www.anrfactory.com Open in urlscan Pro
2606:4700:3034::6815:5e97 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/
Submission: On November 01 via api (November 1st 2023, 4:00:42 pm UTC) from IE — Scanned from DE

Summary HTTP 198 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 43 IPs in 7 countries across 26 domains to perform 198 HTTP transactions. The main IP is 2606:4700:3034::6815:5e97, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.anrfactory.com.
TLS certificate: Issued by GTS CA 1P5 on October 11th 2023. Valid for: 3 months.

This is the only time www.anrfactory.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
21	2606:4700:303... 2606:4700:3034::6815:5e97	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
28	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
3 16	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2016	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0d::9d	15169 (GOOGLE) (GOOGLE)
29	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
6 8	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
4 8	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 5	37.252.172.123 37.252.172.123	29990 (ASN-APPNEX) (ASN-APPNEX)
3	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
8	138.201.63.145 138.201.63.145	24940 (HETZNER-AS) (HETZNER-AS)
1	2a02:2638:3::12 2a02:2638:3::12	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 4	138.201.63.164 138.201.63.164	24940 (HETZNER-AS) (HETZNER-AS)
6	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
1	142.250.185.102 142.250.185.102	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:d::c 2a02:2638:d::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
7	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.1.6 178.250.1.6	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
8	2a02:2638:3::10 2a02:2638:3::10	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a02:2638:3::1a 2a02:2638:3::1a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	138.201.63.150 138.201.63.150	24940 (HETZNER-AS) (HETZNER-AS)
3	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
1 2	2a01:4f8:d0a:... 2a01:4f8:d0a:2321::2	24940 (HETZNER-AS) (HETZNER-AS)
1	167.233.14.134 167.233.14.134	24940 (HETZNER-AS) (HETZNER-AS)
1	2a0b:4d07:101::1 2a0b:4d07:101::1	44239 (PROINITY ...) (PROINITY PROINITY)
1	18.169.160.74 18.169.160.74	16509 (AMAZON-02) (AMAZON-02)
2 4	142.250.186.38 142.250.186.38	15169 (GOOGLE) (GOOGLE)
1 1	94.23.99.218 94.23.99.218	16276 (OVH) (OVH)
1	18.244.28.18 18.244.28.18	16509 (AMAZON-02) (AMAZON-02)
1	99.86.4.53 99.86.4.53	16509 (AMAZON-02) (AMAZON-02)
2	23.192.250.178 23.192.250.178	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2	13.43.78.194 13.43.78.194	16509 (AMAZON-02) (AMAZON-02)
198	43

21 2606:4700:3034::6815:5e97 (United States)

ASN13335 (CLOUDFLARENET, US)

www.anrfactory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0d::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 172.217.16.194 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.18.36.155 (None, ) 4 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.252.172.123 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 138.201.63.145 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.145.63.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::12 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.63.164 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.164.63.201.138.clients.your-server.de

hal90006.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.102 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:d::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.6 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:2638:3::10 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

imageproxy.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:3::1a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 138.201.63.150 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.150.63.201.138.clients.your-server.de

hal90008.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 145.239.193.130 (France)

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a01:4f8:d0a:2321::2 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)

cdn.retailads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 167.233.14.134 (Hallbergmoos, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: lb-2.futalis.de

futalis.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:101::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.169.160.74 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-169-160-74.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.38 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f6.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.23.99.218 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip218.ip-94-23-99.eu

medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.244.28.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-244-28-18.cdg52.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.4.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-53.fra6.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.192.250.178 (Düsseldorf, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-192-250-178.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.43.78.194 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-43-78-194.eu-west-2.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
57	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 97 tpc.googlesyndication.com — Cisco Umbrella Rank: 149	808 KB
30	doubleclick.net 11 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 stats.g.doubleclick.net — Cisco Umbrella Rank: 78 cm.g.doubleclick.net — Cisco Umbrella Rank: 245 ad.doubleclick.net — Cisco Umbrella Rank: 154 5994599.fls.doubleclick.net — Cisco Umbrella Rank: 154836	194 KB
21	anrfactory.com www.anrfactory.com	263 KB
17	criteo.net static.criteo.net — Cisco Umbrella Rank: 668 imageproxy.eu.criteo.net — Cisco Umbrella Rank: 10986 csm.eu.criteo.net — Cisco Umbrella Rank: 10557	443 KB
15	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 38186 hal90006.redintelligence.net — Cisco Umbrella Rank: 291193 hal90008.redintelligence.net — Cisco Umbrella Rank: 263856	469 KB
14	gstatic.com fonts.gstatic.com www.gstatic.com	307 KB
8	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625	5 KB
7	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1181 www.googleadservices.com — Cisco Umbrella Rank: 145	607 B
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 212	355 KB
6	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	6 KB
5	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 246	4 KB
4	medialead.de 1 redirects pv.medialead.de — Cisco Umbrella Rank: 44040 medialead.de — Cisco Umbrella Rank: 43761	2 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2462	21 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	317 KB
3	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 30616 api.webgains.io — Cisco Umbrella Rank: 91573	19 KB
3	criteo.com ads.eu.criteo.com — Cisco Umbrella Rank: 10450 rtb.fr3.eu.criteo.com — Cisco Umbrella Rank: 17732 cat.nl3.eu.criteo.com — Cisco Umbrella Rank: 11552	59 KB
3	google.com www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 105	2 KB
2	awin1.com www.awin1.com — Cisco Umbrella Rank: 18131	1 KB
2	retailads.net 1 redirects cdn.retailads.net — Cisco Umbrella Rank: 150278	6 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 174	90 KB
1	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 107304	435 B
1	webgains.com track.webgains.com — Cisco Umbrella Rank: 62639	2 KB
1	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 217997	923 B
1	futalis.de futalis.de — Cisco Umbrella Rank: 313699	401 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 110	185 B
1	ytimg.com i.ytimg.com — Cisco Umbrella Rank: 87	7 KB
198	26

	Domain	Requested by
29	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net
28	pagead2.googlesyndication.com	www.anrfactory.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net
21	www.anrfactory.com	www.anrfactory.com
16	googleads.g.doubleclick.net	3 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net
11	fonts.gstatic.com	fonts.googleapis.com
8	imageproxy.eu.criteo.net	ads.eu.criteo.com
8	hal9000.redintelligence.net	googleads.g.doubleclick.net hal90006.redintelligence.net hal90008.redintelligence.net
8	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
8	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
7	static.criteo.net	ads.eu.criteo.com
6	www.googleadservices.com
6	www.googletagservices.com	googleads.g.doubleclick.net
6	fonts.googleapis.com	www.anrfactory.com googleads.g.doubleclick.net hal90006.redintelligence.net hal90008.redintelligence.net
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	5994599.fls.doubleclick.net	2 redirects www.anrfactory.com
4	hal90006.redintelligence.net	1 redirects googleads.g.doubleclick.net hal90006.redintelligence.net
4	www.googletagmanager.com	www.anrfactory.com www.google-analytics.com adv.office-partner.de www.googletagmanager.com
3	pv.medialead.de	hal90006.redintelligence.net googleads.g.doubleclick.net hal90008.redintelligence.net
3	hal90008.redintelligence.net	hal9000.redintelligence.net hal90008.redintelligence.net
3	www.gstatic.com	googleads.g.doubleclick.net
2	api.webgains.io	analytics.webgains.io
2	adservice.google.com	5994599.fls.doubleclick.net
2	www.awin1.com	googleads.g.doubleclick.net
2	cdn.retailads.net	1 redirects futalis.de
2	csm.eu.criteo.net	ads.eu.criteo.com
2	region1.google-analytics.com	www.googletagmanager.com
2	www.google-analytics.com	www.anrfactory.com www.google-analytics.com
2	connect.facebook.net	www.anrfactory.com connect.facebook.net
1	cdn.track.production.webgains.team	googleads.g.doubleclick.net
1	analytics.webgains.io	track.webgains.com
1	medialead.de	1 redirects
1	track.webgains.com	www.anrfactory.com
1	adv.office-partner.de	hal90006.redintelligence.net
1	futalis.de	hal90006.redintelligence.net
1	cat.nl3.eu.criteo.com	ads.eu.criteo.com
1	rtb.fr3.eu.criteo.com	googleads.g.doubleclick.net
1	ad.doubleclick.net	googleads.g.doubleclick.net
1	ads.eu.criteo.com	googleads.g.doubleclick.net
1	www.google.com	tpc.googlesyndication.com
1	www.facebook.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	i.ytimg.com
198	43

This site contains links to these domains. Also see Links.

Domain
facebook.com
twitter.com
instagram.com
youtube.com
www.youtube.com
www.instagram.com
akismet.com
anrfactory.com
blog.feedspot.com

Subject Issuer	Validity	Valid
anrfactory.com GTS CA 1P5	`2023-10-11` - `2024-01-09`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-08-10` - `2023-11-08`	3 months	crt.sh
edgestatic.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
redintelligence.net R3	`2023-10-10` - `2024-01-08`	3 months	crt.sh
*.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-29` - `2023-12-23`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.fr3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-07` - `2023-12-30`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-09` - `2024-01-06`	3 months	crt.sh
*.nl3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-30` - `2023-12-25`	3 months	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-17` - `2024-01-18`	3 months	crt.sh
pv.medialead.de R3	`2023-10-12` - `2024-01-10`	3 months	crt.sh
*.futalis.de R3	`2023-10-13` - `2024-01-11`	3 months	crt.sh
adv.office-partner.de R3	`2023-10-28` - `2024-01-26`	3 months	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
*.webgains.io Amazon RSA 2048 M01	`2023-07-24` - `2024-08-22`	a year	crt.sh
cdn.track.production.webgains.team Amazon RSA 2048 M03	`2023-08-30` - `2024-09-27`	a year	crt.sh
www.awin1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-10` - `2024-03-09`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
cdn.retailads.net Encryption Everywhere DV TLS CA - G2	`2023-05-18` - `2024-05-17`	a year	crt.sh

This page contains 27 frames:

Primary Page: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/
Frame ID: B3E01F5CA8FAEA2B7F013886B6D6DDF9
Requests: 53 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231030/r20190131/zrt_lookup.html
Frame ID: FFE2115325D261C285408E6D66264FB5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&adk=1812271804&adf=3025194257&lmt=1698850831&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=236x945_l%7C260x945_r&format=0x0&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&ea=0&host=ca-host-pub-2644536267352236&pra=5&wgl=1&easpi=1&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431702&bpp=3&bdt=470&idt=316&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2120551059623&frm=20&pv=2&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=377
Frame ID: FC416522DA69C10C4748EA6C457992E3
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5948233133&adk=4056677716&adf=1801571695&pi=t.ma~as.5948233133&w=740&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=740x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431705&bpp=2&bdt=473&idt=382&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=260&ady=1364&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=SnIB15LGDr&p=https%3A//www.anrfactory.com&dtd=386
Frame ID: FE22BCACFE450CB1CCE0849F02277BED
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=600&slotname=5727907135&adk=245867249&adf=306411070&pi=t.ma~as.5727907135&w=300&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=300x600&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431707&bpp=1&bdt=475&idt=394&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=1ziUkcBYYJ&p=https%3A//www.anrfactory.com&dtd=397
Frame ID: B3E2351F906844745042AE32A53EA2CE
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=600&slotname=1378432737&adk=3943645601&adf=1137415096&pi=t.ma~as.1378432737&w=300&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=300x600&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431707&bpp=1&bdt=475&idt=402&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=3407&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=gNB1ZBehBQ&p=https%3A//www.anrfactory.com&dtd=404
Frame ID: 0470B6363D4C6247633985DBE1326833
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5727907135&adk=3356919574&adf=2015200353&pi=t.ma~as.5727907135&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=476&idt=418&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4198&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=uY6P5JAyNc&p=https%3A//www.anrfactory.com&dtd=424
Frame ID: 304DDDDF7C4B9811A0E3961F7AE16AFB
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5948233133&adk=1083092672&adf=245134348&pi=t.ma~as.5948233133&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=476&idt=449&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600%2C1200x280&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4478&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=kY34AZIFex&p=https%3A//www.anrfactory.com&dtd=452
Frame ID: A40997E513445804F53A82E2D314900F
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5948233133&adk=1087588583&adf=3152050774&pi=t.ma~as.5948233133&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=477&idt=455&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600%2C1200x280%2C1200x280&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4758&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=shBEHE1AvQ&p=https%3A//www.anrfactory.com&dtd=457
Frame ID: 977ECFFC46306B510333A7D8879B7EF0
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 7CC2CB6540457D6DE376D032E258D1AA
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0EA3AAAFD85CE6AE04F2F34E06B39F06
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNXo_MWsQ5hhbh8DMV9bdNJdL4yZ0YxOf1USenVXgZx51TTeA_ATH0_ldGayuKVoFA0CAYodoyswWU7zwK81XvI3Q90lwLPBQSqxcGtawGbBfBZ6b7yUMTkDxStTTnrV0QN4Vx11T26EkjLhy4HPHvoNgc9XUXWCJUt_pjYweVW3X6WJyZg
Frame ID: 8E61109144BF52E0F906A1F68B348F37
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNXn0h2KSziSXn4NK99_s_HnMrEA1RdKWk5hza7ItgzSuv5xRStF4CdPfGsD_d9-4g-MfmQEtHwHQc-eXNyMVWiPjIy9BWXhJfJMNBnGW1p95isUhYGgHWYDxIhROKxdQWJzXzzuABtX0uSmTKox3gur73hgmzUfVic48BMtDXk28rdRAKs
Frame ID: 89B5C589FCA43E028DA8AA7F2C6E1D96
Requests: 5 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZUJ2IAAEP4MJCUJkAAqh6y-eLtzYERisEdVJog&u=%7CRtZyootPBjEBEV0TuDTrxm9S8HdHesjGG3HR9ttpNMs%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANSWY8jeVe2k8ZUPprk5OgF73hJYGYv9W4HEPFn34Pj0r9baK6KwSU3-aSRLdKGI9O5mAUZ163LVxIpWjnfpdgUbH51aRKFre9pk8spW1erNyHDHw1ZiZ9lnRovsf9WYW3qq1nWM_gNhZlXrVDhDLqxp6vU_lkOli57ut1SkslyYn-1qEYWo5zjFqBrUmtC0fWo1MO1FettrM31oqPs0gyYW-59eP8BlSWS2NaGBQp0BP8mHzwP2GQ7Lw6HCNd2ErJ36bX3uQXsgW4HXIp1zTCaydb-VGMwFbxFis18GS2iDQdXtuZmI1qLO1A27YmODeZ6j3KwKGAgFdmXrwoBWLzpBYoIcX-TPWAmEuaIiJUwqenkp4EEN3fP_HlfI_xj1jTNeTMeo1vLjEDNdshMScwrtOKWXcSmjUBo7XQQixSfdEqD33--Cahki0dwuDOIsbbl72GxlV_murZfMw7ZLKEWt6EeXPMtdJ11uNiMq1uw8AXWbf6UfZohrAN70kbnNyivmOPDFESNTQHj-NQe3u4Xl9X9XsMeeFlII_NEuwchVh&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvv4rIHZCZYP_EOSEpfgP68OqoAbJntKxXMWymPdwwI23ARABIABglYKAgLAHggEXY2EtcHViLTQzODc0NzE4MTAwMTU3NjDIAQmpAnq6GyBXt7E-qAMByAMCqgSbAk_QhPru2aCE7HOdhHuZmev0yBOlKTcV30wfNGEUa9e5FQ9uNvWXgrvmHrjQDfhNy3fuVYsvB4T7xb6jhp2bFEf3AVutmEZw_ygTE8Z2a-fIUJt5q6UXkWt0xdc2pWhXPsQzWo1s8IS2jf5nVo-iZjpHTaoztnlIYTZEzVLAtxV-rzfFhc6F_h4oRe6wKKkDPVyi-PyoLMF94uQ9eEdn7DRrmJEz-Ad_oNOAY_pL0Sj7zrVdX4Fc193siQQLFhk7Cs8sLaHTPxGzXdL5uo-2xmjspp4JitC6Aj-nfikAi1JjhZSsj7PgFmgJMCmrzFT2y7IufUrY9nRnp7EZ7r5lKYwuUVR3MhgYyu_3CjHiL1GjnYOEFj2wzqHJyJKABrbKkt-fqNqelgGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0qM1-Qg-xwOXOOhzXq2uY8rG1sfA%26client%3Dca-pub-4387471810015760%26adurl%3D
Frame ID: 35B7E4282FC23787727BEBA34CF80CD5
Requests: 19 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: F2EABD4B5B10BBA0D3F68694422F84B8
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/KtAbZGk4YSFPe8sm4rTLIGwqP9qmdNmoJQ7Qir-Zr9M.js
Frame ID: 04192781B820020301313B75009181B1
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/KtAbZGk4YSFPe8sm4rTLIGwqP9qmdNmoJQ7Qir-Zr9M.js
Frame ID: C8A06021336240390C1A83A06B8F2EF0
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 29D4B576DA90ADFAA28504EA8062DB32
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/KtAbZGk4YSFPe8sm4rTLIGwqP9qmdNmoJQ7Qir-Zr9M.js
Frame ID: C6C20A76A40BDE106C2129418A5179ED
Requests: 1 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=72152000125532904444978012495006&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: 57199A7A5937806476683ACCC43ED771
Requests: 1 HTTP requests in this frame

