
location: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1145042063
content-length: 0
content-type: text/html; charset=utf-8

GET
H/1.1 200
OK request_content.php Show response
hal900021.redintelligence.net/ Frame 3FC1 7 KB
2 KB 59ms
20ms Document
text/html 144.76.238.55
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900021.redintelligence.net/request_content.php?s=81424300148569000710612011840021&a=e408850e
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=83bc2da85b&subid=&uid=d968c2b418e2bf4d&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCvrFtU_riYbmMKeKf7_UPgsqfoAa1zfmDV_zYuavlDPAuEAEgiIC_FGCV8pyCrAfIAQmpAjTwtOc1J7M-qAMBqgSAAk_QCVZ53bx-78fW3XLkZMHjGSNBaK2wt_C5XIDIuYcLcsvbQ2H4ID-GMMOAq73EyK7Veg8TTd1dEkI6sOCkqCV2l-vJDfFKk3UIcsDwqZKmvNb7pNheGF4eFd96wwEfqIIe5JGHayWjN5lsP64gxjqnj_RzyWogZG1B4A060j20H0HxO87LchPqtK53iWf6RESiCTZhhHVioHq3ofXvnlk3qSHn6D8svpcFTY_spd6Cu5Fv7fSs0eyqQx_7zqUNwPOs6D1Goz8NziPHS4uFFHet-lC_FO3IIyBfvlbw7wpxNsoWiwxHxf7IZ9e5IbJzlsRzfIivOv6IZPGEI45wKnzABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRoroIiPKjCf6dsKu9afwGTvw%26sig%3DAOD64_0SJFaC_x4MmaareCf01T_rlokZPg%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-CehRanKTktAeqTh3qAg7Xc6O0W3GA7XTwbBeaY72y03KkQ2foNs2i-wwY_2fCvKb_qZGp4XAVKG-wJ4S_frZ6261QQmNxK3O4AFMKWVYubafgUP7P9YVkGqC5Pc-VUw8rLBAwztWzB7UFh3qwEqzPX1fewxA%26cry%3D1%26dbm_d%3DAKAmf-DLtRhMBcWsTkTMGzjmgpmocS802jghByrVLGK5-dV4boYbvfx-0LpUf6Bk-3Ldj4m4WWu4YMivz0lEyYA7l0KMMTgICbfivDTNz_DOffkSEtFJNg_L4WnEc58-YxFAteRMHj-sZkS7vT3FeGj1YigeHHjE3dKYZzA7wm0opsGNb_TvVRIIatpbxJXAOKVIigkXOMSwnFP10IG8FaNWTxbx70usphS__c5X_u8bUPiaGv6WO017BHmhqRWPNGaiEOtQa0PP4BzWzcM01qoztmI5dHf36mgwFqkO8sX3jzHdh2UC-nsOm1f5i9Roi7931M0rfHCcq3xmmKxfnDL2UM4S0KHlfd8HA5UwhFkxiRuCIcBpk2NbPK4JkwJrrF3T3ixt2GxW6nSf13pxogpjLzUsB8cPig%26adurl%3D&documentReferer=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=2971851641375&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.238.55 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.55.238.76.144.clients.your-server.de
Software: Apache /
Resource Hash: c18180146b78a23fd86686728d62bfdcc3f0e16f9a423d804c064e2596bf63b4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/

Response headers

Date: Sat, 15 Jan 2022 16:46:15 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Sat, 15 Jan 2022 16:46:15 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2065
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame E862
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=81424300148569000710612011840021
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=81424300148569000710612011840021
https://ad-server.eu/wm/pb/native.png

68 B
312 B

36ms
35ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: 4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com
URL: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:51:26 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Sat, 15 Jan 2022 16:46:15 GMT
Server: nginx/1.19.7
X-IPLB-Request-ID: D972D785:D6E4_91EFC182:01BB_61E2FA57_BC6AC99:4417
X-Powered-By: PHP/7.2.34
X-IPLB-Instance: 40027
Strict-Transport-Security: max-age=63072000;includeSubdomains;preload, max-age=15768000
Content-Type: text/html; charset=UTF-8
Location: https://ad-server.eu/wm/pb/native.png
Cache-control: private
Transfer-Encoding: chunked
Keep-Alive: timeout=20

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame E862 43 B
704 B 43ms
42ms Image
image/gif 104.92.94.3
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519595&v=14098&q=379097&r=296283&pref1=81424300148569000710612011840021&pv=1

Requested by

Host: 4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com
URL: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.92.94.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-94-3.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:46:15 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2DCD 1 KB
749 B 16ms
16ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com
URL: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Sat, 15 Jan 2022 13:26:12 GMT
expires: Sun, 16 Jan 2022 13:26:12 GMT
cache-control: public, max-age=86400
age: 12003
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame E862 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5d7f15ac53853ed5337b3cf50f22c2fc9858d1177a5aae58a584ae3dcc3ef7f0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET /
google2waycm.netmng.com/cm/ Frame 2DCD 0
0

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 2DCD
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEHuAc1VzYuClsjxvPmf8U8o&google_cver=1&google_push=AYg5qPIBH89i5dC8N1Awm1hSU7KfCVvvDBgFa26hidM4tZiu6Jj0OI12ilkog1IRf349T6eeFo4fUaIb8XYdJ3Lg-V0LlCUVt29eaQ
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzM2MDExNDA1NTk3MTIwODE4NQ==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEHuAc1VzYuClsjxvPmf8U8o&google_cver=1

43 B
407 B

23ms
22ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEHuAc1VzYuClsjxvPmf8U8o&google_cver=1
Requested by: Host: 4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com
URL: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:15 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:15 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEHuAc1VzYuClsjxvPmf8U8o&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2DCD
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEOM16NHAisNS6iN2GdvUGuk&google_push=AYg5qPL4YqxXguYFZWodueK2LQjYxU5vFflNH2Z1q1dHNqFKVszBMcsrYT...

170 B
188 B

42ms
41ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEOM16NHAisNS6iN2GdvUGuk&google_push=AYg5qPL4YqxXguYFZWodueK2LQjYxU5vFflNH2Z1q1dHNqFKVszBMcsrYToLcBwTO0SV7hQmA2229Drc5Sua1bWLOM7BhSFfnPzE

Requested by

Host: 4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com
URL: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:15 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1642265176.839135,VS0,VE92
x-served-by: cache-hhn4083-HHN
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEOM16NHAisNS6iN2GdvUGuk&google_push=AYg5qPL4YqxXguYFZWodueK2LQjYxU5vFflNH2Z1q1dHNqFKVszBMcsrYToLcBwTO0SV7hQmA2229Drc5Sua1bWLOM7BhSFfnPzE
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2DCD
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEP-Y1IcD6JV1zw17dQMlPbY&google_cver=1&google_push=AYg5qPJpsjF7gQojdJlt6AtpXtproA_kC45VZ4XzV8PnbDQ7vf6usR0VDuArjq7fY4KyA_jVVnV8qpiBD9_KBgt...
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=v0FTe9y7T65fhnGL4hXR6tly14U&google_push=AYg5qPJpsjF7gQojdJlt6AtpXtproA_kC45VZ4XzV8PnbDQ7vf6usR0VDuArjq7fY4KyA_jVVnV8qpiBD9_KBg...

170 B
188 B

43ms
42ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=v0FTe9y7T65fhnGL4hXR6tly14U&google_push=AYg5qPJpsjF7gQojdJlt6AtpXtproA_kC45VZ4XzV8PnbDQ7vf6usR0VDuArjq7fY4KyA_jVVnV8qpiBD9_KBgtdrru1CWS8ECZg

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=v0FTe9y7T65fhnGL4hXR6tly14U&google_push=AYg5qPJpsjF7gQojdJlt6AtpXtproA_kC45VZ4XzV8PnbDQ7vf6usR0VDuArjq7fY4KyA_jVVnV8qpiBD9_KBgtdrru1CWS8ECZg
Date: Sat, 15 Jan 2022 16:46:16 GMT
Connection: keep-alive
Content-Length: 242
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK us
sync.go.sonobi.com/ Frame 2DCD 0
478 B 87ms
21ms Image
text/plain 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAYg5qPKh0M1ZaftSQHliIyGixbKbnjwCLTyMC7SPvgnC8kMYr1wD9Pf7_1nFMOciAgx0KqoHV5noXzKfwwADJCLqZE6Rbg0sFSBbOg%26google_hm%3D%5BUID%5D&google_gid=CAESEHz4z0SN-JIOvIqxk4TkAso&google_cver=1

Requested by

Host: 4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com
URL: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:46:15 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2DCD
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEG5xXsa0bHnONwr0uwKnbaM&google_cver=1&google_push=AYg5qPI6NnGexXOmFfjim24ZqFRsK-sTptfc2JDF5gzgtDDp5eVnISfxm0j6rsTA9iGXXS2FhwH0sQ5njiF9OyLsB...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEG5xXsa0bHnONwr0uwKnbaM&google_cver=1&google_push=AYg5qPI6NnGexXOmFfjim24ZqFRsK-sTptfc2JDF5gzgtDDp5eVnISfxm0j6rsTA9iGXXS2FhwH0sQ5njiF9OyLsB...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPI6NnGexXOmFfjim24ZqFRsK-sTptfc2JDF5gzgtDDp5eVnISfxm0j6rsTA9iGXXS2FhwH0sQ5njiF9OyLsBHWvkYCWr2V5&google_hm=4501c70d0c718c4c3d5a8b8e

170 B
188 B

46ms
46ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPI6NnGexXOmFfjim24ZqFRsK-sTptfc2JDF5gzgtDDp5eVnISfxm0j6rsTA9iGXXS2FhwH0sQ5njiF9OyLsBHWvkYCWr2V5&google_hm=4501c70d0c718c4c3d5a8b8e

Requested by

Host: 4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com
URL: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 15 Jan 2022 16:46:15 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPI6NnGexXOmFfjim24ZqFRsK-sTptfc2JDF5gzgtDDp5eVnISfxm0j6rsTA9iGXXS2FhwH0sQ5njiF9OyLsBHWvkYCWr2V5&google_hm=4501c70d0c718c4c3d5a8b8e
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2DCD
Redirect Chain

https://sm.rtb.mts.ru/p?ssp=googleban&pm=1&google_gid=CAESEDwAoxywqAaV2MN8WLvrDB8&google_cver=1&google_push=AYg5qPJDzlwBcibIXLbMD5ApHZupOAr327bBm6tH6rAW7ehM0XsB035_zr472Pnxjf4BGH0I64l447AfpTvfN8t7S...
https://sm.rtb.mts.ru/match/second?ssp=12&google_push=AYg5qPJDzlwBcibIXLbMD5ApHZupOAr327bBm6tH6rAW7ehM0XsB035_zr472Pnxjf4BGH0I64l447AfpTvfN8t7SzX8_79TW14WT60&exu=CAESEDwAoxywqAaV2MN8WLvrDB8
https://tech.rtb.mts.ru/?dsp_uid=1f5326f6-5714-48ae-9bb8-d97458faaf09&return_url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc%26id%3D1f5326f6-5714-48ae-9bb8-d97458faaf09%26g...
https://cm.g.doubleclick.net/pixel?google_nid=stream_llc&id=1f5326f6-5714-48ae-9bb8-d97458faaf09&google_push=AYg5qPJDzlwBcibIXLbMD5ApHZupOAr327bBm6tH6rAW7ehM0XsB035_zr472Pnxjf4BGH0I64l447AfpTvfN8t7...

170 B
188 B

25ms
25ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stream_llc&id=1f5326f6-5714-48ae-9bb8-d97458faaf09&google_push=AYg5qPJDzlwBcibIXLbMD5ApHZupOAr327bBm6tH6rAW7ehM0XsB035_zr472Pnxjf4BGH0I64l447AfpTvfN8t7SzX8_79TW14WT60

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 15 Jan 2022 16:46:16 GMT
Server: nginx/1.13.12
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Content-Type: text/html; charset=utf-8
Location: https://cm.g.doubleclick.net/pixel?google_nid=stream_llc&id=1f5326f6-5714-48ae-9bb8-d97458faaf09&google_push=AYg5qPJDzlwBcibIXLbMD5ApHZupOAr327bBm6tH6rAW7ehM0XsB035_zr472Pnxjf4BGH0I64l447AfpTvfN8t7SzX8_79TW14WT60
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 2DCD 0
12 B 24ms
24ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KpavmgXV_JcC_RqO7PNV17Al__R0OZnoqlV71RkJWBbV0tP9h3RoDDjO7jDEnjOSUYxvoblA

Requested by

Host: 4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com
URL: https://4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:15 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 css
fonts.googleapis.com/ Frame 3FC1 1 KB
419 B 48ms
25ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=81424300148569000710612011840021&a=e408850e

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9c1521286e7dd2d6f8c2262b15bca8867bcae973a83879accdd00e1cb9831e5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 15 Jan 2022 14:55:32 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 15 Jan 2022 16:46:15 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 15 Jan 2022 16:46:15 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 3FC1 16 KB
16 KB 55ms
19ms Image
image/png 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/postbank_pool_privatkredit_1200x627.jpg
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=81424300148569000710612011840021&a=e408850e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 582bc045158a170966d83c183ba82e0ddabcf78f569447844f1904eb46b71246

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:46:15 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16248
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 3FC1 17 KB
17 KB 58ms
20ms Image
image/png 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/3839/creativesup/father_daughter_1200x627.jpg
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=81424300148569000710612011840021&a=e408850e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: eec52c7d12e973096b88a50d8988890a90fef401ef8f4050fecf6252b7b36a64

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:46:15 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16857
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 3FC1 13 KB
13 KB 123ms
85ms Image
image/png 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/55487/creativesup/1200x627.jpg
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=81424300148569000710612011840021&a=e408850e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: a14a6936e579c4dab8beeae194be43157c12952dd34c48dc5484a3a576c7029d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:46:15 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 12988
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK viewability Show response
hal900021.redintelligence.net/ Frame 3FC1 0
150 B 62ms
22ms Script
text/html 144.76.238.55
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900021.redintelligence.net/viewability?s=81424300148569000710612011840021&a=d1ef93aa&vb=m
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=81424300148569000710612011840021&a=e408850e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.238.55 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.55.238.76.144.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900021.redintelligence.net/request_content.php?s=81424300148569000710612011840021&a=e408850e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:46:15 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 ts.js Show response
cdn.retailads.net/ Frame 91C0 5 KB
5 KB 18ms
18ms Script
application/javascript 2a01:4f8:d0a:2321::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.retailads.net/ts.js
Requested by: Host: futalis.de
URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1145042063
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 2a01:4f8:d0a:2321::2 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: Apache /
Resource Hash: 06a1b5afc54f03b03f1ec1d55390a43b7d0bea926033263e0988e33a8db55d19

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://futalis.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:15 GMT
last-modified: Thu, 17 Jun 2021 11:09:56 GMT
server: Apache
accept-ranges: bytes
etag: "13e5-5c4f43f50991d"
content-length: 5093
content-type: application/javascript

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6646 0
0 51ms
51ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstOI-SvwaaLTNegFhoSrZeXQ7uVVmhaCRBG7YpwCZCfzDbp318AHobVuAKs7Xpkk_qbF-QpSSkNts7N3jInDIREx3rebK9tNP-ZsPuXrEGetNpXTcYJLzsYtbC0FbRsoq9NiR6woXUzWjd5SfUA88Aswg6UMmO6VOOyKhWdqXpx22TLIbmxtTrQ8x4yKazgDmSqcxIT8S9scnr7GTfAOpFvfYrxwKVzp-co6ueF0aO-1CM1eg8pPgS7OTW8p5vw5c_E6PY5UD5Sk_hs2uq5VvDxnYUjV7MNEjbpHhCDiLnmLD1Gowk&sai=AMfl-YTqluVUFdtAG0JzQiOtNp_Bar9sOZ9GaNS_lYDQ1KuiQhw-SYSu73KF88PEffDypEbnNT3N2NODJ8kFVfYvXcybBJAlockHDm3sq99im5p5wKx4YmEXUsw4Qe-3hJke&sig=Cg0ArKJSzHuJj9jhImPWEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:15 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:46:15 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 6646 11 KB
9 KB 38ms
38ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

184c086f14e19e16f552434bd33969ea5f487e82ca5d706e648b6420ce864a52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8745
x-xss-protection: 0

GET
H/1.1 200
OK roundtrip.js Show response
a.adroll.com/j/ 46 KB
15 KB 57ms
31ms Script
text/javascript 2600:9000:206f:9600:15:90db:9f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://a.adroll.com/j/roundtrip.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 2600:9000:206f:9600:15:90db:9f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d62a3b924d49cc3909d8c7e7d66c6fda8780c357fae0f927993f424928401b20

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

X-Amz-Version-Id: TrxFtQaM8s37m_Nm4h1GkMAOXYF47jUQ
Content-Encoding: gzip
Etag: W/"b8caabe626e64605e61edd5174246bf4"
Age: 571
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Vary: Accept-Encoding
Via: 1.1 7e513424eee237ee26467e8fd5656ec0.cloudfront.net (CloudFront)
Last-Modified: Fri, 14 Jan 2022 00:11:04 GMT
Server: AmazonS3
Date: Sat, 15 Jan 2022 16:36:45 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA56-C1
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: reeaDrZKJvixuKlDXcjf_SFsOFthJJ0tRWRUvlT2LM4tG1SJDBWT_Q==

GET
H/1.1 200
OK chartbeat.js Show response
static.chartbeat.com/js/ 36 KB
14 KB 56ms
17ms Script
application/x-javascript 2600:9000:223c:ba00:18:1fcd:34f:cdc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://static.chartbeat.com/js/chartbeat.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=%E2%9D%84%E2%A1%BF%E2%A1%B9+Buy+Hydroxychloroquine+Over+the+Counter:+%F0%9F%A4%A9+www.HealsPills.store+%F0%9F%A4%A9+Uses,+Dosage+%E2%A1%B9%E2%A1%BF%E2%9D%84Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 2600:9000:223c:ba00:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:27:39 GMT
Content-Encoding: gzip
Age: 1117
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Last-Modified: Fri, 14 Jan 2022 02:25:57 GMT
Server: nginx
ETag: W/"61e0df35-8e96"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
Cache-Control: max-age=7200
X-Amz-Cf-Pop: FRA56-P2
X-Amz-Cf-Id: 1kccUgw8RpRXI75Vti90wTQqkmOuCaBrMe_bq8h0bAPPEwgeq0-o_Q==
Expires: Sat, 15 Jan 2022 18:27:39 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 30ms
30ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f33c79bfda24778d46fbb26bb4894e34b52bc1f97efd6c65d0a8d039862e2664

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:46:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8670
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:46:16 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 6646 17 KB
6 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:46:16 GMT