Frame: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3257521144
Frame ID: 86759F177028CC7F68E1F2FA471156EF
Requests: 2 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: F506DD747268C73EAC2B4AE04E276825
Requests: 3 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CNOps_iVo4IDFdcPogMdm4cFVA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=495795281392.5925
Frame ID: 889A841ADB64546E7E2288D4914CD452
Requests: 2 HTTP requests in this frame

Frame: https://hal90006.redintelligence.net/request_content.php?s=72152000125532904444978012495006&a=98c0710c
Frame ID: C70FD9ED9D25D6072781CDACC71C0EAF
Requests: 8 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/89f7480c0afa0150827cf163f8728151?subid=71837000128024004444978012495008&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: FC84EED275BF795AB9A9CB58CD8BCA03
Requests: 1 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CNPqt_iVo4IDFU6mGAodpyAPmA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1418765705396.7317
Frame ID: E8835CE17D9227CF6DD6DD760F94ECDC
Requests: 2 HTTP requests in this frame

Frame: https://hal90008.redintelligence.net/request_content.php?s=71837000128024004444978012495008&a=c9715872
Frame ID: DC57F1EFE733314C47133F3D3A75685C
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Money Coming Fast: OTB Lucciii is all about that cash action on 'Fashion' -

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

198
Requests

93 %
HTTPS

58 %
IPv6

26
Domains

43
Subdomains

43
IPs

7
Countries

3373 kB
Transfer

7049 kB
Size

25
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://facebook.com/anrfactory

Search URL Search Domain Scan URL

URL: https://twitter.com/anrfactory

Search URL Search Domain Scan URL

URL: https://instagram.com/anrfactory

Search URL Search Domain Scan URL

URL: https://youtube.com/anrfactory1

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=6XEk9xGsX_o
Title: here

Search URL Search Domain Scan URL

URL: https://www.instagram.com/otb_lucciii/
Title: IG

Search URL Search Domain Scan URL

URL: https://akismet.com/privacy/
Title: Learn how your comment data is processed

Search URL Search Domain Scan URL

URL: https://anrfactory.com/category/music/new-music
Title: New Music

Search URL Search Domain Scan URL

URL: https://anrfactory.com/category/music/singer-songwriter
Title: Singer Songwriter

Search URL Search Domain Scan URL

URL: https://anrfactory.com/category/music/songwriter
Title: Songwriter

Search URL Search Domain Scan URL

URL: https://anrfactory.com/category/music/soul
Title: Soul

Search URL Search Domain Scan URL

URL: https://anrfactory.com/category/music/soundcloud
Title: Soundcloud

Search URL Search Domain Scan URL

URL: https://anrfactory.com/category/music/spotify
Title: Spotify

Search URL Search Domain Scan URL

URL: https://anrfactory.com/category/music/trap
Title: Trap

Search URL Search Domain Scan URL

URL: http://blog.feedspot.com/music_blogs/
Title: <img width="1200" height="700" src="https://www.anrfactory.com/wp-content/uploads/2022/04/FEEDSPOT-AWARD-ANR-FACTORY.png" class="image wp-image-47517 aligncenter attachment-full size-full" alt="" decoding="async" style="max-width: 100%; height: auto;" srcset="https://www.anrfactory.com/wp-content/uploads/2022/04/FEEDSPOT-AWARD-ANR-FACTORY.png 1200w, https://www.anrfactory.com/wp-content/uploads/2022/04/FEEDSPOT-AWARD-ANR-FACTORY-300x175.png 300w, https://www.anrfactory.com/wp-content/uploads/2022/04/FEEDSPOT-AWARD-ANR-FACTORY-600x350.png 600w, https://www.anrfactory.com/wp-content/uploads/2022/04/FEEDSPOT-AWARD-ANR-FACTORY-1080x630.png 1080w" sizes="(max-width: 1200px) 100vw, 1200px" />

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 71

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKd2rHiCytdOVA6wtLrQrNU&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKd2rHiCytdOVA6wtLrQrNU&google_cver=1&C=1

Request Chain 72

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZUJ2IEAQ5iT7KTNwi6syKgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKd2rHiCytdOVA6wtLrQrNU&google_cver=1

Request Chain 73

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEAh6uijMSHskqn6_5nBsZ2E&google_cver=1

Request Chain 74

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjYzNTIzMTI5NzEwOTcwNzAy

Request Chain 120

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKd2rHiCytdOVA6wtLrQrNU&google_cver=1

Request Chain 121

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZUJ2IJUsnMyIkpVkZ3.pTQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKd2rHiCytdOVA6wtLrQrNU&google_cver=1&google_hm=2

Request Chain 122

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEAh6uijMSHskqn6_5nBsZ2E&google_cver=1

Request Chain 123

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjYzNTIzMTI5NzEwOTcwNzAy

Request Chain 131

https://hal90006.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=e8cb66458a&subid=&uid=192b826e103c77d4&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCm7XSIHZCZfHxDL6wpfgP7_GX0Aym5b2gab2YnKfJD_AuEAEgpP6-GmCVgoCAsAfIAQmpAlMqZWSOsrE-qAMByAObBKoE_QFP0Kchyh3MNNUU3zLzZrfGi39sHX53X_mn_vLKqadx_XeEWKTU3LBNda5P8JPg0CNxGLL9ORuMM1AT3VOnhAcX78_GY0CIcCgR9GHlUY0kKdj4uCNbGVy_-ZEomIb658n7aBgU_QS4s2q265bxKYhQNL0gS66N71Ma3G6mbLcUU7Qwp1e0MpBCagzNrauHjzZRL8ez44W26-ofLwTl8x_Z9ooPpeTWuNZ5nl3VX1ZDR2yBmnboOPygnFSuP77J3r7txz-bgZHHtjVCJG3ZO8maFL1QZ6I93Tq8ZNaHwdH22viIfrw5ALI6GMZ84ioQ6itTHsNcArhJjkOBFcjtwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREWwE_q8sBXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26num%3D1%26cid%3DCAQSSwDICaaNzDfXT3s0nGjLYLkooqPALpRIU1aXUqyyi0lTzMw3Zo9HlK1lSa4PC0LZV0FBLQInanOsyR090p2TWegj6G7IVKzl-yp2_xgB%26sig%3DAOD64_3SXnBwJ36blFn8-a55E8PRNaqDRw%26client%3Dca-pub-4387471810015760%26dbm_c%3DAKAmf-Czmzf97c-AxpV9JJUD6AFwpYYcSsPeLaR4bRtcBJUD85V3AWQXtdQdDpDyAaqtR1-lHZ-FJLISARwqUNb2TgdinAFOSNHM0470VBHTolZUhsvQMB-_bQVAmSQaoktPFgiBsJU5OilLpb--EU8sA9dgRoEGSLH7gYrJlcD6kp7K4KYLYvPpA3BYacc6T3ZwH1_06Jm-TMy90O5ZfJD8-4yTuLUo0A%26cry%3D1%26dbm_d%3DAKAmf-D2LsA7j9-tXGSOVV7zYz2-264LPbVESp532q5YL_AQSrysc6a7KYkLbEDGuG6fSlm9bp2zPt-1BwYgYPFkbV6Xe_HF1NeRkb2ZiC1x_lhiWY35O969RK5nqOt29SzD3RJ9YDRCf7XjoOwD1IIdXcStZcySwiHGSQXtFEmzgEIdpehHdlDSfy4ilwRCJh0wQDVMlvmAgpIzc4Br-FSxcCUAZqFXRyPM8xfQkuWrJ_UA4SDfdJGtAD0bDKfMN0hU6AB7bQyNd4_UTeJUqWAuX1j4A6dVNdqfLp9mJ0QJdjgSmkLlfG_UnlAdw0x9LtdUyB4sCtRypoXPuW7AXAOJwr-nuT_dFpc_R7ZrzNg0ikbdVqiGzb3Uz3jYiGuWzV5ZukMWVmuW5m6VU3S2fJu86rt2tR4gLXuvGmQs96LQKpuLcQonIEmva7N0TRvNfC7hWyPXC3JrI2cqE-is4Gdc8fzOM9y3O3mfXbQ_QttOMXqOllgfIa8Y_8N8YxsZTpJJUbQXO2gwJsdEQViG9XZqQ8xhCRVEfLrB-dxA52fF8DqnBBPRRbHBixMba-uo5vfIBmY7SUP2cOfzYqNw0uNs94bBsI3jyopsfU7lr_fvN7iq-CT510c2iHesVP6JXgssvXgF1D7K_qRTGrM4uDggZxnX31ewDt07xJeuhavU_O2G7XRJ6_OFCGuTg36yq4iU0I_nmrvk%26adurl%3D&documentReferer=https%3A%2F%2Fwww.anrfactory.com%2F&ancestorOrigins=https%3A%2F%2Fwww.anrfactory.com&random=8258945105255&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal90006.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=e8cb66458a&subid=&uid=192b826e103c77d4&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCm7XSIHZCZfHxDL6wpfgP7_GX0Aym5b2gab2YnKfJD_AuEAEgpP6-GmCVgoCAsAfIAQmpAlMqZWSOsrE-qAMByAObBKoE_QFP0Kchyh3MNNUU3zLzZrfGi39sHX53X_mn_vLKqadx_XeEWKTU3LBNda5P8JPg0CNxGLL9ORuMM1AT3VOnhAcX78_GY0CIcCgR9GHlUY0kKdj4uCNbGVy_-ZEomIb658n7aBgU_QS4s2q265bxKYhQNL0gS66N71Ma3G6mbLcUU7Qwp1e0MpBCagzNrauHjzZRL8ez44W26-ofLwTl8x_Z9ooPpeTWuNZ5nl3VX1ZDR2yBmnboOPygnFSuP77J3r7txz-bgZHHtjVCJG3ZO8maFL1QZ6I93Tq8ZNaHwdH22viIfrw5ALI6GMZ84ioQ6itTHsNcArhJjkOBFcjtwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREWwE_q8sBXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26num%3D1%26cid%3DCAQSSwDICaaNzDfXT3s0nGjLYLkooqPALpRIU1aXUqyyi0lTzMw3Zo9HlK1lSa4PC0LZV0FBLQInanOsyR090p2TWegj6G7IVKzl-yp2_xgB%26sig%3DAOD64_3SXnBwJ36blFn8-a55E8PRNaqDRw%26client%3Dca-pub-4387471810015760%26dbm_c%3DAKAmf-Czmzf97c-AxpV9JJUD6AFwpYYcSsPeLaR4bRtcBJUD85V3AWQXtdQdDpDyAaqtR1-lHZ-FJLISARwqUNb2TgdinAFOSNHM0470VBHTolZUhsvQMB-_bQVAmSQaoktPFgiBsJU5OilLpb--EU8sA9dgRoEGSLH7gYrJlcD6kp7K4KYLYvPpA3BYacc6T3ZwH1_06Jm-TMy90O5ZfJD8-4yTuLUo0A%26cry%3D1%26dbm_d%3DAKAmf-D2LsA7j9-tXGSOVV7zYz2-264LPbVESp532q5YL_AQSrysc6a7KYkLbEDGuG6fSlm9bp2zPt-1BwYgYPFkbV6Xe_HF1NeRkb2ZiC1x_lhiWY35O969RK5nqOt29SzD3RJ9YDRCf7XjoOwD1IIdXcStZcySwiHGSQXtFEmzgEIdpehHdlDSfy4ilwRCJh0wQDVMlvmAgpIzc4Br-FSxcCUAZqFXRyPM8xfQkuWrJ_UA4SDfdJGtAD0bDKfMN0hU6AB7bQyNd4_UTeJUqWAuX1j4A6dVNdqfLp9mJ0QJdjgSmkLlfG_UnlAdw0x9LtdUyB4sCtRypoXPuW7AXAOJwr-nuT_dFpc_R7ZrzNg0ikbdVqiGzb3Uz3jYiGuWzV5ZukMWVmuW5m6VU3S2fJu86rt2tR4gLXuvGmQs96LQKpuLcQonIEmva7N0TRvNfC7hWyPXC3JrI2cqE-is4Gdc8fzOM9y3O3mfXbQ_QttOMXqOllgfIa8Y_8N8YxsZTpJJUbQXO2gwJsdEQViG9XZqQ8xhCRVEfLrB-dxA52fF8DqnBBPRRbHBixMba-uo5vfIBmY7SUP2cOfzYqNw0uNs94bBsI3jyopsfU7lr_fvN7iq-CT510c2iHesVP6JXgssvXgF1D7K_qRTGrM4uDggZxnX31ewDt07xJeuhavU_O2G7XRJ6_OFCGuTg36yq4iU0I_nmrvk%26adurl%3D&documentReferer=https%3A%2F%2Fwww.anrfactory.com%2F&ancestorOrigins=https%3A%2F%2Fwww.anrfactory.com&random=8258945105255&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 135

https://googleads.g.doubleclick.net/pagead/adview?ai=COTJBIHZCZZ7VC7ra48AP2oWBsAiJidPFc6q4hueeEsCNtwEQASCk_r4aYJWCgICwB6ABu-CH7CjIAQmpAlMqZWSOsrE-qAMByAPLBKoErwJP0P-ZjZw8vUp2cIOl5g_2REe9-sWEIF5KNzj9hZ2PbkM38cfvHoEK__6xVfnSYyIhOrthT9_PgVVjqWo3GScV88Nc2mmg5ZOM8qhdSO5pBzZUfArLCv-OAdutIllIu3mkOPwfoJ6WxgBYvkXpesn2HUmiB0Y35lQioRc5lik6zLMlzkX6qYxrqsxXSN4eVUiiJoEFFjN83YjGyly15Sd1ZCVbAE8bcEXmF0vtfz6HEOnv0OniWWZUIM9tvH4Lv4fK4uYkx0FakuhP48iZEgFkEWYdAR63BYKDn8R8b9wNT7tIxgNxyWkUESK8wqyGJ3CHisQebsda3JfUH7acx5Kk1Eg8uX_fxmzssRt8Kq4kYco2JdfGiTxEf9uH_ZrfWgud-fSAnIoa3NUiTUz5YHzABLyXs8XfBIgFkuKj90ygBi6AB7uY2MsDqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQruYH0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOpoJIGh0dHBzOi8vd3d3Lm1hcmluYS1ob3RlbC5jb20vZW4vgAoByAsBuBPkA9gTA4gUAdAVAYAXAbIXHAoaCAASFHB1Yi00Mzg3NDcxODEwMDE1NzYwGAA&sigh=0tYj3XpAM1o&uach_m=[UACH]&ase=2&nis=4&cid=CAQSSwDICaaNRGpXqVYk6dohNe_bduyhHZ28HeDZ0Z7KJUDJTiNNgyimtaFuvL1GlONge-e9BkJO0k_EqHso3lhbGnrUNXnO1kczLiCGGBgB&template_id=484&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%229797022497941579995%22,%22debug_reporting%22:true,%22destination%22:%22https://marina-hotel.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210964037691%22],%224%22:[%2211-01%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%223306671006503847345%22}&andc=true