GET
H/1.1 200
OK ping
ping.chartbeat.net/ 43 B
294 B 205ms
100ms Image
image/gif 52.20.40.56
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ping.chartbeat.net/ping?h=www2.kusports.com&p=%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F&u=sbVzTCYt82bDFiMtO&d=www2.kusports.com&g=27638&g0=No%20Section&g1=No%20Author&n=1&f=00001&c=0&x=0&m=0&y=3084&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=7478&t=BPZ0bcCMCb-rBZf2yVdPpT1CUfszF&V=129&i=%22%E2%9D%84%E2%A1%BF%E2%A1%B9%20Buy%20Hydroxychloroquine%20Over%20the%20Counter%3A%20%F0%9F%A4%A9%20www.HealsPills.store%20%F0%9F%A4%A9%20Uses%2C%20Dosage%20%E2%A1%B9%E2%A1%BF%E2%9D%84Buy%20Hydroxy&tz=0&sn=1&sv=CBzYHWDSxIH5D4bz1lDa-CyNB4YJkB&sd=1&im=04030400&_
Protocol: HTTP/1.1
Server: 52.20.40.56 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-20-40-56.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:46:16 GMT
Content-Type: image/gif
Cache-Control: no-cache, no-store, must-revalidate
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/X7723AQJHJDWVHXHZOPVBN/index.js
https://s.adroll.com/j/exp/index.js

28 B
763 B

17ms
16ms

Script
application/javascript

2600:9000:2156:2e00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Protocol: HTTP/1.1
Server: 2600:9000:2156:2e00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

X-Amz-Version-Id: VxC0v7SN4NsT_sJxZYoy27yA4ALlRfhC
Via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
Etag: "5816cced8568d223aa09d889f300692b"
Age: 128503
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 28
Last-Modified: Mon, 18 Oct 2021 21:07:54 GMT
Server: AmazonS3
Date: Fri, 14 Jan 2022 23:47:24 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: tCtK5gTsnAXjpyWXj7Qm6MEnzkqT4-29eSy2_gath5Ea1RuSLt-hTw==

Redirect headers

Date: Sat, 15 Jan 2022 08:33:30 GMT
Via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
Age: 29566
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA50-C1
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: b20ypCSxS2kHGitqzodYfeqWCgvRlY0vCYEavjgagjIeULDfJ9fzwg==

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/pre/
Redirect Chain

https://s.adroll.com/j/pre/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E/fpconsent.js
https://s.adroll.com/j/pre/index.js

0
734 B

16ms
16ms

Script
application/javascript

2600:9000:2156:2e00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/index.js
Protocol: HTTP/1.1
Server: 2600:9000:2156:2e00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

X-Amz-Version-Id: nQEe8wQ7h0ROt7P4GJfDfstto6x684Hy
Via: 1.1 1d87c34bb2f20fda8e0841bc33179768.cloudfront.net (CloudFront)
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Age: 133782
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Last-Modified: Wed, 15 Jan 2020 23:54:18 GMT
Server: AmazonS3
Date: Fri, 14 Jan 2022 18:04:59 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: l1J7ePn6W_P81rYgDF2BP292TURDq41FRmbYSzZECdS4IWsG33Ulew==

Redirect headers

Date: Sat, 15 Jan 2022 08:33:30 GMT
Via: 1.1 1d87c34bb2f20fda8e0841bc33179768.cloudfront.net (CloudFront)
Age: 29566
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Location: https://s.adroll.com/j/pre/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA50-C1
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: gNOvvumQU6t02WTxsYNIOtLTGoKD0q-QsqGm-LD-FovaN4bX-XTG5A==

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E/ 0
785 B 66ms
18ms Script
text/javascript 2600:9000:2156:2e00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E/index.js
Requested by: Host: a.adroll.com
URL: http://a.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:2e00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

X-Amz-Version-Id: PHYDd.jWZgmyRybOMIene6Hn8N8ueYLb
Via: 1.1 0d37b2e69745cd9f0c5457fbf1a83128.cloudfront.net (CloudFront)
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Age: 461
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Last-Modified: Tue, 11 Jan 2022 23:24:23 GMT
Server: AmazonS3
Date: Sat, 15 Jan 2022 16:43:19 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: Wb5grsrrNqOJd8fBILMrWKRVKOHeEocX2Nw8le3fH40ZlqsGUpFGAg==

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 6DBA 13 KB
5 KB 16ms
16ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:45:32 GMT
expires: Sun, 15 Jan 2023 16:45:32 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 44
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0DF7 783 B
533 B 27ms
27ms Document
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d3f245e748d2b8860ee324fe35ce08fe8ab21e04bcfd98e38ad5c23449b917be

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-v+VcBOKbqua4saCrfzttvw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 15 Jan 2022 16:46:16 GMT
date: Sat, 15 Jan 2022 16:46:16 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-v+VcBOKbqua4saCrfzttvw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 511
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame EF98 13 KB
5 KB 15ms
15ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:45:32 GMT
expires: Sun, 15 Jan 2023 16:45:32 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 44
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame CD9A 783 B
536 B 27ms
27ms Document
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f6544d9db6c115aa490dfc9b1728675a9906b14f431fb3b29dc9d028bcf4f358

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-6RfgF3GNqSIH0BcIp0VXWQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 15 Jan 2022 16:46:16 GMT
date: Sat, 15 Jan 2022 16:46:16 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-6RfgF3GNqSIH0BcIp0VXWQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0DF7 0
0 65ms
64ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=1190106265408134&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame CD9A 0
0 65ms
65ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=3446979153569946&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 qOjxjXcXCvgvcs-4P0zsCT9Wg6D8_9jxJtnS_OGjMvI.js Show response
pagead2.googlesyndication.com/bg/ Frame 6DBA 35 KB
13 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/qOjxjXcXCvgvcs-4P0zsCT9Wg6D8_9jxJtnS_OGjMvI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8e8f18d77170af82f72cfb83f4cec093f5683a0fcffd8f126d9d2fce1a332f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 19:59:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74784
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13349
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 14 Jan 2023 19:59:52 GMT

GET
H3 200 qOjxjXcXCvgvcs-4P0zsCT9Wg6D8_9jxJtnS_OGjMvI.js Show response
pagead2.googlesyndication.com/bg/ Frame EF98 35 KB
13 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/qOjxjXcXCvgvcs-4P0zsCT9Wg6D8_9jxJtnS_OGjMvI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8e8f18d77170af82f72cfb83f4cec093f5683a0fcffd8f126d9d2fce1a332f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 19:59:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74784
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13349
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 14 Jan 2023 19:59:52 GMT

GET
H2 200 X7723AQJHJDWVHXHZOPVBN Show response
d.adroll.com/consent/check/ 393 B
862 B 142ms
40ms Script
application/javascript 34.243.100.214
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/X7723AQJHJDWVHXHZOPVBN?arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&_s=14cea14c13119222d368c34799c36bdf&_b=2
Requested by: Host: a.adroll.com
URL: http://a.adroll.com/j/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.243.100.214 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-243-100-214.eu-west-1.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: 2f2180e07af7d6a2d552aa4a44ad922fa0c1a77e0743585c51978db3af88aa84

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:16 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-type: application/javascript
content-length: 393
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 6DBA 0
9 B 16ms
16ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?SPKRZQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:16 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame EF98 0
9 B 15ms
15ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?9-QxXQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:16 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 52ms
51ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=1190106265408134&bg=!hYalhsLNAAaocxMpqHM7ACkAdvg8WjLCOdJ2HiAq1-_S8PboK6v19yPod3lCWsH1fuTYjaHTdgod_wIAAACXUgAAAANoAQcKABRGCJSGo8ToBy2ITLnmPaieQPu_8pkCtwmVFYWfncll7kWLnpIdInWW4o4QxvYafawYfUSMAzJ3jpGHcfWiJTGxlt4EMb9M3RcFAHeqL_HGYqZUjySbNorZjuwNZ8cD2z2vKe464AH7M4cdDwfcAyvcJPr_ykhT8VSjqxgPLjyyLYYDdSbhGY3JgeQKDuiF6OvyhuDY5FDOW5pu4ddD3hsNATFdn2SEeLQ98bSJ7_49yrJIdZ8n8pHq6br46jWrNlvB6YZhuDTaTFjFXUK8ILQWmFhNielLF7GA5tCLQC_lFDD33eX1520wyIkegWHKJIUOxbKIi-XKieWuJGK37Qlg-mtHeB-dqLG2YFhPVu8X79KkYXhNHkwcLqKojzfnTO4htpVwvKtuBd2oVlQPTGZulJI3cwI_NC1cR46vTtiZCOooQXeCNDcfgPtvlaQg2YfdY-jiwryn8kOw9TgLIkWsFcDUdtxqIb-ndz7Qp8UQgLt9X-xqSJVt72acw1owZFZ9ejMP6qOEyXZ8Z-3bYSTxNLjvp6R2ukL46HwnebnBGWZF7WkWKWOYP3PPlP7KLD1ibfyx3RMmaRUdfMKFNBUotqVoEKUSTDQ1bq_mqg9WKD3O2quFXo_ONDNCF_xiMGJyjGf-tVZV40tISW5OtfIZkG3vDHaDL0ez4w6xkimeQ8L88vulTu9WcdPfVlM6bbsaG8F1h8rj4pOozPdMXtN0-MLmcVdsj3ouiAHv5CSMP8CPY40s92wMXzQH1tgI0M0Ak2R9ZBLdgXXof2JE7C6g5BiEmRCo3D6QorgxG2Eog3bq7KIzuY_eWrTn2fFYooTyRldYRJfnHLxeRFeV-kf0ARDFQOyok1ib_n2Bjna8NuKMeuxjHGIxYKlVUBdD0-r15CnoX8wVOUEL_X8G7wIp_aptU_s6g2weQLFaxkbIo1CyY3ThxBcGwAeUeNdV

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6646 0
20 B 52ms
52ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=3446979153569946&bg=!3t2l3ZnNAAaocxMpqHM7ACkAdvg8WglNqJNMg4qH8RUZoZYyD_zvMDhdCvS-vlGXNZyScuh_KdXopgIAAACKUgAAAARoAQcKAF_iAdkZil44BpiBK5s95EGX7I9CKbkjkir8o2ug-5Fb6wdHItQ-K4mjhh297Y_sNwktLH6eDCOD0PQHj7zfNIY3lzfdLZTfEAyl1HoXHwd5Ys2ILr8_FT6oDza4ZHqBF5kDD-jA6T6cY829URv9uJhToVkrwY-kJMZs06f82kVBcdm3F1RInxHmRg_MSUcEq4jrmqJd4UgaOJnwdgQsB3mW9l24Qd0MGrRBJdmXpyLo0x8CXUyLvZHY4QIKaUh2VZKXqsjUfK6soi1P_2olOv54o3x52pEm5SaBuFvZwHDK39jI7KVjH0by46GNoScolgszKr5uSMGVWxqsBp6Ow3HAqihcJmQASYeAg0XzdBnwcr2__xnpJtH-uSl86G2eeNjmVANovpp26T5SwdufvdIIQOhLP2WD5nIrh1zYxDHGhiZ0ZSxU_4ZyQlyQn5TFUgqt4_BVNz1wmCFF32zE54TLTCrTMC0oWZSHAaWDyczwPjxBHdizaKpFtnsu-jABHdCQDWZ2gmh6CF934l_Dh7jZqxz70iphU4-akN2gtOtvo1chaI_kOUrap2sZUWtCRzrTjfF075OfxqceAZijRlap05rvUbNFgedKDKljrAez2nAI2mXC_3H531dg2t-PMjF9Vx0zUycNvi7YnZ24Drwm8GlN2w48SqTLXzC5LbLD--yM2rvKRf-qhbj29BoxOrIytTy0qNLoNf_GrviT2biDKJyKW4r8JtI-QtoGTTPC9mfTNG04pXkDCBvzSKxqll3ORuE-2w7TgjNJOuCrxBEosH5AeCfxO0fFJcOX8crgEO1MIio2vd-LBDixbmMrTAiaW6wZAWTX2K3xalujibHInp7h1droykGECnmrdTZmeXBejtw151uMEbBziX9NioPQtd2oq58tdBB_NfFckYaVee3zZUDnJW2Cs-XjPT4qHjWCqq-X-uTTMhYCPrWGo40cEQw2FydTw4c25paYuQ2PyNZlszXNy83DyuFitKOxbcp7VdXU_hpGW03iraALCkSXHB7wuP-iXlMyQTVjsibXiGJbnR6K7A6n402P7WiE_qkITEZwmE-5rsLZqOyZiIr4MH4QG4JBnsSigp_mpr43VgztXiwtxftUECBscd5AnIYAFz3DG2MgjGk3XacIAiky6LTWE_hN8qP151cgfdAfWg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

NT3YRS4RBBEJXN5JBMR5A3.js Show response
s.adroll.com/pixel/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E/
Redirect Chain

https://d.adroll.com/pixel/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E?adroll_fpc=c283e10819e72bc8363f9e14a5d1b1d5-1642265176304&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotog...
https://s.adroll.com/pixel/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E/NT3YRS4RBBEJXN5JBMR5A3.js

2 KB
2 KB

18ms
17ms

Script
text/javascript

2600:9000:2156:2e00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/pixel/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E/NT3YRS4RBBEJXN5JBMR5A3.js
Protocol: HTTP/1.1
Server: 2600:9000:2156:2e00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d1d938d97331866e733f47f9ba4b748530a8b4f684ae1bf3a19c01f32854104f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

X-Amz-Version-Id: esNmzW3uroWKwh70CFyRK9.ni.LnG9dW
Content-Encoding: gzip
Etag: W/"e2fa21a3c5e4ee334e1fbbe2e9290ca2"
Age: 460
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Vary: Accept-Encoding
Via: 1.1 1d87c34bb2f20fda8e0841bc33179768.cloudfront.net (CloudFront)
Last-Modified: Tue, 08 Dec 2020 23:30:33 GMT
Server: AmazonS3
Date: Sat, 15 Jan 2022 16:43:20 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA50-C1
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: uVCJ_Lhkj7QVbrJq7TCNTOeU-mNgnh_MSqWvmfLe4HdKrniAqzhvhw==

Redirect headers

pragma: no-cache
x-conversion-value: 0.00
server: nginx/1.20.0
x-rule: *
date: Sat, 15 Jan 2022 16:46:16 GMT
x-segment-eid: NT3YRS4RBBEJXN5JBMR5A3
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://s.adroll.com/pixel/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E/NT3YRS4RBBEJXN5JBMR5A3.js
cache-control: no-store, no-cache, must-revalidate
x-segment-display-name: Visitors to Unsegmented Pages
x-pixel-eid: XTQPGD4JMZBBLO774N2I4E
x-segment-name: *
x-advertisable-eid: X7723AQJHJDWVHXHZOPVBN
content-length: 0
x-conversion-currency

GET
H2

204

v1
ads.yahoo.com/cms/
Redirect Chain

https://d.adroll.com/cm/r/out?adroll_fpc=c283e10819e72bc8363f9e14a5d1b1d5-1642265176304&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%2...
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

0
446 B

53ms
18ms

Image
text/plain

2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Protocol

Server

2a00:1288:80:800::7000 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:16 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

location: https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
pragma: no-cache
date: Sat, 15 Jan 2022 16:46:16 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-length: 165
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H/1.1

200
OK

sync
x.bidswitch.net/
Redirect Chain

https://d.adroll.com/cm/b/out?adroll_fpc=c283e10819e72bc8363f9e14a5d1b1d5-1642265176304&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%2...
https://x.bidswitch.net/sync?dsp_id=44&user_id=NjVjNjc0ZGU4MjhiMGU3MDExMjhlNDE1Y2YzMTk5NWY

43 B
220 B

16ms
16ms

Image
image/gif

3.123.163.195
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=44&user_id=NjVjNjc0ZGU4MjhiMGU3MDExMjhlNDE1Y2YzMTk5NWY
Protocol: HTTP/1.1
Server: 3.123.163.195 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-163-195.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:46:16 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

location: https://x.bidswitch.net/sync?dsp_id=44&user_id=NjVjNjc0ZGU4MjhiMGU3MDExMjhlNDE1Y2YzMTk5NWY
pragma: no-cache
date: Sat, 15 Jan 2022 16:46:16 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-length: 96
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H/1.1

200
OK

setuid
ib.adnxs.com/
Redirect Chain

https://d.adroll.com/cm/x/out?adroll_fpc=c283e10819e72bc8363f9e14a5d1b1d5-1642265176304&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%2...
https://ib.adnxs.com/setuid?entity=172&code=NjVjNjc0ZGU4MjhiMGU3MDExMjhlNDE1Y2YzMTk5NWY

43 B
1 KB

24ms
24ms

Image
image/gif

185.33.220.216
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=172&code=NjVjNjc0ZGU4MjhiMGU3MDExMjhlNDE1Y2YzMTk5NWY

Protocol

HTTP/1.1

Server

185.33.220.216 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

872.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:46:16 GMT
X-Proxy-Origin: 217.114.215.133; 217.114.215.133; 872.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 4548298a-14ee-4e7d-80ec-9b4ff7b826eb
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

location: https://ib.adnxs.com/setuid?entity=172&code=NjVjNjc0ZGU4MjhiMGU3MDExMjhlNDE1Y2YzMTk5NWY
pragma: no-cache
date: Sat, 15 Jan 2022 16:46:16 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-length: 93
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2 200 out
d.adroll.com/cm/l/ 42 B
180 B 40ms
39ms Image
image/gif 34.243.100.214
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/l/out?adroll_fpc=c283e10819e72bc8363f9e14a5d1b1d5-1642265176304&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%25E2%25A1%25BF%25E2%25A1%25B9%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%25F0%259F%25A4%25A9%2Bwww.HealsPills.store%2B%25F0%259F%25A4%25A9%2BUses%2C%2BDosage%2B%25E2%25A1%25B9%25E2%25A1%25BF%25E2%259D%2584Buy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&advertisable=X7723AQJHJDWVHXHZOPVBN
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.243.100.214 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-243-100-214.eu-west-1.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:46:16 GMT
cache-control: no-transform,public,max-age=300,s-maxage=900
server: nginx/1.20.0
content-length: 42
vary: Cookie
content-type: image/gif

GET
H3

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://d.adroll.com/cm/o/out?adroll_fpc=c283e10819e72bc8363f9e14a5d1b1d5-1642265176304&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%2...
https://us-u.openx.net/w/1.0/sd?id=537103138&val=65c674de828b0e701128e415cf31995f

43 B
61 B

26ms
26ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537103138&val=65c674de828b0e701128e415cf31995f
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:16 GMT
via: 1.1 google
server: OXGW/17.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?id=537103138&val=65c674de828b0e701128e415cf31995f
pragma: no-cache
date: Sat, 15 Jan 2022 16:46:16 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-length: 87
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

200

in
d.adroll.com/cm/g/
Redirect Chain

https://d.adroll.com/cm/g/out?adroll_fpc=c283e10819e72bc8363f9e14a5d1b1d5-1642265176304&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%25E2%259D%2584%2...
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=ZcZ03oKLDnARKOQVzzGZXw
https://d.adroll.com/cm/g/in

42 B
536 B

39ms
39ms

Image
image/gif

34.243.100.214
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/g/in
Protocol: H2
Server: 34.243.100.214 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-243-100-214.eu-west-1.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:16 GMT
server: nginx/1.20.0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-store, no-cache, must-revalidate
content-type: image/gif
content-length: 42
x-result: g.-1.-1.-1