Request Chain 137

https://googleads.g.doubleclick.net/pagead/adview?ai=CVldaIHZCZYqQDtn-48APouWd4A3E_Nv6c8jAr4mIEaaPp8mNDhABIKT-vhpglYKAgLAHoAHLktbOAcgBCakCerobIFe3sT6oAwHIA8sEqgSkAk_QxN2vAIbPYl9ChxQ0i6gSxwWDP_Z3aLelnsXFU52G6RlH5t0IWTJvJ0tPUJ911VhYU-QTkqIfPvJlTXGT69D9bdW_qEE2IXIQKb84s5-XJNJSv-5Pis-U1KFO2HQikV1VgZN0zvpawkjeoY4o-elAVy30VIQ-hOKixsdUG-i7MDj9gMEFtZ4DcUu9N14mo817ULSdHBumXseNB_D0QMCaoO2E8PZDO07aC0rgKBWVFuGVSHpQ2VK126_O8l3OzSrcgd9kFmeiFFkNSvGG76mfUG_mqvg7z15B5dXFkscjBeazv2gDUytknXKJgdIlV3ZoCFE8xGt1K39qcY8uM_JFoLvwvaZTxFhKSCutTOmFee5L9mDefJr9a0JWwPyYoIj6-evABIuS9sqlBIgFm96PhkqSBQQIBBgBkgUECAUYBKAGLoAHne2psQKoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBDUqgLSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6mgkZaHR0cHM6Ly9jdXJhcHJveC5kZS9zaG9wL4AKAcgLAaIMDCoKCgjktLEC7rWxAtgTDYgUA9AVAYAXAbIXHAoaCAASFHB1Yi00Mzg3NDcxODEwMDE1NzYwGAA&sigh=deAPHCQO0AE&uach_m=[UACH]&ase=2&nis=4&cid=CAQSTADICaaNjT8ugvtgYEYBtlmPdZtZEHZuDPzz5P417fyEUfMUP0ZeJUiaYtYIAplUydZWKmEwOoVpGDpEA9EGHmlmxUChLOx2LTWj1KsYAQ&template_id=5000&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%224403217675671643562%22,%22debug_reporting%22:true,%22destination%22:%22https://curaprox.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22433424715%22],%224%22:[%2211-01%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2210806940224774216225%22}&andc=true

Request Chain 168

https://googleads.g.doubleclick.net/pagead/adview?ai=Ca61RIHZCZcrkD8WEpfgPzM6lyA3W7tXOc9OZ88u_EbCQHxABIKT-vhpglYKAgLAHoAH8i5SZA8gBCakCUyplZI6ysT6oAwHIA8sEqgSmAk_QvhBo2SOWOKCsvgsFNCJhRfiONY9FWCU3AkZ0h3a3idylGPZHgHfVwr6nBALrQ7AsKFSynINyeMDgnkJrcqJmo-rmbECJW5Ni8N5FrwZOxWMNjPFHLNoM57vGhS7tvmID9kwSHmCEcxKUxb8R6aLg9UDj2sZlxbkzSBs9GBj1fWaYCzVpeA7kwfDVVlE0_T464vv12pprRw9HfAPQ_X-tmKnY5XlP-ap0phOO7tQG9s5b0P3SNuYi3mOeQk3uB-A1pPqor-HWvBkLhnCPOfn4doLP-WPqe6StLq2zlz9AJacZ_bMkyVtGcd7ck1n4wn-ull9_b7TMZA17PhDTbs-V6LZhqo03K4RCgGI9S-YkYX2iy55dWw5yQPoQ6qEu-vE0lP5yZMAEtoX5mIUEiAXXjrGoQZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAfs8-tmqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDyBwQQhZII0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOpoJL2h0dHBzOi8vd3d3LmFyb3VuZGhvbWUuZGUvc29sYXJhbmxhZ2UvZm9ybXVsYXIvgAoByAsB2BMMiBQC0BUBmBYBgBcBshccChoIABIUcHViLTQzODc0NzE4MTAwMTU3NjAYAA&sigh=08D_klFq21c&uach_m=[UACH]&ase=2&nis=4&cid=CAQSSwDICaaNp6fpWkpDZmFu1K5qq0EatygIX1HS2mVQ2nN7Sz-ufwQ1DbeQo-iRsdOIR5RXrbISOkbn7R2uuwOLigKxTNzJNXrbrAaPxxgB&template_id=5000&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2215277170428362201409%22,%22debug_reporting%22:true,%22destination%22:%22https://aroundhome.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22858064380%22],%224%22:[%2211-01%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2210623317401520007217%22}&andc=true

Request Chain 172

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=72152000125532904444978012495006&ra_cnt_active=1&ra_cnt=1 HTTP 302
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3257521144

Request Chain 175

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=495795281392.5925 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CNOps_iVo4IDFdcPogMdm4cFVA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=495795281392.5925

Request Chain 177

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=72152000125532904444978012495006&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=72152000125532904444978012495006&t=htlp&gdpr=1&consent=1&gdpr_consent=

Request Chain 190

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1418765705396.7317 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CNPqt_iVo4IDFU6mGAodpyAPmA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1418765705396.7317

198 HTTP transactions
18 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/ 84 KB
19 KB 1490ms
1374ms Document
text/html 2606:4700:3034::6815:5e97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:5e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.0.30
Resource Hash: b9ba316e4faa418f84265c635f0c21cacdd5fd16bcd860f46a0f36f074338e1e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 0
alt-svc: h3=":443"; ma=86400
cache-control: max-age=0
cf-cache-status: DYNAMIC
cf-ray: 81f559da3a8fbb8c-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 01 Nov 2023 16:00:31 GMT
expires: Wed, 01 Nov 2023 16:00:29 GMT
last-modified: Wed, 01 Nov 2023 16:00:31 GMT
link: <https://www.anrfactory.com/wp-json/>; rel="https://api.w.org/", <https://www.anrfactory.com/wp-json/wp/v2/posts/34516>; rel="alternate"; type="application/json", <https://www.anrfactory.com/?p=34516>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cvsa2cGnxZN1X1f8hEelXrAKkzqikWCdKYgI70EaATU04mvAZhSrFa6Beu7uj7JJRch9OJUWAVhXnrA4iiuSysQdsE2yggP%2B7wH23u4uuwZDkY5R4zI107RnBA2xzMJXrknC97FNQfTNvY5DCVso4YI%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
via: 1.1 webcache2 (Varnish/trunk)
x-pingback: https://www.anrfactory.com/xmlrpc.php
x-powered-by: PHP/8.0.30
x-varnish: 12726458755

GET
H2 200 css
fonts.googleapis.com/ 14 KB
1 KB 139ms
50ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lora%3A400%2C700%2C400italic%2C700italic%26amp%3Bsubset%3Dlatin%2Clatin-ext%7CMontserrat%3A400%2C500%2C700%26amp%3Bsubset%3Dlatin%2Clatin-ext&display=swap

Requested by

Host: www.anrfactory.com
URL: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

007281271696553daf7262c201bcb7b7660522f6d807b0cc0f21773b5c2b0102

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 01 Nov 2023 16:00:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 01 Nov 2023 16:00:31 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Nov 2023 16:00:31 GMT

GET
H2 200 rocket-loader.min.js Show response
www.anrfactory.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 43ms
42ms Script
application/javascript 2606:4700:3034::6815:5e97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.anrfactory.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: www.anrfactory.com
URL: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:5e97 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 24 Oct 2023 17:54:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"653804c3-302c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dbFKzfh92QdJs%2FX%2FjYny2zaz%2Fq4cxTQq6EVFOS0g0X97JKUii8YTSzwntX911Az2P9QbCcTbaaH9DlOs%2BsLud9KWuWrSqGCD%2F%2BY4NmzAx0%2Bgz0ORoyiwYCStPYjZDygD2LkoeyY9vVw3gqhLzEXwsKg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 81f559e35e51bb8c-FRA
expires: Fri, 03 Nov 2023 16:00:31 GMT

GET
H2 200 f6cd8d4d23c5bf2ef5fa4aeb030f4926.css
www.anrfactory.com/wp-content/cache/min/1/ 195 KB
33 KB 53ms
52ms Stylesheet
text/css 2606:4700:3034::6815:5e97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.anrfactory.com/wp-content/cache/min/1/f6cd8d4d23c5bf2ef5fa4aeb030f4926.css
Requested by: Host: www.anrfactory.com
URL: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:5e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cc60db883ccba2637578982f02724176b1d5e4fd0b280351b8e747a1bf4a5471

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:31 GMT
via: 1.1 webcache2 (Varnish/trunk)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 487513
cf-polished: origSize=199638
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 06 Oct 2023 08:33:40 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wdEqRl%2BCCCVTdo5XcujXhrihnNfl%2FFQ0jgXMCTmqbnilaQH547p7zGzNTxqvTQxnlxydnOHdGLsWs2KHGwROoDLk1FIPgPbeekxVNnSeQQNZ1BRwgWPoAWXszk7k7xjAc%2FIKiCWb%2B27FQWRgMH3YY40%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
x-varnish: 7852426222 22282415
cache-control: public, max-age=31536000
cf-ray: 81f559e35e4fbb8c-FRA
expires: Thu, 17 Oct 2024 12:20:43 GMT

GET
DATA 200
OK truncated
/ 64 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 14a1706631b17af4a58a99ae3a667ef40d11ca820589e19733a7fd8129a09a99

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c3f1e4144c0fc9a0638f42d5d6c9875ae6768680a7f2ffa5ef449ccdf25fe436

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7afc43d9e79ff7feef8d318c788deaa8207168e4fd3674df9539efbdfc6925ef

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 70 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5aa4af0852579c003605e6527d898cc5e6a414aa9258fd937704f267e8530fdd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bfcc2143b6f0635117b7354d9c0965778cd10168c10ca661d0ce42af30820951

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cc1c81fe11d1bd086d5a8708d4aa0c22c4f7679e06de4e5ae97be8cfac8bef0a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bebd2370c21138168750a107504b2ce895f62aa2e80565a964ac3f0d1eef6429

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 searchsubmit.png
www.anrfactory.com/wp-content/themes/redwood/img/ 1 KB
2 KB 142ms
141ms Image
image/png 2606:4700:3034::6815:5e97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.anrfactory.com/wp-content/themes/redwood/img/searchsubmit.png
Requested by: Host: www.anrfactory.com
URL: https://www.anrfactory.com/wp-content/cache/min/1/f6cd8d4d23c5bf2ef5fa4aeb030f4926.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:5e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dfe45e655c1c3fd2531e0d4b14d0c619a201dd34e3644a4de2ad1d90185f8c78

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/wp-content/cache/min/1/f6cd8d4d23c5bf2ef5fa4aeb030f4926.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:31 GMT
via: 1.1 webcache2 (Varnish/trunk)
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 1167
last-modified: Thu, 19 Nov 2020 16:40:21 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=inWGVyKlOKtrkydpQb71HJ6fu4x2okMty1M%2BLTqLhT1S%2Fi4fAW%2FDzrssxw4%2FS5%2B0W6kCuiLg52jkOr0NcCQsUqSMT1s2dZ9zjticsvl4MYZJ7z8CySR5AeY%2FpSRxbKgeXlP37xYM6w7GiEPBop9fewA%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 12815407834 27951202
content-type: image/png
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 81f559e3ced0bb8c-FRA
expires: Thu, 15 Feb 2024 12:20:43 GMT

GET
H2 200 fontawesome-webfont.woff2
www.anrfactory.com/wp-content/themes/redwood/fonts/ 75 KB
76 KB 48ms
48ms Font
application/octet-stream 2606:4700:3034::6815:5e97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.anrfactory.com/wp-content/themes/redwood/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: www.anrfactory.com
URL: https://www.anrfactory.com/wp-content/cache/min/1/f6cd8d4d23c5bf2ef5fa4aeb030f4926.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:5e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: https://www.anrfactory.com/wp-content/cache/min/1/f6cd8d4d23c5bf2ef5fa4aeb030f4926.css
Origin: https://www.anrfactory.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:31 GMT
via: 1.1 webcache2 (Varnish/trunk)
cf-cache-status: HIT
last-modified: Thu, 19 Nov 2020 16:40:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 508051
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gjqNgI%2BoNuR%2BakiyELlcdf0rk3tHb21fxzNM%2Bcq59JlAolZ3EOAM0He7zkGsCQyiSdGz7uiKvL1fMa2zCbq6ecQv2uMZnssKf7XKhxGTdxxpsllFtVb4p4awMTm26fpIqPIDsnxtTE5TctbTsTmQdeg%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 7612834804 10584161
cache-control: max-age=2678400
cf-ray: 81f559e3ded6bb8c-FRA
alt-svc: h3=":443"; ma=86400
expires: Fri, 17 Nov 2023 12:20:43 GMT

GET
H3 200 lazyload.min.js Show response
www.anrfactory.com/wp-content/plugins/wp-rocket/assets/js/lazyload/16.1/ 8 KB
3 KB 50ms
47ms Script
application/javascript 2606:4700:3034::6815:5e97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.anrfactory.com/wp-content/plugins/wp-rocket/assets/js/lazyload/16.1/lazyload.min.js
Requested by: Host: www.anrfactory.com
URL: https://www.anrfactory.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e86a52a9858206302e32036d89907e3ac87762055e7f9c6364aec33221b3e41

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:31 GMT
via: 1.1 webcache2 (Varnish/trunk)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2649603
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 19 May 2022 20:10:09 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iD8ef6H87UYHgPry%2BHP4WnPk6X4IZS%2BWcYbUf9x0asx%2ByApgTVNyfdB92Q0UUX0jvq%2F4xIrRtyHimIP16KR7cMQ581RRRjk%2FYHMQJBgz4szRlIt4Rl102%2B5%2BAo8IAQUamiVjcKsVDMQbagY2gGKvS8Y%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 11415390709 67470161
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 81f559e40e3a198f-FRA
expires: Thu, 19 Sep 2024 13:56:05 GMT

GET
H3 200 akismet-frontend.js Show response
www.anrfactory.com/wp-content/plugins/akismet/_inc/ 6 KB
2 KB 61ms
59ms Script
application/javascript 2606:4700:3034::6815:5e97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.anrfactory.com/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1694807034
Requested by: Host: www.anrfactory.com
URL: https://www.anrfactory.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a88ba0b09a4416c080044dc095eabf66ca59e4d12a1d6201457b693687be85d3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:31 GMT
via: 1.1 webcache2 (Varnish/trunk)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3052472
cf-polished: origSize=10733
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 15 Sep 2023 19:43:54 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L%2F3WArosPrHeEhyNfuo9wSCP%2B%2BMGSzaw2m3sBm4zOwnwY5VtNLRSvNR8LUgS4O0ESWR3imPSW6uRljFVHCRW5IAnhja1FfliJWpiL8OMCxVGbJRU4GCFwyQtndDTLUA2FFxOrD2rgcLd56Rc8gS6gso%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
x-varnish: 6671405020 4951865
cache-control: public, max-age=31536000
cf-ray: 81f559e40e3c198f-FRA
expires: Thu, 19 Sep 2024 14:21:15 GMT

GET
H3 200 ads.js Show response
www.anrfactory.com/wp-content/plugins/quick-adsense-reloaded/assets/js/ 439 B
809 B 50ms
48ms Script
application/javascript 2606:4700:3034::6815:5e97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.anrfactory.com/wp-content/plugins/quick-adsense-reloaded/assets/js/ads.js?ver=2.0.78
Requested by: Host: www.anrfactory.com
URL: https://www.anrfactory.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 473e48c21306bbaee9b2d327fc13d23346840d26b70dd3717830636faca631d7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:31 GMT
via: 1.1 webcache2 (Varnish/trunk)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 90989
cf-polished: origSize=562
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 13 Oct 2023 10:31:29 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N0stgYPtd4y%2Fj1y0g%2FWwQ9va1EN8RDYHKulhx9n2h0R8mCq6g3050kp6js44Rbe3MahVtnrB8CoSkhF9MdwyWiNZjwCcFSZb3%2FoVf5t6JaIc6Xk1wBBo5q9EzujvtXchBVWllAJ3syQuBy0sZOfOA4Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
x-varnish: 11909438602 11763948
cache-control: public, max-age=31536000
cf-ray: 81f559e40e3d198f-FRA
expires: Thu, 17 Oct 2024 12:20:43 GMT