Redirect headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:46:16 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://d.adroll.com/cm/g/in
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 225
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: media.adfrontiers.com
URL: http://media.adfrontiers.com/pq?t=j2&s=1779&ac=19&at=2&xvk=26561579.219536614

Domain: google2waycm.netmng.com
URL: https://google2waycm.netmng.com/cm/?google_gid=CAESEF0piQbm0_lJn-3kk8lscdE&google_cver=1&google_push=AYg5qPKeqhP3d-uQFtt4cHkK8ATQ3qnFEeuDcSkB1vgj2jlXSHS-HIyJ1A4K1VPn_IeD8MvzKwHR97g0qWmMJwSmvCg-l6Q-QG2b3w

Verdicts & Comments Add Verdict or Comment

181 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

60 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.kusports.com/	1970-01-20 02:20:41	Name: _fbp Value: fb.1.1642265170457.1038434706
.scorecardresearch.com/	1970-01-20 17:27:53	Name: UID Value: 1YYC50RKICZHIR2ZR6XMVTg1642265170
.kusports.com/	1970-01-20 17:42:17	Name: _ga Value: GA1.2.1261223503.1642265170
.kusports.com/	1970-01-20 00:12:31	Name: _gid Value: GA1.2.1033640425.1642265171
.kusports.com/	1970-01-20 00:11:05	Name: _gat_UA-381152-3 Value: 1
.quantserve.com/	1970-01-20 09:41:19	Name: mc Value: 61e2fa52-dc67a-d4705-f2c2a
.kusports.com/	1970-01-20 09:35:33	Name: __qca Value: P0-1484996935-1642265170685
.www2.kusports.com/	1970-01-21 02:27:53	Name: _awl Value: 3.1642265170.0.5-4e41b558d1c4448272d9c88dbd2934a6-6763652d6575726f70652d7765737431-0
.kusports.com/	1970-01-20 09:32:41	Name: __gads Value: ID=17218467b865d251-22a23ffe20cd003c:T=1642265170:S=ALNI_MaTbL8MOdawzB_xiYXGiPVPhU4Q7Q
.doubleclick.net/	1970-01-20 09:32:41	Name: IDE Value: AHWqTUkdSjixBJq-eNqeWnOK9F-adH1D_CwbjzCa6xYu_GOOHOgUOAMDzLJYuGwBt0o
.casalemedia.com/	1970-01-20 02:20:41	Name: CMPS Value: 3194
.casalemedia.com/	1970-01-20 08:56:41	Name: CMID Value: YeL6VKCtowhFoRAqlQFmRwAA
.casalemedia.com/	1970-01-20 02:20:41	Name: CMPRO Value: 1162
.casalemedia.com/	1970-01-20 00:12:31	Name: CMST Value: YeL6VGHi+lQA
.casalemedia.com/	1970-01-20 08:56:41	Name: CMRUM3 Value: 2d61e2fa542760CAESEDmOX-8pE1KxZtQBgYFHG_U
.adnxs.com/	1970-01-20 02:20:41	Name: uuid2 Value: 7667645894489933994
.redintelligence.net/	1970-01-20 02:20:41	Name: 8lcfmzhxc8d6_uid Value: 075a7c95e5e86487
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 379097:2519595
.travelaudience.com/	1970-01-20 09:41:19	Name: _tracker Value: %7B%22UUID%22%3A%22A7598B42-2002-4811-A2E2-3F34F5DC6954%22%7D
.mathtag.com/	1970-01-20 00:54:17	Name: mt_mop Value: 4:1642265172
.mathtag.com/	1970-01-20 09:37:00	Name: uuid Value: 05a361e2-fa54-4100-92dd-3770779d75de
.bidswitch.net/	1970-01-20 08:56:41	Name: tuuid Value: 659d8521-3a47-461d-b273-cf7e24032f9a
.bidswitch.net/	1970-01-20 08:56:41	Name: c Value: 1642265173
.bidswitch.net/	1970-01-20 08:56:41	Name: tuuid_lu Value: 1642265173
.rfihub.com/	1969-12-31 23:59:59	Name: euds Value: H4sIAAAAAAAAAOOSMXR2dA129c3OC8yNyE8L8Ir38AxNiipMKY93zAYAwwlcTR4AAAA
.rfihub.com/	1970-01-20 09:32:41	Name: eud Value: H4sIAAAAAAAAAOOSMXR2dA129c3OC8yNyE8L8Ir38AxNiipMKY93zA7iNTQzMTIyMzU0NzYwsnzFiMw3NgAADFzqhz0AAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNjIwtjQ3NTQ0sDQxNzE2tzS3NBPiM9SNT3ZxLEyPyPTxCfUGAL7741MlAAAA
.rfihub.com/	1970-01-20 09:32:41	Name: rud Value: H4sIAAAAAAAAAOMSNjIwtjQ3NTQ0sDQxNzE2tzS3NBPiM9SNT3ZxLEyPyPTxCfWW4jU0MzEyMjM1NDc2MDYAAJgGlfY0AAAA
.rfihub.com/	1970-01-20 09:32:41	Name: smd Value: H4sIAAAAAAAAAOPiNTQzMTIyMzU0NzYwNgAA-aw2ow8AAAA
.bidswitch.net/	1970-01-20 00:11:05	Name: google_push Value: AYg5qPJsf-zPvX4myIaE70yrf-ihd2t0bPbHRE84-QntxZuki0zkg17bOsIGR5zCJPSSHxYKgp897QFW8AzmMFKihvBI8ODys_I5
.office-partner.de/	1970-01-21 00:11:05	Name: source Value: {"webgains_webgains":{"timestamp":1642265173130,"clickCookie":false}}
pb.media01.eu/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: lil0n3i0t12ml2v2w24znkpp
pb.media01.eu/	1970-01-20 17:42:17	Name: DTU Value: 9A986281CD3B1F0233301CA9C3C88F44
fksnk.com/	1970-01-20 00:21:09	Name: AWSALBCORS Value: ICaqIDkGMl2XAxTqgeNtNyjGSAcndup85D4ktaBfw3Qpdsa98nIO303DYY/IHQa8gv7dS8IGljLKmmiOWhlPbnAP12LGMsowMxOGJ4XWa0Eyzj1j7zwFYzo/8LD6
.fksnk.com/	1970-01-20 02:20:41	Name: f_001 Value: A158083C529848CF
.fksnk.com/	1970-01-20 00:12:31	Name: g_001 Value: 1
.c.appier.net/	1970-01-20 08:56:41	Name: _auid Value: 5I4O95mUDhiZISFdVfriYQ
.c.appier.net/	1970-01-20 00:54:17	Name: _gu Value: CAESEEJythMgl24bv6WxPbsu5HM
.medialead.de/	1970-01-20 08:56:41	Name: trscj Value: MTY0MjI2NTE3NXxMM1J5WTJzdlpYQjJMMlU1T1dGaFkyVTVOR1UyWlRVNE56TTRPREZrTXpRd01EazVNMlV4WlRkbFAzTjFZbWxrUFRneE5ESTBNekF3TVRRNE5UWTVNREF3TnpFd05qRXlNREV4T0RRd01ESXhKblE5YUhSc2NBPT18YUhSMGNITTZMeTgwWTJWbVlXTmhOekE1TVdabU5XUTBZVGMwTWpZMU5EQTRPR1E1Wm1ZMk1TNXpZV1psWm5KaGJXVXVaMjl2WjJ4bGMzbHVaR2xqWVhScGIyNHVZMjl0THc9PQ%3D%3D
.awin1.com/	1970-01-20 00:21:09	Name: awpv14098 Value: 296283\|1642265175\|a7cbf510-7622-11ec-b817-22614cf80296
.retailads.net/	1970-01-20 00:54:17	Name: ppb2172 Value: 1145042063
.lijit.com/	1970-01-20 08:56:41	Name: ljt_reader Value: 4501c70d0c718c4c3d5a8b8e
.turn.com/	1970-01-20 04:30:17	Name: uid Value: 3360114055971208185
.mts.ru/	1970-01-20 08:43:42	Name: dspid Value: 1f5326f6-5714-48ae-9bb8-d97458faaf09
.everesttech.net/	1970-01-20 08:56:41	Name: everest_g_v2 Value: g_surferid~YeL6VwAF1MnHEAAm
.futalis.de/	1970-01-20 01:37:29	Name: raSIDb Value: 1145042063
www2.kusports.com/	1970-01-20 09:39:53	Name: _cb_ls Value: 1
www2.kusports.com/	1970-01-20 09:39:53	Name: _cb Value: sbVzTCYt82bDFiMtO
www2.kusports.com/	1970-01-20 09:39:53	Name: _chartbeat2 Value: .1642265176024.1642265176024.1.CBzYHWDSxIH5D4bz1lDa-CyNB4YJkB.1
www2.kusports.com/	1970-01-20 00:11:06	Name: _cb_svref Value: null
.mts.ru/	1970-01-23 14:35:05	Name: mts_id Value: 28a44a37-bd08-45f7-b828-d59392d39dd5
.mts.ru/	1970-01-23 14:35:05	Name: mts_id_last_sync Value: 1642265176
sync.srv.stackadapt.com/	1970-01-20 08:56:41	Name: sa-user-id Value: s%3A0-bf41537b-dcbb-4fae-5f86-718be215d1ea.5%2FMjOOOPDzUEl0vsPfptSykyxcbEZAFA9qJh23%2BClQM
.srv.stackadapt.com/	1970-01-20 08:56:41	Name: sa-user-id-v2 Value: s%3A0-bf41537b-dcbb-4fae-5f86-718be215d1ea%24ip%24217.114.215.133.cg%2BKq7pyYb%2BupBvy3TMw6njLGc9EBdZEQrjghj%2BAViI
.www2.kusports.com/	1970-01-20 08:57:02	Name: __adroll_fpc Value: c283e10819e72bc8363f9e14a5d1b1d5-1642265176304
.www2.kusports.com/	1970-01-20 08:56:41	Name: __ar_v4 Value: %7CX7723AQJHJDWVHXHZOPVBN%3A20220114%3A1%7CXTQPGD4JMZBBLO774N2I4E%3A20220114%3A1%7CNT3YRS4RBBEJXN5JBMR5A3%3A20220114%3A1
.adnxs.com/	1970-01-20 02:20:41	Name: anj Value: dTM7k!M41$CxrEQF']wIg2GVIos-la!]taa8i_iqf!oN/@E'zz<Z0Q'zbESe-x.]Phjxf=AK@CrrU6GDWdT-Cg90k/X-Zf6/YIEV@!%AEZJcpEP2=eaZL]OEsBRPavd7%b!yhDkkAP9^n)1SbF.Akvx8[SXMLfL68!1qF1`bc`G1+q8j
.yahoo.com/	1970-01-20 08:57:02	Name: A3 Value: d=AQABBFj64mECEF-3RPbmmVKiVF9cpN9KtAUFEgEBAQFL5GHsYQAAAAAA_eMAAA&S=AQAAAv6U_PzbaXi9qAbfZPs9hUU
d.adroll.com/	1970-01-20 09:39:53	Name: __adroll Value: 65c674de828b0e701128e415cf31995f-g_1642265176-a_1642265176
.adroll.com/	1970-01-20 09:39:53	Name: __adroll_shared Value: 65c674de828b0e701128e415cf31995f-g_1642265176-a_1642265176