GET
H3 200 comment-reply.min.js Show response
www.anrfactory.com/wp-includes/js/ 3 KB
2 KB 51ms
49ms Script
application/javascript 2606:4700:3034::6815:5e97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.anrfactory.com/wp-includes/js/comment-reply.min.js?ver=0621ff1d1a7a69c31fa9c0bd192756a5
Requested by: Host: www.anrfactory.com
URL: https://www.anrfactory.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:31 GMT
via: 1.1 webcache2 (Varnish/trunk)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1639510
alt-svc: h3=":443"; ma=86400
last-modified: Sun, 29 May 2022 18:05:59 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=euKeydfrVWr%2BHvk9EduRKA5u7V%2F%2FwwOTrHfmL2d3Nv%2FlIXs8HLIvJ4r14mi%2B0I8emL%2FYrX8ib7NVAefCgkKTq7BJxH8q6kv4iKnUCKe8VINTbEohMo055IIJRuLD6C%2FdMu6ik4vB7p%2BEL7HjEXcX0Fg%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 967512815 509644665
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 81f559e40e3e198f-FRA
expires: Sat, 12 Oct 2024 05:37:55 GMT

GET
H3 200 solopine.js Show response
www.anrfactory.com/wp-content/themes/redwood/js/ 839 B
968 B 50ms
48ms Script
application/javascript 2606:4700:3034::6815:5e97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.anrfactory.com/wp-content/themes/redwood/js/solopine.js?ver=0621ff1d1a7a69c31fa9c0bd192756a5
Requested by: Host: www.anrfactory.com
URL: https://www.anrfactory.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8860ec750c479b647736b81b517acecf144f555e116aec543e92a9cbd7cc829b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:31 GMT
via: 1.1 webcache2 (Varnish/trunk)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 628562
cf-polished: origSize=1135
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 19 Nov 2020 16:40:21 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c%2FTLIjUJbM3OmJIZ3QKoxrb90lxnfWgqguaHHjyzRBzJH325NoejLYu8iKSRIw9bde4hV3atguBP1hi%2FsD%2FLS7B0mGpQU0VQnE9CUBJveTJJQWpwf%2FYeUAFmkcy4NaGgq9DJzYh3p39Ppggw7IcQJ2s%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
x-varnish: 6391866927 3965025
cache-control: public, max-age=31536000
cf-ray: 81f559e40e40198f-FRA
expires: Thu, 17 Oct 2024 12:20:43 GMT

GET
H3 200 fitvids.js Show response
www.anrfactory.com/wp-content/themes/redwood/js/ 2 KB
2 KB 51ms
49ms Script
application/javascript 2606:4700:3034::6815:5e97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.anrfactory.com/wp-content/themes/redwood/js/fitvids.js?ver=0621ff1d1a7a69c31fa9c0bd192756a5
Requested by: Host: www.anrfactory.com
URL: https://www.anrfactory.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 38f8ac0374c2bb1477727fda495437bb1093ebc4ea905138540bbaa35f5dbf6f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:31 GMT
via: 1.1 webcache2 (Varnish/trunk)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1639509
cf-polished: origSize=3321
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 19 Nov 2020 16:40:21 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iFjwQRELJ%2FMqsPgY8n%2BscHUCeW8xpyPZEvN6hTAwwdTPJGIVuYFZewym802V%2Frh7v5ynWHAVFkC2vIhWe6VJbVL7pkffDolxvNRhgClJiJ8mXt13DiPYTtHQuKjPyy2k73YleW5%2Fv9JQG8xy1WtXlXM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
x-varnish: 925082971 499519627
cache-control: public, max-age=31536000
cf-ray: 81f559e40e41198f-FRA
expires: Sat, 12 Oct 2024 05:37:54 GMT

GET
H3 200 jquery.bxslider.min.js Show response
www.anrfactory.com/wp-content/themes/redwood/js/ 19 KB
6 KB 153ms
151ms Script
application/javascript 2606:4700:3034::6815:5e97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.anrfactory.com/wp-content/themes/redwood/js/jquery.bxslider.min.js?ver=0621ff1d1a7a69c31fa9c0bd192756a5
Requested by: Host: www.anrfactory.com
URL: https://www.anrfactory.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bb9e7dc822c6b7b95a6329932885c72ff2caf74b243fc1c40aca0e858123b83e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:31 GMT
via: 1.1 webcache2 (Varnish/trunk)
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 19 Nov 2020 16:40:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mz0L4OGe%2FwuagyEXDQoWfJvBnHtfrWBv%2BxcWU7pQsbgEtm6EbLbh1pRki3SAL5Xcxi1eHz7jjMGBGk7V58%2BNvjL5TGrUAqWhWxvvgaTGEaZHBcKB5HYds1GhZJel4%2BjIiD%2FbJb%2BoZFxWHhB2nzPA9Ys%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 12836900862 6684791
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 81f559e40e42198f-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 17 Oct 2024 12:20:43 GMT

GET
H3 200 jquery.slicknav.min.js Show response
www.anrfactory.com/wp-content/themes/redwood/js/ 6 KB
3 KB 52ms
50ms Script
application/javascript 2606:4700:3034::6815:5e97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.anrfactory.com/wp-content/themes/redwood/js/jquery.slicknav.min.js?ver=0621ff1d1a7a69c31fa9c0bd192756a5
Requested by: Host: www.anrfactory.com
URL: https://www.anrfactory.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0a7a621da9195e29eae2be125bb7594e185410f42070c48a3f9647c53e54597a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:31 GMT
via: 1.1 webcache2 (Varnish/trunk)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 628562
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 19 Nov 2020 16:40:21 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k6i0Jb3TlFu4tId7e7NimbVPNXCWV%2BxvxowMPI4YU8LfAsEseRCSXytoFoQFUFb6gDgk2FrMBdX1SIQDHT6FrY5DlP568dDmfw%2BIQWMtlpKg3viRC9xexnP92f7a8qI9rqd%2BaOEW7BeTSXs9d%2Bjd7v8%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 6376466910 23396586
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 81f559e40e43198f-FRA
expires: Thu, 17 Oct 2024 12:20:43 GMT

GET
H3 200 index.js Show response
www.anrfactory.com/wp-content/plugins/contact-form-7/includes/js/ 13 KB
5 KB 88ms
86ms Script
application/javascript 2606:4700:3034::6815:5e97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.anrfactory.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.8.2
Requested by: Host: www.anrfactory.com
URL: https://www.anrfactory.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1060091178cbd6c843b802f516f230f1a3a1e85f1afbd6ef84d80e5430ba457e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:31 GMT
via: 1.1 webcache2 (Varnish/trunk)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 243145
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Sun, 29 Oct 2023 15:04:14 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7T3%2F4wCWFBjXDvcGJf94%2Bbe6VHFDg%2BgF20EXrgU1Nw74zQyVKA2TQog%2Bxdq3csu1mvFy9%2BA8IRfQGUpt6eYhZ%2Bsydr1pmvEKY0sTc7toET8CwHeJnMI6iRnnJj2rhH1CGd%2F%2Fr6n8c266%2B4BH%2BZ2Qk88%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
x-varnish: 10286898572 10035279033
cache-control: public, max-age=31536000
cf-ray: 81f559e40e45198f-FRA
expires: Mon, 28 Oct 2024 15:05:07 GMT

GET
H3 200 index.js Show response
www.anrfactory.com/wp-content/plugins/contact-form-7/includes/swv/js/ 11 KB
4 KB 94ms
92ms Script
application/javascript 2606:4700:3034::6815:5e97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.anrfactory.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.8.2
Requested by: Host: www.anrfactory.com
URL: https://www.anrfactory.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5fe46d2da01452067736578431f6c6e8116a24e616f58c72d9d81fdb2c7c9569

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:31 GMT
via: 1.1 webcache2 (Varnish/trunk)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 252906
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Sun, 29 Oct 2023 15:04:14 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IFgtY4S%2BKW3BT2fyB61KhfI1FMkhE4TLVJlxQhg5bBuGzuOdfcOmDj%2BxeLbvq%2F5ObAChVwXuBp%2FA%2BJDqgHFE9B8vAiHGpKedw44nZqCfjg%2BmaGMj75oq7UnUxqU8z%2BJ7b95Ueke4e3JVH2L9HXdpNVk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
x-varnish: 10201403586 10116333570
cache-control: public, max-age=31536000
cf-ray: 81f559e40e48198f-FRA
expires: Mon, 28 Oct 2024 15:05:08 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 147 KB
51 KB 208ms
111ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.anrfactory.com
URL: https://www.anrfactory.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bbfc300888e55acc1c58b8058fc0aa11154e266f3b102b648bb860a200ef3d13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51853
x-xss-protection: 0
server: cafe
etag: 2160180221998707956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 01 Nov 2023 16:00:31 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 147 KB
51 KB 195ms
98ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4387471810015760&host=ca-host-pub-2644536267352236

Requested by

Host: www.anrfactory.com
URL: https://www.anrfactory.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4e892a8e337308998ba3261142b4dbf0a97a8cd024af6ee68718a98574a00e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.anrfactory.com/
Origin: https://www.anrfactory.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51852
x-xss-protection: 0
server: cafe
etag: 4546699258611215215
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 01 Nov 2023 16:00:31 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 223 KB
79 KB 152ms
55ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=GT-WRHDT4R

Requested by

Host: www.anrfactory.com
URL: https://www.anrfactory.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

59026c364c3f4359520e2b1012849b86806d4924ac91fab52f41ff42323ed6cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:31 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 80809
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 01 Nov 2023 16:00:31 GMT

GET
H3 200 jquery-migrate.min.js Show response
www.anrfactory.com/wp-includes/js/jquery/ 13 KB
5 KB 151ms
150ms Script
application/javascript 2606:4700:3034::6815:5e97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.anrfactory.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Requested by: Host: www.anrfactory.com
URL: https://www.anrfactory.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:31 GMT
via: 1.1 webcache2 (Varnish/trunk)
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 13 Aug 2023 20:11:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7%2FuGXBeWzCdIM1Ml%2Bj43ABVmOUISvvOZvkNNpB4EoIr8Rkao%2BziC9FwRESCc9u0VMB2hlWwws5CU9yU8EjppP4F3ScuX74wunThxocYsjamVIHid4ERYL13MztD5kZenkpDj5uK%2FK01SylwreX4GdXY%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 12846565880 11829349
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 81f559e40e49198f-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 17 Oct 2024 12:20:43 GMT

GET
H3 200 jquery.min.js Show response
www.anrfactory.com/wp-includes/js/jquery/ 85 KB
31 KB 95ms
94ms Script
application/javascript 2606:4700:3034::6815:5e97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.anrfactory.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.0
Requested by: Host: www.anrfactory.com
URL: https://www.anrfactory.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:31 GMT
via: 1.1 webcache2 (Varnish/trunk)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 628562
alt-svc: h3=":443"; ma=86400
last-modified: Sun, 13 Aug 2023 20:11:24 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LUz2Y6dV3aMVVOpacRHOROT8VcvXl9M8vlBpz1Hii%2BgOlWgCUNBAjYVWC0UMOlnUrtDrTjIXX1mXh%2BKefgFkAn2bE8wsS64zsCLeSD%2FQQYHtOxtq7wedGrbaZpXmFL03%2BO3U8Dbcv2fEEiTJU1ggOL8%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 6371358019 11829350
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 81f559e40e4a198f-FRA
expires: Thu, 17 Oct 2024 12:20:43 GMT

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v26/ 32 KB
33 KB 154ms
42ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lora%3A400%2C700%2C400italic%2C700italic%26amp%3Bsubset%3Dlatin%2Clatin-ext%7CMontserrat%3A400%2C500%2C700%26amp%3Bsubset%3Dlatin%2Clatin-ext&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.anrfactory.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 18:19:05 GMT
x-content-type-options: nosniff
age: 510086
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33092
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 25 Oct 2024 18:19:05 GMT

GET
H2 200 0QIvMX1D_JOuMwr7Iw.woff2
fonts.gstatic.com/s/lora/v32/ 35 KB
35 KB 232ms
120ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9f46649ea544819982ea288c6f386dd67d46da0f453f95da542196372b79731e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.anrfactory.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 07:19:52 GMT
x-content-type-options: nosniff
age: 463239
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35888
x-xss-protection: 0
last-modified: Tue, 21 Feb 2023 21:45:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 26 Oct 2024 07:19:52 GMT

GET
H2 200 0QIhMX1D_JOuMw_LIftL.woff2
fonts.gstatic.com/s/lora/v32/ 38 KB
38 KB 192ms
86ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lora/v32/0QIhMX1D_JOuMw_LIftL.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d55ce9c3ac7a5f37a38813a2deed310abde9e63d0d36912e2e5e59751ca66c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.anrfactory.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 16:43:19 GMT
x-content-type-options: nosniff
age: 515832
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39208
x-xss-protection: 0
last-modified: Tue, 21 Feb 2023 21:46:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 25 Oct 2024 16:43:19 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 202 KB
54 KB 358ms
40ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.anrfactory.com
URL: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 01 Nov 2023 16:00:31 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: 2MhKoftyws9CCGrIuGaZDIYSJB/j4QAEZ+4tuPiyWki/2jFxFwREehlvDXAH4TCAoSvO0lHZQtjFkmquiEHBUA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 147 KB
51 KB 169ms
167ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.anrfactory.com
URL: https://www.anrfactory.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

04001bea5067188e2671ec5fec0a0b09e4676ad0b6468c8f2b0a58e6cb961dda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51853
x-xss-protection: 0
server: cafe
etag: 11797180903896193674
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 01 Nov 2023 16:00:31 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 359ms
39ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.anrfactory.com
URL: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 01 Nov 2023 15:51:32 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 540
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 01 Nov 2023 17:51:32 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310260102/ 398 KB
135 KB 116ms
116ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310260102/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4387471810015760&plah=www.anrfactory.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4387471810015760&host=ca-host-pub-2644536267352236

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc56a65868e7aafcd6eb4dcccf9be4a911ff85dc0136cc7bc5dd5db21b202544

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138069
x-xss-protection: 0
server: cafe
etag: 12966814624179571735
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 01 Nov 2023 16:00:31 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231030/r20190131/ Frame FFE2 10 KB
5 KB 129ms
39ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231030/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4387471810015760&host=ca-host-pub-2644536267352236

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ad1270333ea16969313802add43789e0558cd75e2bf91e768bcf3937f091a001

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.anrfactory.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 31734
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4480
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Nov 2023 07:11:38 GMT
etag: 4569948109300706969
expires: Wed, 15 Nov 2023 07:11:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
region1.google-analytics.com/g/ 0
256 B 289ms
46ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-VRF5C4B4X2&gtm=45Pe3au1v9116930165&_p=610081838&gcd=11l1l1l1l1&gdid=dZTNiMT&cid=1261436241.1698854432&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=1&sid=1698854431&sct=1&seg=0&dl=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&dt=Money%20Coming%20Fast%3A%20OTB%20Lucciii%20is%20all%20about%20that%20cash%20action%20on%20%27Fashion%27%20-&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=GT-WRHDT4R
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:32 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.anrfactory.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 youtube.png
www.anrfactory.com/wp-content/plugins/wp-rocket/assets/img/ 662 B
1 KB 47ms
47ms Image
image/png 2606:4700:3034::6815:5e97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.anrfactory.com/wp-content/plugins/wp-rocket/assets/img/youtube.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e5fc28a845d8b8a279c9c867cb86cee52b6ddf9df67f91b0c6a15513848fdb29

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:31 GMT
via: 1.1 webcache2 (Varnish/trunk)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 243024
alt-svc: h3=":443"; ma=86400
content-length: 662
last-modified: Thu, 19 May 2022 20:10:09 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QJKa5VsrubYITW6rr4GJV1zQ%2BO6TCjHAWT%2BRWgssVST%2BU2ckHd6kbQYnSi%2Bgz0fBhKn6fenr6SSEnfvKEZ6wIm6iute%2FF6v6gy7th8ZxLL0CEuRNYXUEXgMQMcWaa%2BLpCQstqQvUFielfXf0MA1HJ%2BY%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 10300560329
content-type: image/png
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 81f559e698b1198f-FRA
expires: Mon, 26 Feb 2024 20:30:07 GMT