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://pagead2.googlesyndication.com/pagead/managed/js/m202102160101/pubads_impl.js?0.04872131318801509 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/_t200/?63053ce3c12ccdabb07c8a8609241a2395705911= Message: Failed to load resource: the server responded with a status of 404 (NOT FOUND)
security	error	(Line 5) Message: Mixed Content: The page at 'https://006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html' was loaded over HTTPS, but requested an insecure script 'http://media.adfrontiers.com/pq?t=j2&s=1779&ac=19&at=2&xvk=26561579.219536614'. This request has been blocked; the content must be served over HTTPS.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

006794f55017d37a53ed3b052c56a70d.safeframe.googlesyndication.com
11960f56a284ac0e808ef33964c3df93.safeframe.googlesyndication.com
4cefaca7091ff5d4a742654088d9ff61.safeframe.googlesyndication.com
6ccc5fa424d647bd49be4f773c4b014f.safeframe.googlesyndication.com
8019191.fls.doubleclick.net
a.adroll.com
a.c.appier.net
a.rfihub.com
ad-server.eu
ad.turn.com
ads.travelaudience.com
ads.yahoo.com
ads.yieldmo.com
adservice.google.com
adservice.google.de
adservice.google.se
adv-srv.office-partner.de
adv.office-partner.de
af2d505fbd2db4dde60a2a2d67fb207e.safeframe.googlesyndication.com
analytics.webgains.io
analyticssystems.net
ap.lijit.com
api.webgains.io
b72e4da362613835e90dbe66753f395c.safeframe.googlesyndication.com
butterbulb.com
c.eu1.dyntrk.com
cc.adingo.jp
cdn.includemodal.com
cdn.retailads.net
cdn.taboola.com
cdn01.basis.net
cm.g.doubleclick.net
connect.facebook.net
d.adroll.com
d3plfjw9uod7ab.cloudfront.net
dsum-sec.casalemedia.com
e50cb70897325bbab3447118d665891a.safeframe.googlesyndication.com
edge.quantserve.com
fksnk.com
fonts.googleapis.com
fonts.gstatic.com
futalis.de
google2waycm.netmng.com
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal900021.redintelligence.net
hal900025.redintelligence.net
hal90008.redintelligence.net
ib.adnxs.com
insight.adsrvr.org
maps.google.com
maps.googleapis.com
match.adsrvr.org
media.adfrontiers.com
medialead.de
ogden_images.s3.amazonaws.com
pagead2.googlesyndication.com
pb.media01.eu
ping.chartbeat.net
pixel.quantserve.com
pixel.rubiconproject.com
pixel.sitescout.com
pv.medialead.de
quizzicalzephyr.com
r.turn.com
rules.quantcount.com
s.ad.smaato.net
s.adroll.com
s0.2mdn.net
sb.scorecardresearch.com
securepubads.g.doubleclick.net
servedbyadbutler.com
sm.rtb.mts.ru
static.adsafeprotected.com
static.chartbeat.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.go.sonobi.com
sync.mathtag.com
sync.srv.stackadapt.com
sync.teads.tv
tech.rtb.mts.ru
tpc.googlesyndication.com
track.webgains.com
us-ads.openx.net
us-u.openx.net
worldonline.media.clients.ellingtoncms.com
www.awin1.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www2.kusports.com
x.bidswitch.net
google2waycm.netmng.com
media.adfrontiers.com
104.90.104.248
104.90.181.210
104.92.94.3
116.202.46.88
13.35.253.42
138.201.63.150
138.201.84.245
142.250.185.226
142.250.186.162
142.250.186.38
144.76.238.55
145.239.193.130
15.197.193.217
151.101.1.44
151.101.2.49
151.101.66.133
172.104.70.67
178.162.133.149
178.79.242.181
18.66.248.117
185.29.132.241
185.33.220.216
193.0.160.129
2001:678:cb4:bbbb::11
208.91.60.6
208.91.60.7
213.87.44.187
217.66.147.167
2600:9000:206f:9600:15:90db:9f40:93a1
2600:9000:2156:2e00:6:9280:1080:93a1
2600:9000:2156:b600:1b:5138:8a40:93a1
2600:9000:223c:3600:6:44e3:f8c0:93a1
2600:9000:223c:ba00:18:1fcd:34f:cdc1
2600:9000:223e:b600:13:a391:88c0:21
2600:9000:223f:c00:8:48e:53c0:93a1
2606:4700:3030::6815:251b
2620:116:800d:21:5a23:9c4e:e774:96c1
2620:116:800d:21:ee05:6a01:4b41:8c89
2a00:1288:80:800::7000
2a00:1450:4001:802::2002
2a00:1450:4001:803::2004
2a00:1450:4001:809::2008
2a00:1450:4001:80e::2001
2a00:1450:4001:80f::200a
2a00:1450:4001:811::2002
2a00:1450:4001:813::2006
2a00:1450:4001:813::200a
2a00:1450:4001:828::2002
2a00:1450:4001:828::2003
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2001
2a00:1450:4001:830::2003
2a00:1450:4001:830::200e
2a00:1450:4001:831::2002
2a00:1450:400c:c07::9b
2a00:1450:4019:806::200e
2a00:1450:4019:809::2001
2a00:1450:4019:80c::2001
2a01:4f8:d0a:2321::2
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
2a0b:4d07:102::1
3.123.163.195
34.194.7.56
34.243.100.214
35.190.0.66
35.190.90.202
35.201.98.64
35.244.159.8
44.194.225.67
46.236.13.147
49.12.16.151
5.1.80.163
51.178.20.139
52.20.40.56
52.217.75.100
54.72.0.164
54.76.176.197
54.92.96.182
66.155.71.149
69.173.144.139
72.251.249.14
88.198.250.30
94.23.99.218
99.81.30.72
039c07f120a4f270f59c2562a5a28f533afc5a729300fffa9b6b01aa411ffeb9
039f3ff26bc8395c7277d462f58846a4e26c13af917f5b0fd2b821292b017d84
03f40b2a01bbba09852e901342f46c741a9a3f8fb9450bfa29a5e13f568af04e
043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da
06a1b5afc54f03b03f1ec1d55390a43b7d0bea926033263e0988e33a8db55d19
06ea3f6c711322097aef91b87415a2b67cdacce2b8a08baf5129935fed10591e
06f0f066bec226fa3eabd0c05ab5c46d88c6e48c811fd3e905fc74b75ae71d73
0a7a697a5eac3b0189c70e85b1ef79b44e41116a6d06e5af278857c4a2c0f2c7
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bb5eb51c0ee0972c3b2b6ebf6bcb3b0c1cbb7c4c93b0acd442110005c1c3289
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0d35142f32786296129b89d4acaee1ff5201114af38d139b384412fa38777d7a
0de9144bce06e89231efdcb0acd8d48483ca86649c44e991895fbf4dff221cf9
0e25495ffd09f6b677ce228b97bc09623d45aa81fc770413c46259a040b81fbc
0e9793afd5d57a188f900a3561b714829cb7fddbe1fc7dd454dc94f6515121ee
0fc0fbb7321bca17d95d35cbb2bcbc81ac7e78c61a50b2af2ed130a1fe6f1691
1097c01b38cb84d60d03c6ceaba1616b06740a5bb2bbd3d82ec559ab07204035
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
14dcc325319e97801c2c33df37d8d986a87872ccfc3fb7078fb54f6f892bfa4b
15cd950fdf0a22946139981c83584014730ea322856de684bbb7b9a638e99330
17b91841811d67da94317ebd549a5a35e66e380be5a2ca51a34a8139f9a1415a
184c086f14e19e16f552434bd33969ea5f487e82ca5d706e648b6420ce864a52
18ed51fac6f3daf5687ac69a7846cc7ed20362711b965ff622a0cc6367cfb156
1979e136df73c0182593b957b1ccb3c6b659c018e3ae61b13f9db6ca3377acbd
1b67d92a3588252269bc6cdeca8fbfccb5446d70e0cfcdcdaf78898d815d9c62
1c8ea4881eaf2cb7fbf4ae2b940b7fcb89f08efe3356e70f8b10825c1ff853e6
1d8749b19ba5041e508d173b873b9ac49b4d2fa9bab220cd1299e654fdd0f27a
1e301e8df84a84a431d83b1c4a1c119eeb197d69eda7e8086dee21a937631be4
1e6d070b6dfc55e901e9280547ca443bf3089030043408df167cf7ae5b1025c7
2216c784a7bc43a18d75912086d025ebb405e3383fc629112c2761204e9e9257
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
23b9cc8583292bf65bcc948442988b792c204328c8a2978bde28deffd59355db
24087bfdc7797794ea3e2ce37a819efae9a6d1f51d42bc07f53d86a0a5d3391f
25049c305b208bde887cde10dc3fe87d0e39d98d7f126acaa42338f2fb51cb6a
2649d411849441560a08d65ecc699902799d2219cb10ddf8c365b9803ae66acc
26e2c6e5dcba43026ac44b78c9c73bb51d099a786ca808c9a2061c3ed81625e2
26fed8bb7169b720f1b469a3aa57111caaedc19849e034bb363db2bfac2bc302
27fc5c9aa4e536997504db13ac60a2fd93818a7c2b6a99d7343cc25ee18f565e
2b911d51ed949642e3d9b146c0ac22914c134bcb104a0acfe8df42353d168a3e
2c71eb3103f2291fe4a690548388a965bde3c77c153dac0fc029c7ae8e3eae53
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e7b133667cf862ce360aec2578c08adcf317bdeffb5b5ae26f22c7928bed85f
2f00b6fca183c5f3667b35193d424be89bcaae7b80080bbde6c5ed344463bc21
2f2180e07af7d6a2d552aa4a44ad922fa0c1a77e0743585c51978db3af88aa84
2f86987acb8ba6f3703a815c5dbb09d282cf25c1714ae91d1c2afd9d9af7c08a
2f9c35e984c1b63a7e6b13f07d6afb5d8335a1aba0e382d7e0c66e23b049de68
2fefea77ea2bf25e14fb885e13efaa1ccf6ceb49b642782a0705279dae7e0494
3023b8c8a44629993a179f9b49e46244f8d9ec755e3068d1532bb48c0235ecd6
30f8d650e5003e7ac2ddaaae9a57212d7972c7c0dd451ea43f094d5d1fb60cd5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
33a7f1daa51a3d81a190b331e6ce2bdca98966dc7846894d5619c87a3ceb319e
33df52041074c387e9c5b1660f5cedc057cca1ece0f7c446c4a898b112003757
34983bb02be1afc41c4bd28a7bf5f89d84138fc3d37b09ad61d3fbe680fc466e
3752258f545f1cd6c4be6593f9f64ec4eb2d377b8d7e5ce52a1b908d9dcf1875
37ffaf519d628423e1ea7147364a8d2af10c3b63f3ec5a9b598f989aeaafd74c
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
3856abc7b0b704a1ba2fd44178056ce6703a3fbddd92a52292990d5287655c4b
3d313e573148b8aa541b772ed63b36b5b05520fd0ca9e20dce848bb65916c1ce
3f81f6d756fccd8ececaefea33c5818d208feac170c52342b0f5dd3905bd934a
3fde16febe487398469364de1dad7fa7640a9fb9dfe2c109c616d6df38d91ba6
428f1eb7935944229430ac0fdce0033f05d9b8c1c020b87c681dd7a78ab4dd19
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
46f91934dfcf2858e78684bf1255b45320ef80059f80d4f376bc829446f5505c
482c5ca644f49f87f08ea6ad0e046a21d98ca5009192127e25c3c7342bd81ba1
487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4af952994baa0cdd0cee4927dbb7f207a7a28f34bd4b748f4cf5ef30c9a6cde4
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c12833adbf43d20fa1cdeede9f484606cf6a1cf18100584c277f8466e90d260
4ca98a9f6e5b6b5acb8c8c474b3366e13372946d998d4c12470ce606b05df393
4d64cca2d081e3574a789840fb2d888796a38e8a6cb8c09df541c03a7c2fe627
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e6e5361585f92082157908f64a8d9829cced7a8af27c3ca91717b1c89ee7376
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
51d53492d7322fd92bdeb78693bda92a5810de0906203c9d800f36f3650e7c58
51fafa8da3b03ac77d9ac2fdeafe93a313829891e3a922a596801146ba41444a
547abea67d17355bd6e410e52a8219897b43b5277eda3d692e3fa2cb422e1149
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
552684c6109a14468c898297651b064af4fdca7cd73c4928f445cd5164ad58e2
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
561efbd8ea18ac526a913da03b3f3e4557994af182ca61c586212f0aa71a634b
565a604b8d2449fcbbe6a76e51f0b8f5c6b85e912c87e81bb9aa2c7f86b8cd07
566b04352d09352a6ce5bdf3846adb8a29fc91878ff39603aeb9a42ec556e3c0
582bc045158a170966d83c183ba82e0ddabcf78f569447844f1904eb46b71246
582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd
588aeb8b8a4b3702b9acb7aa8327541db3604cd2a8d3ba5a9d3c8bf3d4e343b9
5bdf1120c4df8c868092d0bcb7f2540a85456fd94cd1e1a5570c9b63906b1a5b
5d7f15ac53853ed5337b3cf50f22c2fc9858d1177a5aae58a584ae3dcc3ef7f0
60bc64d05c6e4c092ed9c99c0342cc935776737f6ebcf46e8dc01dda2e5480e4
61539c7c34cf36c47b07c794d999213771a4bf2609f19d5baef084bf8576ac84
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
623d4350b84c3db35766c93aa589955ad02710b1cbb5bb8fe0fbfdda1bdba321
65a09e406ac292276a1c171aff8e44a72f7f7db7cf22cce78a0f87364c7dd454
6dd9c52de77964061f706c1650a89766e99348f63be12b7b6467970bb34ccfbe
6e0f2f29e2e272a9c39fc0ba95adac0edc0cd8f9dd1a49987fcb4f5dd4e868d0
6f5eb7661d48a294be311abff67f47fb6d1494d394ab1f57a6370ab9beff8ee3
6ff6c41c1b3e156f7f83074f774356106087b7149eb7fa198673d2c50eaa9490
71f59d13d69d502b117d87f28fa286757c478447b06f87d4b02c44361c4a4855
728a9a5773bddf02be49c8ac1c8e4f64086c4814abe7b5e95a4d14fdaa9d7486
72dbd696f7961daf9049faacc868865d959f3d126f40d5271f48d5d9a0ccc652
762f2135d7f709ed01ed2a4829ac28b051d6df007aec607df238d60950b03453
770f39534d503d9feff3bf990db12b6775bcb8bf7a06a178d326dce53d0ab5e9
777fd3cae235313f40770e1af8a7fa1c1a326e040d79014f2bd732a1f5153a51
783b7e72bd260649bca562a57b1ec95b6903954bb50fb7fd52cc90c999465cc4
798887e5cbeee3b6c08e9f0457e3e2835fa8ed597d1ef9790b8eaaa7e5037ddf
7a3aa8291f76fec949e91c7800b7ed668f3aab9f0d19201923cd21018d9b3ace
7ac61bbd491ea91981ae5f8c99a162d2cf7f6836e80e2283448ae4c29fdf2420
7e2ed03bbc185372cb541663170321544300747ae296389772dc8f722551eb3c
816d57888a08dbda16b694ac102f8f2499378929900ac80b6e440ab163e18c7c
83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
857041d7b1555e8d5527928f733b9c52b11d149c95b8fd4ae87ccb781ec84119
858a0e23502aa2fcb9ae9e6a1f746e3b9f9e0967f383215898bae4ca797fc67c
85d87678b165bea54b7c8e547c080a7c671f1d269f1f936c12c6266a4d63054c
882b8a5ab07c077ca5d4e151cee083b9c9d17edb021c5ef42ba9912766dfad66
8a215ebe4733750286ea1780bcb0c9500c96aa14ebf1abe588193e76b7763f1e
8b126cd1fdb08b4481778f89b3fbb2e53a1f71e31d9f01abce7894c1b2af1940
8ca119bc1f1fc4736ccedf20d3aafcc50aead2109a92e32c89bf74af72a1e057
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e3c124520f136bd31f51db7504c41590e86a39c13e8ea479547e2c2cdfeb0db
8eb0885d968635a6e7a706c190c00a8a6f1d88f0b528201eec558e441395d7f8
8ef689e966cbf1abceff5a8396f4259778dcdf499ab284e35bf6549ef008277c
8faf4073749729b4626285e385fd05bcebc5230694974c8b1b8f0d02b319121e
8fda2396e315276e1fc4e8fe3a0a265fdfbfdb0e45f8005d142b78015a76503c
904341d95fce95e7520a3a6ecb4d0b337038c2f5d277874a563e0e24fd90e709
90d8a10390c5e1cb48abd2de30230841e00742f389ced199cfa625440f5f1bab
931c9612feca3db9210cf9f343daa78e33ce0aaaa06a92427f3556d2156d5980
93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20
945d81de37368bdb21409830e9bd81a52fe4eea9e698d444ad510eddc77ca1a9
95af646b01ee702570f9abad3701e98b1713487822310baba992363f92513e26
97192cf227b40aa5c09387cc46230ef31fa177e946cc91fa98a55e89c1c436ff
97a4bf7fc982c52bf4a6843c9849b79b298b178f7044b9826ebd309c4619b864
9a2f12de85cc2a2e68c9d341d85fbdb2baf94877b985f32ab8694218d6cc548f
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9bf39525e3f021f8ee678d293c118f8cd7bd2459d505ed31782655f907533fc1
9c1521286e7dd2d6f8c2262b15bca8867bcae973a83879accdd00e1cb9831e5f
9dbd96226c9062b37e0b719221e8f02b684d2acd495e47bacbefb96b7fc0d246
9e25ba946939ee4a3d6b5acc652b3a3d3c87f0b982d9a35b9fd19f37b3bee4ab