GET
H3 200 AR_FACTORY_MINIMAL-LOGO-WEBSITE.png
www.anrfactory.com/wp-content/uploads/2021/11/ 14 KB
14 KB 49ms
47ms Image
image/png 2606:4700:3034::6815:5e97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.anrfactory.com/wp-content/uploads/2021/11/AR_FACTORY_MINIMAL-LOGO-WEBSITE.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 503ce79251aa08d05c1046dcef24940a77c692918f8afdc0886b01fb03d5a451

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:31 GMT
via: 1.1 webcache2 (Varnish/trunk)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1129880
alt-svc: h3=":443"; ma=86400
content-length: 14232
last-modified: Mon, 15 Nov 2021 11:58:13 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BX%2FM6oF3i3btF82n1kXuGyN8lYhI0yS%2B9jHMOjEfzXZOJasr0xMQu2fbeD5XuJANv%2BvDYomhawK8ge89suzWtArozSXqbE6g1RXlq%2FD9XlMEa116u7dHCHUgom0ZqHxO9I3mhSSFr%2FqQR2pvjuKvHE8%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 969612770 51875075
content-type: image/png
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 81f559e6a8b9198f-FRA
expires: Thu, 15 Feb 2024 12:57:06 GMT

GET
H3 200 SUBMIT_YOUR_MUSIC.png
www.anrfactory.com/wp-content/uploads/2021/11/ 35 KB
36 KB 171ms
170ms Image
image/png 2606:4700:3034::6815:5e97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.anrfactory.com/wp-content/uploads/2021/11/SUBMIT_YOUR_MUSIC.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9fab7922264ea50220e264de4d91e57cfee55c70333815f6c2d0eaab807300b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:31 GMT
via: 1.1 webcache2 (Varnish/trunk)
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 36244
last-modified: Mon, 15 Nov 2021 11:55:59 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Fke4yrA5FnNR%2FsX7OgT%2FKZ8Fak24jAoTsiHr94rJZpgdnH1KGb7w%2B%2BX5TkqaZo%2F9Vr5dYGwJqyHGnW91%2F0yoL2WphU%2F3jYJgxK0R%2FMNv8eFtNvgnOIw7lNjEzz902RHOeG2IEzmhJ6DQWhaLb3ELpI%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 12764396630 5735288
content-type: image/png
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 81f559e6a8ba198f-FRA
expires: Thu, 15 Feb 2024 12:27:46 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/6XEk9xGsX_o/ 7 KB
7 KB 287ms
75ms Image
image/jpeg 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/6XEk9xGsX_o/hqdefault.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24ff3ec517497fba0e6fb5a3bdafc3903f98b340c9261ebec7242e21902bfdc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:32 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7172
x-xss-protection: 0
server: sffe
etag: "1611174668"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 01 Nov 2023 18:00:32 GMT

GET
H3 200 Master-top-10-badge-2023-150x150.png
www.anrfactory.com/wp-content/uploads/2023/01/ 14 KB
15 KB 50ms
50ms Image
image/png 2606:4700:3034::6815:5e97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.anrfactory.com/wp-content/uploads/2023/01/Master-top-10-badge-2023-150x150.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 20e078de8e39362dca5647c5a09f3dc81a6954e9b1e507ba2d94b17d6622b839

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:31 GMT
via: 1.1 webcache2 (Varnish/trunk)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 416558
alt-svc: h3=":443"; ma=86400
content-length: 14592
last-modified: Sat, 14 Jan 2023 19:39:43 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PFLg2tcuWpXT8o9OYv09gELe%2F7QHUj3BUE6FBQENXVtEoxYi2lKXaTWWQVP36viIBkUncDoYaJx4PRtblvwyoRgiAFjtLTV3KlzJztBC7yiAtg0WLieeFeweOfVvzhm5uu89EkqU2ytn%2BOFxHyPeVxc%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 8514476811
content-type: image/png
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 81f559e6f917198f-FRA
expires: Sat, 24 Feb 2024 20:17:53 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 395 B
607 B 141ms
48ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.anrfactory.com&callback=_gfp_s_&client=ca-pub-4387471810015760

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310260102/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4387471810015760&plah=www.anrfactory.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50f3d3eb273eb83715d94e29b54ff26248b790b580eb2bee9c46836600fad5f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FC41 0
179 B 293ms
290ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&adk=1812271804&adf=3025194257&lmt=1698850831&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=236x945_l%7C260x945_r&format=0x0&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&ea=0&host=ca-host-pub-2644536267352236&pra=5&wgl=1&easpi=1&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431702&bpp=3&bdt=470&idt=316&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2120551059623&frm=20&pv=2&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=377

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.anrfactory.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Nov 2023 16:00:32 GMT
expires: Wed, 01 Nov 2023 16:00:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 141ms
140ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&id=top-bar&ign=false&pw=1600&ph=1200&x=0&y=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 92ms
91ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231030&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8e9c02b594d19a0a51b0eabca6ecbf03cb1d13af38e82e9c59e5fe461f0fad74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12198
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FE22 121 KB
41 KB 744ms
744ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5948233133&adk=4056677716&adf=1801571695&pi=t.ma~as.5948233133&w=740&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=740x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431705&bpp=2&bdt=473&idt=382&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=260&ady=1364&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=SnIB15LGDr&p=https%3A//www.anrfactory.com&dtd=386

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0bcec1ef0c337c013472a4cbe75f21e16ed2bce416a316a320689c3ad464d79e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.anrfactory.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 41561
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Nov 2023 16:00:32 GMT
expires: Wed, 01 Nov 2023 16:00:32 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B3E2 24 KB
11 KB 755ms
754ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=600&slotname=5727907135&adk=245867249&adf=306411070&pi=t.ma~as.5727907135&w=300&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=300x600&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431707&bpp=1&bdt=475&idt=394&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=1ziUkcBYYJ&p=https%3A//www.anrfactory.com&dtd=397

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

137c484333cbb6737ddf81c14d798e561888cd0e3c4f4f13ca3b036c0575fe1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.anrfactory.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 10962
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Nov 2023 16:00:32 GMT
expires: Wed, 01 Nov 2023 16:00:32 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0470 25 KB
11 KB 514ms
510ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=600&slotname=1378432737&adk=3943645601&adf=1137415096&pi=t.ma~as.1378432737&w=300&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=300x600&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431707&bpp=1&bdt=475&idt=402&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=3407&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=gNB1ZBehBQ&p=https%3A//www.anrfactory.com&dtd=404

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e54195221626039d22fe4d330f095023f3daf07d39ab1d3a80e2bb62c6c2c440

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.anrfactory.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 11009
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Nov 2023 16:00:32 GMT
expires: Wed, 01 Nov 2023 16:00:32 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 16 B
224 B 48ms
47ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=610081838&t=pageview&_s=1&dl=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&ul=en-us&de=UTF-8&dt=Money%20Coming%20Fast%3A%20OTB%20Lucciii%20is%20all%20about%20that%20cash%20action%20on%20%27Fashion%27%20-&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IADAAEABAAAAACAAI~&jid=82756870&gjid=860712399&cid=1261436241.1698854432&tid=UA-49987016-1&_gid=1382813408.1698854432&_r=1&_slc=1&z=1501315411

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3240bda49d4ea8356a9098eae93879caec34cbf27fceb0d8f27d6d6682631cd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.anrfactory.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.anrfactory.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 304D 128 KB
41 KB 751ms
751ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5727907135&adk=3356919574&adf=2015200353&pi=t.ma~as.5727907135&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=476&idt=418&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4198&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=uY6P5JAyNc&p=https%3A//www.anrfactory.com&dtd=424

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a232d1149cb727811e8cf4e034ca26293ccc4f47c0f9deddef85781982047be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.anrfactory.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 42232
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Nov 2023 16:00:32 GMT
expires: Wed, 01 Nov 2023 16:00:32 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 1663217597399663 Show response
connect.facebook.net/signals/config/ 139 KB
36 KB 182ms
181ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1663217597399663?v=2.9.138&r=stable&domain=www.anrfactory.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

24c762688f41d723c084bce3727504eb4b8a9f409522a404c9dd736a20502966

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 01 Nov 2023 16:00:32 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: yZcqJ8wo0EzbAlaBiDEqy6oPVM7spcgj5kH7BKre+kkDfbdJ1ygW7SQOVdT6yC3hitJj/jkBopbJpNy366p+Pg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A409 130 KB
41 KB 781ms
780ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5948233133&adk=1083092672&adf=245134348&pi=t.ma~as.5948233133&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=476&idt=449&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600%2C1200x280&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4478&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=kY34AZIFex&p=https%3A//www.anrfactory.com&dtd=452

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

48d1e4a6ffb6d64c4e997c3e3f416f01ba69e897fd6e6db92bce6b9ad0af701c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.anrfactory.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 41991
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Nov 2023 16:00:32 GMT
expires: Wed, 01 Nov 2023 16:00:32 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 977E 35 KB
14 KB 748ms
747ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5948233133&adk=1087588583&adf=3152050774&pi=t.ma~as.5948233133&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=477&idt=455&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600%2C1200x280%2C1200x280&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4758&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=shBEHE1AvQ&p=https%3A//www.anrfactory.com&dtd=457

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d6a2ea657aed40576e4e098917c0cca5dccca64d0ef37a4db94568099c41b52e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.anrfactory.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 14597
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Nov 2023 16:00:32 GMT
expires: Wed, 01 Nov 2023 16:00:32 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
348 B 148ms
49ms XHR
text/plain 2a00:1450:400c:c0d::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-49987016-1&cid=1261436241.1698854432&jid=82756870&gjid=860712399&_gid=1382813408.1698854432&_u=IADAAEAAAAAAACAAI~&z=615536678

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0d::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.anrfactory.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 01 Nov 2023 16:00:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.anrfactory.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 247 KB
85 KB 63ms
63ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-XPFYBRQKEM&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1b79dc40a99bd742ec54a743bb72ed308c98df1b7770f02416e9ec70476d92b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:32 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86637
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 01 Nov 2023 16:00:32 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 233ms
145ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 01 Nov 2023 16:00:32 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 47ms
46ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-XPFYBRQKEM&gtm=45je3au1v9135308562&_p=610081838&gcd=11l1l1l1l2&gdid=dZTNiMT&ul=en-us&sr=1600x1200&cid=1261436241.1698854432&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EBAI&_s=1&dl=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&dt=Money%20Coming%20Fast%3A%20OTB%20Lucciii%20is%20all%20about%20that%20cash%20action%20on%20%27Fashion%27%20-&sid=1698854432&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XPFYBRQKEM&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:32 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.anrfactory.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 121ms
39ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1663217597399663&ev=PageView&dl=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&rl=&if=false&ts=1698854432364&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4126&fbp=fb.1.1698854432362.1121158668&cs_est=true&ler=empty&it=1698854432156&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 01 Nov 2023 16:00:32 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 7CC2 13 KB
5 KB 42ms
39ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.anrfactory.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2258
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 01 Nov 2023 15:22:54 GMT
expires: Thu, 31 Oct 2024 15:22:54 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0EA3 829 B
1 KB 242ms
51ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8a9393df80d2dc4dc9b2d37f2e5bc1e3ec5f8b8eb082ed9a4de4da78eb05078f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-uw63QNlHYB6I1rV9GV9Dmw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.anrfactory.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-uw63QNlHYB6I1rV9GV9Dmw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 01 Nov 2023 16:00:32 GMT
expires: Wed, 01 Nov 2023 16:00:32 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 mSNSQAl__hw8z5PwJ1hA32amL2zkBniEArBt9BN1XWc.js Show response
pagead2.googlesyndication.com/bg/ Frame 7CC2 38 KB
15 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mSNSQAl__hw8z5PwJ1hA32amL2zkBniEArBt9BN1XWc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

99235240097ffe1c3ccf93f0275840df66a62f6ce406788402b06df413755d67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 15:45:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 916
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15010
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 31 Oct 2024 15:45:16 GMT

GET
H2 204 generate_204
tpc.googlesyndication.com/ Frame 7CC2 0
40 B 39ms
39ms Image
text/plain 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?lax5nw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:32 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0470 42 B
63 B 260ms
259ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CEFnRzHKHzi91SlD-QtNBaFfDdAgL3eh5ogBm8SlyMH73HSXww3OH13mZuLR7n9eAZ5AIAxqNVgV25yb4aL1AXFlEyutKMWUvFFsawrXCJgFsdeYE

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=600&slotname=1378432737&adk=3943645601&adf=1137415096&pi=t.ma~as.1378432737&w=300&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=300x600&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431707&bpp=1&bdt=475&idt=402&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=3407&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=gNB1ZBehBQ&p=https%3A//www.anrfactory.com&dtd=404

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0470 0
20 B 353ms
352ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=1885390549341713477&x=1&ct=77

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 0470 89 KB
31 KB 124ms
122ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 01 Nov 2023 16:00:32 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/ Frame 0470 3 KB
1 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 15:26:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2049
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Nov 2023 15:26:23 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/ Frame 0470 20 KB
8 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5ba431addebca895832667d33e2ad51e4da1a1f2fbab72116d716c08077695a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Tue, 31 Oct 2023 19:18:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74498
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8430
x-xss-protection: 0
server: cafe
etag: 7000445677337367579
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Nov 2023 19:18:54 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 8E61 624 B
246 B 85ms
84ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNXo_MWsQ5hhbh8DMV9bdNJdL4yZ0YxOf1USenVXgZx51TTeA_ATH0_ldGayuKVoFA0CAYodoyswWU7zwK81XvI3Q90lwLPBQSqxcGtawGbBfBZ6b7yUMTkDxStTTnrV0QN4Vx11T26EkjLhy4HPHvoNgc9XUXWCJUt_pjYweVW3X6WJyZg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=600&slotname=1378432737&adk=3943645601&adf=1137415096&pi=t.ma~as.1378432737&w=300&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=300x600&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431707&bpp=1&bdt=475&idt=402&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=3407&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=gNB1ZBehBQ&p=https%3A//www.anrfactory.com&dtd=404
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Nov 2023 16:00:32 GMT
expires: Wed, 01 Nov 2023 16:00:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0470 188 KB
60 KB 230ms
127ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfd86eed5b662601ed1effa05e0922030a1bbfb3111d160df9b4f71630198c37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60393
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698666127188353"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Nov 2023 16:00:32 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0EA3 0
0 642ms
642ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231030&jk=400695946823382&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 8E61
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKd2rHiCytdOVA6wtLrQrNU&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKd2rHiCytdOVA6wtLrQrNU&google_cver=1&C=1

43 B
336 B

61ms
58ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKd2rHiCytdOVA6wtLrQrNU&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNXo_MWsQ5hhbh8DMV9bdNJdL4yZ0YxOf1USenVXgZx51TTeA_ATH0_ldGayuKVoFA0CAYodoyswWU7zwK81XvI3Q90lwLPBQSqxcGtawGbBfBZ6b7yUMTkDxStTTnrV0QN4Vx11T26EkjLhy4HPHvoNgc9XUXWCJUt_pjYweVW3X6WJyZg
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:32 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UTfaK35w0U91Csnvs9UKJyUt%2FMDN0IlzMP4J3UW4tWybtbzA8ZIRSR8CgfveW1QQGR%2FU0nIpm6oxah9Z8UfjrkAAkjE157LjvBi1sXE8CByVH%2BZ8m0UbJ7w8iWjpnYDiTkcmgbwhRtmOPg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 81f559ee0b59bbe9-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:32 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0OK1Oi%2FGAOiPOCaHzT4HKM87b%2Fmxp2LTotLEYE0gUp8nureFcKE3tbZaMwl6dDJwPDEwUBst7UU8igNcRTxLh37O986jm%2BrVUrNjnI65u6GEZt94BI4CWpCJOpxIESydKs2J6QWq0HDouQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESEKd2rHiCytdOVA6wtLrQrNU&google_cver=1&C=1
cache-control: no-cache
cf-ray: 81f559edaabdbbe9-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 8E61
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZUJ2IEAQ5iT7KTNwi6syKgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKd2rHiCytdOVA6wtLrQrNU&google_cver=1