9f0e38142f0b67f679d1eaff046562070e44443234a81c1f313f6d0ff41e6f86
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a04b971d335d737b89946f19095fd6e18c88561d3846404081729739ca81a80d
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a14a6936e579c4dab8beeae194be43157c12952dd34c48dc5484a3a576c7029d
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a229bb17043ffde05f87af49ef5dbad2b73e584a9a6e31710db8dae279dab07d
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a27e5998d98661a0c20715938c7bd2db693dc2e692ad6d5d1ba024ebe89a51ec
a42b9cff7676daffa4e6d489f38466f5accb1ada158eeb51a0daed273383fbc4
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a821eac48e731c18eb2ed4bce2c2804add93870078ce7a75b643357e6a98a9fe
a83dc53f429c3248845f2813eeebe61a6c65d0a188bfe7d545cc6e2dcb5bd6c0
a8e8f18d77170af82f72cfb83f4cec093f5683a0fcffd8f126d9d2fce1a332f2
aa5f185e7c327bc34525d29785309cdb9ecb8a470be2af0bfbef85d6317feb61
aad4f11790ae41d11a7c7bb613b9f82206f37eb4894966fe15e5f880c5d9b72a
ad0b78f813e0ef6e16b184d90752a03a202ab783d64eece14f47c479d42f64e3
ad246d47536dacf0256646042ec184678bfc630fcb638d9199bd66cf8cb5e457
af80441ddcddc24dc2cd2d19a9d740534f90ea70d4453e474889b2f177c124f5
b00dec76f7bd930c41b4b779f73fc4bce681079b8ef9d5f9abe488c6193bd096
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b2c4af40afb1e40563e65b50bf08c21a4b1543fab3050440be96974445edf7dc
b3094bd6c20ebdde1e03ad0f9e5f271b6d56d5a9c32b0bf7d731f5bb72dfeb25
b6553bb108c89c5fffd1410c622fec9a3aa02e187e6349765a7f143c21858f3d
b78362d3e11d02a90489865565e984d658e9cbc2d442ee7884fd956fb71b0159
b7c55617f84818daf4c70cc10ada26ddd5b582b1d1c2c2829b3220487a6db477
b98008ad770fed8298d565a3ee5da7d233895b23d0a9e13cae7f92c5ac15d7e9
ba17a6a569b64b5d243273cde129feedf2b7fc5180be7bca1eb297572aafb809
ba40cde54de95f1bbb5de694538c72569471a09e1755b478dc451b22ae8e4d23
bcb6ea477e048bec32a73dc86e93a3ec3c7c63b8bc243f0e6193c57ae7709cd2
bd4cc9d7a9214ed011691a8eefc47ac87d65b5f0a3a656d9ce477db5a60ebde5
be18e4f5d4b03d521cd77cab0bd078809764b28e93abd36def170df9b9a93411
c18180146b78a23fd86686728d62bfdcc3f0e16f9a423d804c064e2596bf63b4
c24504fe9b34ce21928481d553fc45f0953a457c992669d2e43ae2e1d7fd808b
c302efe6c47d24adb92d327f1c3a8383d9593acd29699464309e0b295700d4f5
c429e10764c5fa47d89405a1489ca55a259ef1b4d6133001a3b26633da1192c4
c44519c14f6c1d5efd43b029aa4a05952821587cb5b30ae2710c533785523410
c6ce2b47cde7cf913a3c34ddce355fa9c75012577dd34c35928add8676cb7fa0
c8bbd5afa4c30e05186b03ce140ee8bb262f7bf321d74d04042d11fa05eadfae
c94e49334083ad99ce4fe5cc543eaf92320f702c473b1a134d8e0d2751683786
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca03203fdd79bb26a6787fcaa3d8bb2d74514e04cea540daf0441d35308e0827
ca29fa98b9edf564b5abb0a0f06c7fc1658a5db5ac05759183e34f44a58db9eb
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca4ba00b4ee1c686ca70b4c3504539ede4aee52f0adeda603817ef886134cfda
ccbbfe34587b9216ec92730b773d6d7d9475245deb57b51c2de33b4e75d9b4ec
ccef7c15c0af13ab8c5f8008e24095ac3d6e6376b6d7ac86f60c5b85578855ba
cd3699476d188453684876ad11b8813508e578f49a02f4639fed3b3ce8a74a58
cedff87a7168431a68b8637ab3ea4a7d78601c5d6c52cebf176285141db7853d
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0985972aa33739352497b4b484a5576a12d1756a2dfacbccfdec0f9cdcfed81
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d1aec0f91475a9d3eefd64516c068aff487a6790a76ff4b8ac14a52e7a367ceb
d1d938d97331866e733f47f9ba4b748530a8b4f684ae1bf3a19c01f32854104f
d3f245e748d2b8860ee324fe35ce08fe8ab21e04bcfd98e38ad5c23449b917be
d43eddba64f21df222531e22cb7c26ccb37869311760a879ab0b116b14f29269
d4f8bc08ed1a374a36388cfe41f2609c5f1025de20422d698368be48f1896ce1
d62a3b924d49cc3909d8c7e7d66c6fda8780c357fae0f927993f424928401b20
d6a97846477d5f74dc49c320addd8360addfd351e22f14206c145c4a44d13bdf
d80e5177d7cc173424caf8c3a5a3d5f260123d61ae92678b1a3e9a6bbf99ada5
d8d3e3a5bf96a290c869d63b852d4a75519fe19b22b20a4ffe063e83233afe89
da1360e9617591ce97b284615498f1a406c4b00fcdddfd59724e5356769c667c
dad85d4011f3d17e240117a226e68e893a2800a56b1431a2abac9f50589b9196
dbf036bfbf369c6c1b1b60d53de497ca19d35264c677f023ce78437a7c8f62ff
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
deea56467e818b9345873eec410a3e53c1be3a1ea2f4f3486a42e8ff64534e6a
df79e61186e6f38bfe193b619c426fd6e7fb7cf732f14a2e358329a739461ef4
dffb2854fbfb6bfb95e6949a623fe55063e7cc929b3755ed7b27adf7f31b52eb
e0c5c27ad304e1d5b111c4c67d9c3aa45d64b35e6d322c2bc4c7462813b1d204
e2459b43d301cd6c63b8c31fae17fc65156397961cf915ba987391ae090b8a27
e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c
e2d3f8696617c48a1f82529015ed2050d19c0a961a7249466dbb16456fe733bc
e34b90ed73f1affbb41c4e045406f6622cefa8bb1273ad16f711702bf724b6e5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e678f057332a81514ac9719a101737d107488a36cdfa6b612799283695492545
e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128
e93f3187fcfb44d155e7119c58627506ff3765fa4afe66dc87f338b6b8a13a54
eb81dbb47530932dd4d6eac5041f8c4462f17c0b87c8ef699b24dbafc5a8c861
edce0f5742c946e7271ad95325d3ab2c2ad012adc0a790e52b69c04a37a6a9f7
eec52c7d12e973096b88a50d8988890a90fef401ef8f4050fecf6252b7b36a64
eef94b7aa7c180acc6868e829f76d02dfeec09b7bff54e868547c01c0ffbff1c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0eb8a4eac4068c80d1249dfde9bcc0adbb127f197edd147ed6e2304e8d01f5c
f2023b1b62da87163faad2f2ed5d116be69bae647670048d738f3526167c2632
f33c79bfda24778d46fbb26bb4894e34b52bc1f97efd6c65d0a8d039862e2664
f515ed490405435b0c8a7ede74fd2c8e7834ee45c81aa76db3736fe50dc1da87
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f6544d9db6c115aa490dfc9b1728675a9906b14f431fb3b29dc9d028bcf4f358
f7059be255f87b9ee45ab619650998acb10637aa0d41a3e34f12cb563a31e824
fa1bbe501b149144f7d0195697ed240c0bbfab218313922bd1733fa02d4f3bcd
fb9234052ac419d5c2aab3ec5f16365d70ff41096426b821c2b693593a1a559a
fc98d0a05f35dbe183a65f8aa5371168f175e3f8578d7afa3dbd07e84c15f80c
fcb8ef29c93c318cac4729737fec3c20b859dda51a167058013b241b71ee0b53
fcf8a02102c695c381e74234f4a4bdf158f63d9c405697970f46816e572550bd
feeab718072b4a4d047a582abb7dede4ee9f8ee0b3ba36cfd6828a5afa78c572

www2.kusports.com Open in urlscan Pro 208.91.60.6 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

456 Requests

66 %HTTPS

41 %IPv6

67 Domains

96 Subdomains

70 IPs

10 Countries

5097 kBTransfer

11633 kBSize

60 Cookies

16 Outgoing links

Redirected requests

456 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www2.kusports.com Open in urlscan Pro
208.91.60.6 Public Scan

Screenshot
Live screenshot

Full Image

456
Requests

66 %
HTTPS

41 %
IPv6

67
Domains

96
Subdomains

70
IPs

10
Countries

5097 kB
Transfer

11633 kB
Size

60
Cookies

456 HTTP transactions
13 data transactions