43 B
547 B

63ms
62ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKd2rHiCytdOVA6wtLrQrNU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNXo_MWsQ5hhbh8DMV9bdNJdL4yZ0YxOf1USenVXgZx51TTeA_ATH0_ldGayuKVoFA0CAYodoyswWU7zwK81XvI3Q90lwLPBQSqxcGtawGbBfBZ6b7yUMTkDxStTTnrV0QN4Vx11T26EkjLhy4HPHvoNgc9XUXWCJUt_pjYweVW3X6WJyZg
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:33 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jG2FHetCB%2FkS7GlHh6jSRnooC7ytIpY1CV3iN150gz4TI7GoLtx32lT9djMlNzXP%2Byq6PQgK3CyYqGLn6fOPCLGcR8PcRg0j70fR43BEcL%2Fr0j5OdKkBBj0zBQgv5m7EQBswnuU17mxgmw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 81f559ee7bbfbbe9-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKd2rHiCytdOVA6wtLrQrNU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 8E61
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEAh6uijMSHskqn6_5nBsZ2E&google_cver=1

43 B
840 B

55ms
45ms

Image
image/gif

37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEAh6uijMSHskqn6_5nBsZ2E&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNXo_MWsQ5hhbh8DMV9bdNJdL4yZ0YxOf1USenVXgZx51TTeA_ATH0_ldGayuKVoFA0CAYodoyswWU7zwK81XvI3Q90lwLPBQSqxcGtawGbBfBZ6b7yUMTkDxStTTnrV0QN4Vx11T26EkjLhy4HPHvoNgc9XUXWCJUt_pjYweVW3X6WJyZg

Protocol

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:32 GMT
an-x-request-uuid: 758ec143-9cf3-4854-acdf-5271c5d419b5
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 80.255.7.103; 80.255.7.103; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEAh6uijMSHskqn6_5nBsZ2E&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 8E61
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjYzNTIzMTI5NzEwOTcwNzAy

170 B
243 B

51ms
48ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjYzNTIzMTI5NzEwOTcwNzAy

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:32 GMT
an-x-request-uuid: 1a175314-381d-475b-89aa-0f62f5aa714a
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjYzNTIzMTI5NzEwOTcwNzAy
x-proxy-origin: 80.255.7.103; 80.255.7.103; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0470 0
20 B 261ms
261ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2999439015273&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0470 0
20 B 378ms
377ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2999439015273&version=m202309260101&ct=77&x=1&cor=1885390549341713400

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0470 16 KB
12 KB 79ms
79ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CH8OtY3wr7RYjF7r5x7TEauPLTGlmvAdEo7CHGhpJSp6Cp4VBjB5tuN_Qb2mnp_4LI6VFgCWKS9gu9aD3Dv7bp3R9R7VPKC58GYkawG0t6OQfJJ2vXNkVlqOBShVICZT1CtHQv3L_ldtMHFM50ZB-qmSipqco-J2KVygSmfDGmGKOIMK21n-YFdPbBckkJzIErkxErpy0ipqCdJ3xL2XWoIIH5HA&cry=1&dbm_d=AKAmf-BlRwRd0sVtqKyfqCZ4FfBx4DTxV2w3_qbvevWejKFpj_0IYrsnjMnxh89PBRm5EYdT-U5vhLat5ZB0dbY6o0KihgJ_li0vW4JbxAA0xtpbCVbpdcy1lcdeU9LngXUlqltKgREKUJnJLhXYXjTGxDyDRnAZT9TwHth3FzzHNZw2XdtRVVmUAI62S2USlPnIfrpS6W1T0pYEVlwIj-h5ArAWPBmuq9glm_5PJYxwGZapwtk1Dv2Wu0Ev2H-HyD0aEYDNidxwkGVgckK66wXxCAoQEYrdULTb9H4yr6RK_fvnm42RWOHIxzJ4QamL0H8zMnKsErzSLLj4hYVkF97PzRc_XxwXPwaj0Qv8rVvRCq2PZo-bgAHH_rTd93bTATr03dkjJG37d44lEUSchw3EkS-GrBtLa5hRejMS-6XbVHG4WCHsjhCxd-lGzW3FmRNVqLy037lp5lBxTFSN0L4500oFyvYmlVVRdw-EGcnFITpoPy2SR4au-4W-anzIjpJFh1kp-Xapknebes7dViOlFWcXRi2Xh-OlSt-oNQa3wWlQiWiJCped29NFxB08OFmGlIhKNHUjaZXo-a9zf7Uq04sGluU1pKk6o4FrblbgmikQo5R53uYNAvokDk8BM8NX_lxd_e0aQnPzJxznq9FHFlLKa272fIeU2i1w-pjrIp77tcjQQsfpZh7EoSeq_Z2tW8XpmGqATkwEYqK3v113V3UU6Ksu1C0iLtLPccBEB-DefdEFMpmn88RSuRDAxRvHBr7S_7GoP9sKNsG1V6xwWAzD14V9HAb8KlXeaAzplK96qUbT9eklpTNhmaTQ-zjlU9j4VLu90_hShqe7qZOtcFuEKq0GElzeswDOdXDM5nrQGA1nI4-cTVyzvHxm9cQ2F1RvSg1eVuYntZQITrGUgvMLJuHSvnBN_B-yomfCqoBQiy21T_3OBIPKIF-7-YALTc18T_NTfO3z543erTe3Mq3elXhJL9_AblxtDP0oQKRQht8udDZm1gux0nTldgrXqApqvRZ8OmVjfhCyc0UcLpDegcBcWzq0FufiZOVFzbtOsUlLcdfZLZ2reXc6kpBVBGZtxhThGquawqvUrlhgXyOzoGK5KMm-QqF5Pr-zwwhkFCaxVIl2PQTIjlI9NxOn1maNhIkrlH221ndXXKLVnvCXDz9sgwcSI4GPHLJcJajkg3YeNdjLTnE8wvMlmoqUcXwjyCsrXB_I3uwmDVhy9pnmdObCeoLpMhl67KjDa41g4SxBUU4VoeYeH31EnbPIrBFQ25lhkF9vh9YeWSqiUiYUDeIj78nebWxyXc7kG-f0V27FYMGmxQglTJT01cuqiN2Ihedk8XraZAHQbu-7f6ir_vHaEHQWYY3zojuJcHAFORQpIJ4npaKaHWSZULbZR2cT4psxcwM1YHDyjZYms-MLj0a_b_zo90uzBHGDpYGr4Ulx1FHvnEY0vPlifCe7GXqJY_bptzl5HP4BF01-ULf8_AFVGLjG8gx6VNozGv73-rwdSE77LgfstsY6S4MHIqifDtBzNxJ6E-lMVHWVx1KmLDZuOkRt7Ygd-0liiMr4aVzcgELM9GmkqfcRciuAY7UXWT2qRAan88WKVLB8nayv4KFr8agV6HjGP2aS36H0bZ57pNayY24y1HXoWiOAeLeMka3dndistHSP09NK1Lt5Rr3t6zSys5DKidjfi51iWzJAsUtMWFlnN-pWdqusKVl9q2y8R0p4A8yu3bs9tMDhww3-_W6IjZZmP0M6XjYU3AXOykyINyFIGQ-5FxsdgZNbOYN35-wJB0JiOET5Tvout0CFMS13o8eqfIZsJLs8ZKFIcdz_D-zeLzCvAvqnS1B44pOoBCLs5GH5ps11rLeN8IpgCQvt3HuJUMPIwgzoVTOeuZDVTs_SH1v3cygIGrqCbgIay-wmlkJA-Db5TOFLIdKpWcFvwo-X3gOlLh7LiqrZdVuBrtevp73nDwyZ9LPurMPk0BaimcvOTIXOl28482MEaKKKP6Oi6qt1Pldq7aYDf7XnuWrF4RWM2PYGygycqVcIUCaa158MF4kPh-AgkVBAWnYZA6qPnA9O6WNShX_I481M9uguhBV7PiZ_vPr96oJeaedkyDan3-4bCnDuhE5MpriyGo4WMcImAAsvSlo-IUQ-DkpVVcg2oY6Lch2dyA46JIdORHhg0Y1BQ0DIYk4LwdHuKyNAodk7ByKlszMb8N38E1m-CdTJdpQEdheNpg6r9TX2Q6OJC-h6R2CO5TaDGYlqjcXWqfiDnRlVxn0JY8lFqfuUjK3YwVtr4nKXodOTlVt6C-uAxHz42kmqd_nC0BtL6aZdoev9MraNoO7AmFUFVsclTKCVIUvm1kJMnf-jIPowEyD0kZP5Fea3k0yd8WaCAKaKJ_FV27ThQxe-ULcIMdu2rXgKN0DkZ1i5kGX33171YIxGZXiDckZJhhAsYj9zbcH4FNuXM0evsZyV4yjFj3GXWc_bZ_M_6C3hceXIjUB7tP3FL6p-Ejkv4eWpvUFDHMiCUpWlMNlAmo7Y3EDv_AjrVihuqVTVDv69NnjfVcWrRcw0QPMeMptRQXcrtKE1tD2Bc-J63op1ILDyUOQ6MCiA15hzrxSVzpAeOkU2TGJiC_VeJv_LaEFnOnWRA9zykSrc4jlQjOY1gI2Ebbur76EWnRCb7UVy_kWLrenOtWjR3wJdB8ZOGdfqqHHh4rWQqYvDHcsss9VIhHF7Fs37QqYAgREGnnMN6RxHsI5_4DZsynjqvmAvQPiMmvehb1iwuhiugHWDE8rNE9mn_y0T0y2bMl7Cs9jPj9wA15oS6LJUaLMY2ABf7YP3Nuq8TQYLviSP_LDnYU0PnUhrQYf1ZwG6GGbPWq1EYdI8dPpjLcfPTWE6imiWMKqSfjeIfJ5vNok2PLSmYltZGuapfobWDBrJl4wFx-sWhHuClzOL_F6NtyjdP1LV6tUZFTdSJuwGYDSlS-XH3VXulbz-sBfjrmR7Ua4K25waP2DkGqQTqfcKBgUkUO4N_iDnPSW2Ul47ia2RGVoGZWw6yzC7K2wqlU2qM34DA_6ZJBI5NwUkOGn8cOdd5d7vM8G_0kim6gqU9aGWzfFNhxuW3zVMmlRqAdDNxh5w24_V_PUpflSCeu6yCD6uzVVMoCmkLBMxgIw2-8Prwu7QcSHkYBvnLKZaf1BItZKjG4Rrd4FSUm6ropPvgXKwlcFlBKFoEdifLBJ51mVvgEXIkAF_9eoNyg6h-8-azqbrq8T7Hm-9-F1iwNz_ddBoh0F8IztYmxO-0bBjd6DDOQbKBBKYtoD70mRLmzvdRFGjbXfaiELr5uSZZsXeP7n29nP4hZxLMJePtuFOSQ7JeTa4JpaVd2lZJzAF9uptC963ZAKNQ3KAianQRUJavSvc-CW-iBoPSqBzWjIBKNWvG2XcNnBBD_EfyewmpWe8R8Qv2Nm4jyI-d68ZqdU7p2l1q3SKytOzaUI0WW0veMvV7jhnEnEd6rudkEvMnTR9cs0cOOif3bNVweMe247ZfmWYfUh-lPoxYcTH4itku-ywyjY6cL7PjnhQIPJI8ao1s88F72qBGzZjvAmYOMlUjXY3LtMvuoPHXLxuCV6swpBY7p7Vwc0pJ7cuzwzxxTGlPOTGxYQXzLs6iP5WaLwnR5C73NZ3se_6DsmX72xvUvVDfRe-9gopAnH28Sw_Qng4-3-1y3NOa8oVmYrPSM4OXWOrFq_7BW5ioi02TMVkSgMGOc0jlutRohpjTSdyK8BIXhZxTq_KWBo8m8v-ESAhtaKck1i6w3iXR-Q3L66qEQR82MiOsia-lmZ2YYiWBCaFs21KW1dJR_DQlFWxsnFa5foyLfzKNoMwVYMoHg&cid=CAQSSwDICaaNzDfXT3s0nGjLYLkooqPALpRIU1aXUqyyi0lTzMw3Zo9HlK1lSa4PC0LZV0FBLQInanOsyR090p2TWegj6G7IVKzl-yp2_xgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.anrfactory.com%2F&ds=l&xdt=1&iif=1&cor=1885390549341713400&adk=1964084972&idt=141&cac=0&dtd=37

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f0581de9dd8e3d8da5f4557fd631f12174a0ade3efb5493eeb43f43ee582e36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=600&slotname=1378432737&adk=3943645601&adf=1137415096&pi=t.ma~as.1378432737&w=300&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=300x600&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431707&bpp=1&bdt=475&idt=402&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=3407&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=gNB1ZBehBQ&p=https%3A//www.anrfactory.com&dtd=404
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12245
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame FE22 4 KB
751 B 52ms
52ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5948233133&adk=4056677716&adf=1801571695&pi=t.ma~as.5948233133&w=740&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=740x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431705&bpp=2&bdt=473&idt=382&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=260&ady=1364&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=SnIB15LGDr&p=https%3A//www.anrfactory.com&dtd=386

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 01 Nov 2023 16:00:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 01 Nov 2023 15:46:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Nov 2023 16:00:32 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B3E2 42 B
63 B 356ms
352ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ABhZ96Vsl9HaB5ctlKjwcWLMObbGUrXR53wSFQ9-jwTJLTPD0uj4tn3GaTo-3YCreNBuB4DM3628u-IvQb9_A1Sp9-jVLdBa0hOsI8_gO4WxW78zs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=600&slotname=5727907135&adk=245867249&adf=306411070&pi=t.ma~as.5727907135&w=300&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=300x600&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431707&bpp=1&bdt=475&idt=394&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=1ziUkcBYYJ&p=https%3A//www.anrfactory.com&dtd=397

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B3E2 0
20 B 353ms
348ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=13365934127360563557&x=1&ct=77

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame B3E2 89 KB
31 KB 137ms
132ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 01 Nov 2023 16:00:32 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 89B5 624 B
245 B 85ms
82ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNXn0h2KSziSXn4NK99_s_HnMrEA1RdKWk5hza7ItgzSuv5xRStF4CdPfGsD_d9-4g-MfmQEtHwHQc-eXNyMVWiPjIy9BWXhJfJMNBnGW1p95isUhYGgHWYDxIhROKxdQWJzXzzuABtX0uSmTKox3gur73hgmzUfVic48BMtDXk28rdRAKs

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=600&slotname=5727907135&adk=245867249&adf=306411070&pi=t.ma~as.5727907135&w=300&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=300x600&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431707&bpp=1&bdt=475&idt=394&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=1ziUkcBYYJ&p=https%3A//www.anrfactory.com&dtd=397
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Nov 2023 16:00:32 GMT
expires: Wed, 01 Nov 2023 16:00:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/ Frame B3E2 3 KB
1 KB 45ms
41ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 15:26:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2049
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Nov 2023 15:26:23 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/ Frame B3E2 20 KB
8 KB 45ms
42ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5ba431addebca895832667d33e2ad51e4da1a1f2fbab72116d716c08077695a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Tue, 31 Oct 2023 19:18:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74498
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8430
x-xss-protection: 0
server: cafe
etag: 7000445677337367579
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Nov 2023 19:18:54 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B3E2 188 KB
59 KB 94ms
84ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfd86eed5b662601ed1effa05e0922030a1bbfb3111d160df9b4f71630198c37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60393
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698666127188353"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Nov 2023 16:00:32 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/ Frame FE22 2 KB
825 B 46ms
43ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d66ca23a7be1d8803307f937a250d0f90959f1289862b8e870d6795000f2b731

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Tue, 31 Oct 2023 19:19:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74473
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 798
x-xss-protection: 0
server: cafe
etag: 15713038447858168282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Nov 2023 19:19:19 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231026/r20110914/ Frame FE22 23 KB
9 KB 46ms
44ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231026/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

08979ac5dc183c913f0f274b03a248982b04fea0aac48c10ae1bd0b717f42641

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Tue, 31 Oct 2023 19:18:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74511
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9142
x-xss-protection: 0
server: cafe
etag: 3118617226516770384
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Nov 2023 19:18:41 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/ Frame FE22 3 KB
1 KB 59ms
57ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 15:26:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2049
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Nov 2023 15:26:23 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/ Frame FE22 20 KB
8 KB 47ms
45ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5ba431addebca895832667d33e2ad51e4da1a1f2fbab72116d716c08077695a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Tue, 31 Oct 2023 19:18:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74498
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8430
x-xss-protection: 0
server: cafe
etag: 7000445677337367579
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Nov 2023 19:18:54 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FE22 188 KB
59 KB 143ms
142ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfd86eed5b662601ed1effa05e0922030a1bbfb3111d160df9b4f71630198c37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60393
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698666127188353"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Nov 2023 16:00:32 GMT

GET
H2 200 ac1dbca482530a26bafc7a8c1241173a.js Show response
www.gstatic.com/mysidia/ Frame FE22 36 KB
15 KB 236ms
39ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ac1dbca482530a26bafc7a8c1241173a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cddb42bd69440699ae8fe758dac4d5f52911fa67b2a7a637d5d1bcfa2d88b0d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 07:11:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31731
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15099
x-xss-protection: 0
last-modified: Thu, 26 Oct 2023 19:42:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 30 Jan 2024 07:11:42 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 304D 14 KB
1 KB 54ms
48ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5727907135&adk=3356919574&adf=2015200353&pi=t.ma~as.5727907135&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=476&idt=418&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4198&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=uY6P5JAyNc&p=https%3A//www.anrfactory.com&dtd=424

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 01 Nov 2023 16:00:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 01 Nov 2023 15:06:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Nov 2023 16:00:32 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/18018440164699217012/ Frame FE22 129 KB
129 KB 48ms
46ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/18018440164699217012/14763004658117789537

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53bdd242ebf4e0a72f3a68d270e1e753c839b827176c28b77085c77f39c97be3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 07:36:01 GMT
x-content-type-options: nosniff
age: 30271
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 132316
x-xss-protection: 0
last-modified: Wed, 18 Oct 2023 03:22:47 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 31 Oct 2024 07:36:01 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/2845984699785319679/ Frame FE22 2 KB
2 KB 46ms
44ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2845984699785319679/14763004658117789537?w=100&h=100&tw=1&q=75

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d82401a4bbf4dc537e65202c1afe76ea0b4b7e3583349a95ea2b3b1ac408d35e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 07:36:01 GMT
x-content-type-options: nosniff
age: 30271
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1835
x-xss-protection: 0
last-modified: Wed, 18 Oct 2023 03:22:43 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 31 Oct 2024 07:36:01 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/ Frame 304D 2 KB
825 B 58ms
58ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5727907135&adk=3356919574&adf=2015200353&pi=t.ma~as.5727907135&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=476&idt=418&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4198&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=uY6P5JAyNc&p=https%3A//www.anrfactory.com&dtd=424

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d66ca23a7be1d8803307f937a250d0f90959f1289862b8e870d6795000f2b731

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Tue, 31 Oct 2023 19:19:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74473
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 798
x-xss-protection: 0
server: cafe
etag: 15713038447858168282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Nov 2023 19:19:19 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231026/r20110914/ Frame 304D 23 KB
9 KB 56ms
56ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231026/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5727907135&adk=3356919574&adf=2015200353&pi=t.ma~as.5727907135&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=476&idt=418&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4198&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=uY6P5JAyNc&p=https%3A//www.anrfactory.com&dtd=424

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

08979ac5dc183c913f0f274b03a248982b04fea0aac48c10ae1bd0b717f42641

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Tue, 31 Oct 2023 19:18:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74511
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9142
x-xss-protection: 0
server: cafe
etag: 3118617226516770384
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Nov 2023 19:18:41 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 0470 41 KB
14 KB 56ms
52ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CH8OtY3wr7RYjF7r5x7TEauPLTGlmvAdEo7CHGhpJSp6Cp4VBjB5tuN_Qb2mnp_4LI6VFgCWKS9gu9aD3Dv7bp3R9R7VPKC58GYkawG0t6OQfJJ2vXNkVlqOBShVICZT1CtHQv3L_ldtMHFM50ZB-qmSipqco-J2KVygSmfDGmGKOIMK21n-YFdPbBckkJzIErkxErpy0ipqCdJ3xL2XWoIIH5HA&cry=1&dbm_d=AKAmf-BlRwRd0sVtqKyfqCZ4FfBx4DTxV2w3_qbvevWejKFpj_0IYrsnjMnxh89PBRm5EYdT-U5vhLat5ZB0dbY6o0KihgJ_li0vW4JbxAA0xtpbCVbpdcy1lcdeU9LngXUlqltKgREKUJnJLhXYXjTGxDyDRnAZT9TwHth3FzzHNZw2XdtRVVmUAI62S2USlPnIfrpS6W1T0pYEVlwIj-h5ArAWPBmuq9glm_5PJYxwGZapwtk1Dv2Wu0Ev2H-HyD0aEYDNidxwkGVgckK66wXxCAoQEYrdULTb9H4yr6RK_fvnm42RWOHIxzJ4QamL0H8zMnKsErzSLLj4hYVkF97PzRc_XxwXPwaj0Qv8rVvRCq2PZo-bgAHH_rTd93bTATr03dkjJG37d44lEUSchw3EkS-GrBtLa5hRejMS-6XbVHG4WCHsjhCxd-lGzW3FmRNVqLy037lp5lBxTFSN0L4500oFyvYmlVVRdw-EGcnFITpoPy2SR4au-4W-anzIjpJFh1kp-Xapknebes7dViOlFWcXRi2Xh-OlSt-oNQa3wWlQiWiJCped29NFxB08OFmGlIhKNHUjaZXo-a9zf7Uq04sGluU1pKk6o4FrblbgmikQo5R53uYNAvokDk8BM8NX_lxd_e0aQnPzJxznq9FHFlLKa272fIeU2i1w-pjrIp77tcjQQsfpZh7EoSeq_Z2tW8XpmGqATkwEYqK3v113V3UU6Ksu1C0iLtLPccBEB-DefdEFMpmn88RSuRDAxRvHBr7S_7GoP9sKNsG1V6xwWAzD14V9HAb8KlXeaAzplK96qUbT9eklpTNhmaTQ-zjlU9j4VLu90_hShqe7qZOtcFuEKq0GElzeswDOdXDM5nrQGA1nI4-cTVyzvHxm9cQ2F1RvSg1eVuYntZQITrGUgvMLJuHSvnBN_B-yomfCqoBQiy21T_3OBIPKIF-7-YALTc18T_NTfO3z543erTe3Mq3elXhJL9_AblxtDP0oQKRQht8udDZm1gux0nTldgrXqApqvRZ8OmVjfhCyc0UcLpDegcBcWzq0FufiZOVFzbtOsUlLcdfZLZ2reXc6kpBVBGZtxhThGquawqvUrlhgXyOzoGK5KMm-QqF5Pr-zwwhkFCaxVIl2PQTIjlI9NxOn1maNhIkrlH221ndXXKLVnvCXDz9sgwcSI4GPHLJcJajkg3YeNdjLTnE8wvMlmoqUcXwjyCsrXB_I3uwmDVhy9pnmdObCeoLpMhl67KjDa41g4SxBUU4VoeYeH31EnbPIrBFQ25lhkF9vh9YeWSqiUiYUDeIj78nebWxyXc7kG-f0V27FYMGmxQglTJT01cuqiN2Ihedk8XraZAHQbu-7f6ir_vHaEHQWYY3zojuJcHAFORQpIJ4npaKaHWSZULbZR2cT4psxcwM1YHDyjZYms-MLj0a_b_zo90uzBHGDpYGr4Ulx1FHvnEY0vPlifCe7GXqJY_bptzl5HP4BF01-ULf8_AFVGLjG8gx6VNozGv73-rwdSE77LgfstsY6S4MHIqifDtBzNxJ6E-lMVHWVx1KmLDZuOkRt7Ygd-0liiMr4aVzcgELM9GmkqfcRciuAY7UXWT2qRAan88WKVLB8nayv4KFr8agV6HjGP2aS36H0bZ57pNayY24y1HXoWiOAeLeMka3dndistHSP09NK1Lt5Rr3t6zSys5DKidjfi51iWzJAsUtMWFlnN-pWdqusKVl9q2y8R0p4A8yu3bs9tMDhww3-_W6IjZZmP0M6XjYU3AXOykyINyFIGQ-5FxsdgZNbOYN35-wJB0JiOET5Tvout0CFMS13o8eqfIZsJLs8ZKFIcdz_D-zeLzCvAvqnS1B44pOoBCLs5GH5ps11rLeN8IpgCQvt3HuJUMPIwgzoVTOeuZDVTs_SH1v3cygIGrqCbgIay-wmlkJA-Db5TOFLIdKpWcFvwo-X3gOlLh7LiqrZdVuBrtevp73nDwyZ9LPurMPk0BaimcvOTIXOl28482MEaKKKP6Oi6qt1Pldq7aYDf7XnuWrF4RWM2PYGygycqVcIUCaa158MF4kPh-AgkVBAWnYZA6qPnA9O6WNShX_I481M9uguhBV7PiZ_vPr96oJeaedkyDan3-4bCnDuhE5MpriyGo4WMcImAAsvSlo-IUQ-DkpVVcg2oY6Lch2dyA46JIdORHhg0Y1BQ0DIYk4LwdHuKyNAodk7ByKlszMb8N38E1m-CdTJdpQEdheNpg6r9TX2Q6OJC-h6R2CO5TaDGYlqjcXWqfiDnRlVxn0JY8lFqfuUjK3YwVtr4nKXodOTlVt6C-uAxHz42kmqd_nC0BtL6aZdoev9MraNoO7AmFUFVsclTKCVIUvm1kJMnf-jIPowEyD0kZP5Fea3k0yd8WaCAKaKJ_FV27ThQxe-ULcIMdu2rXgKN0DkZ1i5kGX33171YIxGZXiDckZJhhAsYj9zbcH4FNuXM0evsZyV4yjFj3GXWc_bZ_M_6C3hceXIjUB7tP3FL6p-Ejkv4eWpvUFDHMiCUpWlMNlAmo7Y3EDv_AjrVihuqVTVDv69NnjfVcWrRcw0QPMeMptRQXcrtKE1tD2Bc-J63op1ILDyUOQ6MCiA15hzrxSVzpAeOkU2TGJiC_VeJv_LaEFnOnWRA9zykSrc4jlQjOY1gI2Ebbur76EWnRCb7UVy_kWLrenOtWjR3wJdB8ZOGdfqqHHh4rWQqYvDHcsss9VIhHF7Fs37QqYAgREGnnMN6RxHsI5_4DZsynjqvmAvQPiMmvehb1iwuhiugHWDE8rNE9mn_y0T0y2bMl7Cs9jPj9wA15oS6LJUaLMY2ABf7YP3Nuq8TQYLviSP_LDnYU0PnUhrQYf1ZwG6GGbPWq1EYdI8dPpjLcfPTWE6imiWMKqSfjeIfJ5vNok2PLSmYltZGuapfobWDBrJl4wFx-sWhHuClzOL_F6NtyjdP1LV6tUZFTdSJuwGYDSlS-XH3VXulbz-sBfjrmR7Ua4K25waP2DkGqQTqfcKBgUkUO4N_iDnPSW2Ul47ia2RGVoGZWw6yzC7K2wqlU2qM34DA_6ZJBI5NwUkOGn8cOdd5d7vM8G_0kim6gqU9aGWzfFNhxuW3zVMmlRqAdDNxh5w24_V_PUpflSCeu6yCD6uzVVMoCmkLBMxgIw2-8Prwu7QcSHkYBvnLKZaf1BItZKjG4Rrd4FSUm6ropPvgXKwlcFlBKFoEdifLBJ51mVvgEXIkAF_9eoNyg6h-8-azqbrq8T7Hm-9-F1iwNz_ddBoh0F8IztYmxO-0bBjd6DDOQbKBBKYtoD70mRLmzvdRFGjbXfaiELr5uSZZsXeP7n29nP4hZxLMJePtuFOSQ7JeTa4JpaVd2lZJzAF9uptC963ZAKNQ3KAianQRUJavSvc-CW-iBoPSqBzWjIBKNWvG2XcNnBBD_EfyewmpWe8R8Qv2Nm4jyI-d68ZqdU7p2l1q3SKytOzaUI0WW0veMvV7jhnEnEd6rudkEvMnTR9cs0cOOif3bNVweMe247ZfmWYfUh-lPoxYcTH4itku-ywyjY6cL7PjnhQIPJI8ao1s88F72qBGzZjvAmYOMlUjXY3LtMvuoPHXLxuCV6swpBY7p7Vwc0pJ7cuzwzxxTGlPOTGxYQXzLs6iP5WaLwnR5C73NZ3se_6DsmX72xvUvVDfRe-9gopAnH28Sw_Qng4-3-1y3NOa8oVmYrPSM4OXWOrFq_7BW5ioi02TMVkSgMGOc0jlutRohpjTSdyK8BIXhZxTq_KWBo8m8v-ESAhtaKck1i6w3iXR-Q3L66qEQR82MiOsia-lmZ2YYiWBCaFs21KW1dJR_DQlFWxsnFa5foyLfzKNoMwVYMoHg&cid=CAQSSwDICaaNzDfXT3s0nGjLYLkooqPALpRIU1aXUqyyi0lTzMw3Zo9HlK1lSa4PC0LZV0FBLQInanOsyR090p2TWegj6G7IVKzl-yp2_xgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.anrfactory.com%2F&ds=l&xdt=1&iif=1&cor=1885390549341713400&adk=1964084972&idt=141&cac=0&dtd=37

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 14:17:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 438153
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 26 Oct 2024 14:17:59 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/6220663121761969900/ Frame 304D 18 KB
18 KB 67ms
65ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6220663121761969900/14763004658117789537

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5727907135&adk=3356919574&adf=2015200353&pi=t.ma~as.5727907135&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=476&idt=418&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4198&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=uY6P5JAyNc&p=https%3A//www.anrfactory.com&dtd=424

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2fe0e66d412e48fdb0d858cbd7f98b855316a073a6df047ef0ea96e2838c0e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 08:49:40 GMT
x-content-type-options: nosniff
age: 25852
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18890
x-xss-protection: 0
last-modified: Fri, 24 Mar 2023 11:35:45 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 31 Oct 2024 08:49:40 GMT

GET
DATA 200
OK truncated
/ Frame 304D 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 304D 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6228ca9e6798424cc37849c7080cdc1d38c4da419a3078d4d4fc2cbb95e8a06f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/ Frame 304D 3 KB
1 KB 66ms
64ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5727907135&adk=3356919574&adf=2015200353&pi=t.ma~as.5727907135&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=476&idt=418&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4198&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=uY6P5JAyNc&p=https%3A//www.anrfactory.com&dtd=424

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 15:26:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2049
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Nov 2023 15:26:23 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/ Frame 304D 20 KB
8 KB 43ms
40ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5727907135&adk=3356919574&adf=2015200353&pi=t.ma~as.5727907135&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=476&idt=418&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4198&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=uY6P5JAyNc&p=https%3A//www.anrfactory.com&dtd=424

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5ba431addebca895832667d33e2ad51e4da1a1f2fbab72116d716c08077695a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Tue, 31 Oct 2023 19:18:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74498
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8430
x-xss-protection: 0
server: cafe
etag: 7000445677337367579
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Nov 2023 19:18:54 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 304D 188 KB
59 KB 102ms
101ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5727907135&adk=3356919574&adf=2015200353&pi=t.ma~as.5727907135&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=476&idt=418&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4198&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=uY6P5JAyNc&p=https%3A//www.anrfactory.com&dtd=424

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfd86eed5b662601ed1effa05e0922030a1bbfb3111d160df9b4f71630198c37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60393
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698666127188353"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Nov 2023 16:00:33 GMT

GET
H2 200 ac1dbca482530a26bafc7a8c1241173a.js Show response
www.gstatic.com/mysidia/ Frame 304D 36 KB
15 KB 184ms
49ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ac1dbca482530a26bafc7a8c1241173a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5727907135&adk=3356919574&adf=2015200353&pi=t.ma~as.5727907135&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=476&idt=418&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4198&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=uY6P5JAyNc&p=https%3A//www.anrfactory.com&dtd=424

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cddb42bd69440699ae8fe758dac4d5f52911fa67b2a7a637d5d1bcfa2d88b0d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 07:11:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31731
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15099
x-xss-protection: 0
last-modified: Thu, 26 Oct 2023 19:42:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 30 Jan 2024 07:11:42 GMT

GET
H/1.1 200
OK jf2y0amzcvu0 Show response
hal9000.redintelligence.net/zone/ Frame 0470 12 KB
4 KB 173ms
40ms Script
text/html 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/jf2y0amzcvu0?subid=&gdpr=&gdpr_consent=&rnd=1698854432211185&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCm7XSIHZCZfHxDL6wpfgP7_GX0Aym5b2gab2YnKfJD_AuEAEgpP6-GmCVgoCAsAfIAQmpAlMqZWSOsrE-qAMByAObBKoE_QFP0Kchyh3MNNUU3zLzZrfGi39sHX53X_mn_vLKqadx_XeEWKTU3LBNda5P8JPg0CNxGLL9ORuMM1AT3VOnhAcX78_GY0CIcCgR9GHlUY0kKdj4uCNbGVy_-ZEomIb658n7aBgU_QS4s2q265bxKYhQNL0gS66N71Ma3G6mbLcUU7Qwp1e0MpBCagzNrauHjzZRL8ez44W26-ofLwTl8x_Z9ooPpeTWuNZ5nl3VX1ZDR2yBmnboOPygnFSuP77J3r7txz-bgZHHtjVCJG3ZO8maFL1QZ6I93Tq8ZNaHwdH22viIfrw5ALI6GMZ84ioQ6itTHsNcArhJjkOBFcjtwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREWwE_q8sBXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26num%3D1%26cid%3DCAQSSwDICaaNzDfXT3s0nGjLYLkooqPALpRIU1aXUqyyi0lTzMw3Zo9HlK1lSa4PC0LZV0FBLQInanOsyR090p2TWegj6G7IVKzl-yp2_xgB%26sig%3DAOD64_3SXnBwJ36blFn8-a55E8PRNaqDRw%26client%3Dca-pub-4387471810015760%26dbm_c%3DAKAmf-Czmzf97c-AxpV9JJUD6AFwpYYcSsPeLaR4bRtcBJUD85V3AWQXtdQdDpDyAaqtR1-lHZ-FJLISARwqUNb2TgdinAFOSNHM0470VBHTolZUhsvQMB-_bQVAmSQaoktPFgiBsJU5OilLpb--EU8sA9dgRoEGSLH7gYrJlcD6kp7K4KYLYvPpA3BYacc6T3ZwH1_06Jm-TMy90O5ZfJD8-4yTuLUo0A%26cry%3D1%26dbm_d%3DAKAmf-D2LsA7j9-tXGSOVV7zYz2-264LPbVESp532q5YL_AQSrysc6a7KYkLbEDGuG6fSlm9bp2zPt-1BwYgYPFkbV6Xe_HF1NeRkb2ZiC1x_lhiWY35O969RK5nqOt29SzD3RJ9YDRCf7XjoOwD1IIdXcStZcySwiHGSQXtFEmzgEIdpehHdlDSfy4ilwRCJh0wQDVMlvmAgpIzc4Br-FSxcCUAZqFXRyPM8xfQkuWrJ_UA4SDfdJGtAD0bDKfMN0hU6AB7bQyNd4_UTeJUqWAuX1j4A6dVNdqfLp9mJ0QJdjgSmkLlfG_UnlAdw0x9LtdUyB4sCtRypoXPuW7AXAOJwr-nuT_dFpc_R7ZrzNg0ikbdVqiGzb3Uz3jYiGuWzV5ZukMWVmuW5m6VU3S2fJu86rt2tR4gLXuvGmQs96LQKpuLcQonIEmva7N0TRvNfC7hWyPXC3JrI2cqE-is4Gdc8fzOM9y3O3mfXbQ_QttOMXqOllgfIa8Y_8N8YxsZTpJJUbQXO2gwJsdEQViG9XZqQ8xhCRVEfLrB-dxA52fF8DqnBBPRRbHBixMba-uo5vfIBmY7SUP2cOfzYqNw0uNs94bBsI3jyopsfU7lr_fvN7iq-CT510c2iHesVP6JXgssvXgF1D7K_qRTGrM4uDggZxnX31ewDt07xJeuhavU_O2G7XRJ6_OFCGuTg36yq4iU0I_nmrvk%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=600&slotname=1378432737&adk=3943645601&adf=1137415096&pi=t.ma~as.1378432737&w=300&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=300x600&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431707&bpp=1&bdt=475&idt=402&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=3407&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=gNB1ZBehBQ&p=https%3A//www.anrfactory.com&dtd=404
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 5f4ef8ff0178cb33778e410ed185b86d8c9d737caa30d192ce9c4f6cd1cae033

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date: Wed, 01 Nov 2023 16:00:33 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4308
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame FE22 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 509c67ba68a21510fe8525c7d402a7ab8a0292fd99a5915469a2cbfbaff1fe92

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B3E2 0
20 B 577ms
577ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8019536481423&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B3E2 0
20 B 635ms
635ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8019536481423&version=m202309260101&ct=77&x=1&cor=13365934127360563000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B3E2 19 KB
13 KB 219ms
218ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BiQHKyeOKE4MJ5LcPkat-jd_BWIZG-mTCQhOSLa8Z_G-PcrmE3_fio548xxhWxb9zKdP79qF-OPH-dp_pnFivsbdxMbjWrxVc8mdLDeHc0zsePxPahhwZgVyL2D0rJf9mkhHZ3FQp1rCoAy72B97BlACjjcO6DAjCeMwwwDtXQyMFEYdQ&cry=1&dbm_d=AKAmf-CFGjfVf06r-12a8tfuEbht1v9mu9zxfywQTw7nS05UWyvDfMfTY8xzkiV4bUA6wp7fpO3-mB5SAAB0z0LqK4voGlXvXp-UL3O_Ab3A6pQ-ppJzz4aAn1qa6IKq7OPWIVgeL89AQRQPfusXCSdRbEayVc0aHRHpwWgPiOgBCfRp_dDupy5hb72xRRouksUfclMUthNO5jAQXSdy4e3b65iJQzTVTVR4B4fpblM3SN159oyIkMWgqata7d5twdm0dt3lVbn3Dp9OgUwEkGUp3oICPrDcwLusu8sUT-HD7rSry7jVZ95iWS0gcwvDiKQ8wNxM37abtlbOIFqkFIjZhO6uboWI3iqucPPetDNOB7KQltAIzF6CRY9rpAr_wryGAYWXwcT5D0Nrm7suVGFCcVOWasUMujHiW-D1oiGgfqE9gZ_HXd_vzONJTzdhx52KCoR-SOv27KSXmB7zK2czgwC0lPbgwjnhPAFc2rBb6m1vOdzY0wjVcpARSikXbbWCI7PYJZSIBCM2ie2O6sZmiM8TtyH2AlWxmSAPVfDxmiy2OiCx-SREJKdmDZ_vRFE9eNtE5f29LGSya79GFzF30DTLK-ey0zICr3j8f_m-m_ADK_TVVi5A2r-cqGYR2tftH_1VK5tGHWz6088KhrroXQA8MzHjz2QUYb_appOpoCyNKgD3BQ2T-7NaMfCinhuAcINH5Ik14b11EI4EdDF7O1p7BNnsBsATqKvV8wHNcjm9Ywg2TLV36ENISqE8wmIsSBldYo_fB9p732cM_ro4oY7ko7XoztGWWGOiPPa01xe0k8SAtl7iJufIJPL0rQ2--s98r401m5vD12oIncbFH-EvNsP4NqFcv2o0f-AF_yPDnJNyZQSdkOjWDeLY8OBbvq3HJdLCeg2pVQSJE5dvYxkPjIh1Br6cXRPxkWHmP2OybsIC9joNcblAQsj8crRWGPNbzBfvWVnDCx4PC7v8p3jA1D3D8xylD2wixmKxOwtP9s2A8VI-xxkI0t0bwgsEi7I1130J06JGr2hji5mBV4p7V0J9qj2pF0aV_9Nvn9Gnc1RfQNgPXRFIwf5X_TwXWNccmlePaS5QN1FX5NQ8fal_trz9hTG4ESBrGex7SYZtbUPi9cBOBfbB9_9kCxiilWPkIWvcYhRTsQQjQVKnc2xUQfuBYCwe3VhKZzjCgHOLzcPJW-HlTMF-SCdQH193H3Qh_3Ttn7N8k5GyGwsqn70-MEOS6AhDHArZn68hyXNVczVBLlMTM6a8QRkkT_m6ddcGB3e3rPuaLj2Ymcvkytqq7fLGohRjrCPt8STrc03raHNRVROa7nLWed32nSMrvD9RFTWMPUMzDK5aqRv1VeIFLHACigV43D1coe3zFZ6-6JBpwI8CJyMqTkIBKQDtga8vxNHYtXVUsOT6_k9ID_iNg1_Nk7BJ7AHoi7Cp4U17ggBTABsZO6wZUNyVgTKostK5rgnGvYVoE1Ze_xMK_xfnUHWIiptUCFn6zTgRR8fKzhjkPgMp-gRaHdNyp5jliuhiZ6110tJSiJedaFZv55NL1S-uObwTrt4AO1NCmqbKZBTnSiOvC5bpDjmwJHNXuobRjiAcDsttybwtSBl1LcccmO-krvBewwL8M3kkZu-aG7gjzg2oJNjrpexL-cl5VAEblC7YEqGuONb8Qy8KDk3-hG8AHuX-DpdBHbTNIVYtomJkMReyVFx6Vg9D1CBXxzDMEgzXesFuQnWUSe9lTRgHajyKPYOIwZrSce-hAzjE1Ms46cqGczYTRwW_KtslPh0vfOVdG_lJB5L_8LjLHqt2zUNUEPkoBsW4K1UpjgUrwzUQ0hTyGSzO0o4YtbN8LThTL9yqglSJXDnbro9wIZ5gMcnRP0OmbyIAeWHxUJsWCKBkuXvqgoQFjW1_4R1IQFDt7fV_1dXZz4vrlkm8Oqu83sAZ3fZCvfew9s6YwkX5Vpy9w6L-XM8Z01P8F8XvedEoEfJBgI7ToH7UIMGAYKeOYK6KfrXtLwwkDUH-xaSOMzU-_YyxroErj-6syafjwqBZUR2odnhwp1eL_ot_3SYL9CgPbKJmh5nNa2-E5FAlq78ol9kuzTAmMwvFA_iFvGvkmUEKAGzw21H5W7GTShDzPTXMRJZPHcsuD0BKzc-8DcE6wvo9d22LbXoHxXyS2lI22APAht_ODyTgaRyuQQAew-UaDFO0_gfIUYYowxAIKVxCTw7rfHJKR5GxItrwxsVRor_xHPbnXRGeorWuB4ZxLPWmkMTYsHEcbxUKV4WcaZ_sn2_RWpzIpCf9jjbVov6kmiRFfUAiN0pnJwngunWDV0GnKUR8wfofKpEkKVvMhcwNcffbK_rLdS3qbjnM-RmVDWllWwiDIM41XmaXaPK1sQSJ99n0BnjSdGNnFP9m7ZoxBGqUn9fI1Lmr4eAs0x08YlUanKPs31wDCy67B6CGjcWXbU0HOY_duM0yGWF1cnJIto6aYhv46oo3gHelqPsj4s2ZCizr5FixjiVM-SMou3NOaHDXycn8sZ5_AiTcT0oQkRET80uZbV358nFahy2prZQjuOOL_P1m3d08DLm3Lw_QAjlsDzjcLrK3elWkpNSPZMH4hVCOCzZFRCLYwoLcVf_XxLGMUA644miPztnhS0yiAzpsHp0N5j5FNnGrJlrUoKAbLMHNv6zzSWWb0bl1RzWhQd6UP7m7zIJj_v7V9i-snQPh94IHaBTGst1hCdsTVT8vR9WHFX6f67Fez2Nn8Wn6aEWq1yLeU4NDgB6QdOR-bIm6v64-wI7ZNnMYOGpTL_G0Vkqzrs7NoKWaEZov8V0HSBc3GdhYkbCkOlvk7e85FIgbMeyX9KOU2KIsbeSn_mIBs1TkeZ_S0yOB5BbRBSdW999mYpozwJ7boFW-0l3zqYvnBJtOZEgQKAZ_B5HSaHtJQCYEYSV2i7XH8Mt_9aLyT2ELFwh1hgUaR6DgaINu-E6lkyK2l0HUbGSFG1VHSequNIMI9QWjz46Wky0zVl4Wntev02NvoUZV3To273AI0yO2eFZNIbnuW5gva4rSc5TVuJ7M8r9gpeiJUr25-aoVoh_RPQH1cOOOdHRbFZi5yKHEsPN0e3Y5EkAD3-7LynNQmylg7yMm2OMLO4HcBKau6SWDEIkCdCTVH5_mwgWKui12OBD-SJmwJUpMugQx1Z2CHE4e8UXYsyrUQDXgsUZQUEhB6DKWZLM8dNALZAOC-LmSb6-er_1JLhkVZiOvkgLgtJXAy166Z5WgBiEB4yvslKdQviYKWJBZOsC0oMpYHiu6dtRQyrcpa-1ZDjK_wqyHNYABSkTxl1rNuirUmXBQAE26cp9siA2CjukRDzJkgNv5b-KXOhOmCHIr6KR_n8xXYMpkxOdYMDPA0t0zilgwX0We6OUndy_7AcdUXv1aKwFjkGXcH7H_1uQTUDU4pmXhNmHI6oVVijjsXe1L_GzyI3BMhuTtasFVfO7UgXk4FwlzezkWci8EHF4UUsAz7aLKvpJtpnXSd6uQIme4_XLO3HhZJnv2yOB0mm5EnLfa1Kf8lMbPHUiLHE-Kstxfg68C_R-k8ZM0V56RBzzSoWhApCZjM-VYAi_yP5YepeDkYFnTtAo-pBLKODHeOzAemPfd5EovhUa3Eq6zHrFesaIA4v6M4I2B_M14CfIVNJLpTmhfG26_zzkG3nlmlHtHqXUNLiR6nMFHK5A_Po7wW8y0jhopQR14HMbQEt_Ux6dSxogMyAn27NCNRSHAaic1QnAj4Fsj3j5ZWynF_Jn7GU5cW4NwiPUwqfA9BJXNM6dZ8356UBaUavSxgIVG1ug_v-A&cid=CAQSSwDICaaN0X34t5UsQQuYWY39n8MycRGeM46d6rgQpZ_z1w-jcKOiwnTd2Bu_mUNhMsZLPO14FVWdxL5hv4PYEFKSUQopbg4eAeHUXBgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.anrfactory.com%2F&ds=l&xdt=1&iif=1&cor=13365934127360563000&adk=250412560&idt=158&cac=0&dtd=5

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a27a6d8d8f9cdb3f0d89ddd6d3c5f9f0db067f62976985d820e529201a061804

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=600&slotname=5727907135&adk=245867249&adf=306411070&pi=t.ma~as.5727907135&w=300&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=300x600&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431707&bpp=1&bdt=475&idt=394&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=1ziUkcBYYJ&p=https%3A//www.anrfactory.com&dtd=397
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13685
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/ Frame 977E 3 KB
1 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5948233133&adk=1087588583&adf=3152050774&pi=t.ma~as.5948233133&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=477&idt=455&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600%2C1200x280%2C1200x280&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4758&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=shBEHE1AvQ&p=https%3A//www.anrfactory.com&dtd=457

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 15:26:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2050
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Nov 2023 15:26:23 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/ Frame 977E 20 KB
8 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5948233133&adk=1087588583&adf=3152050774&pi=t.ma~as.5948233133&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=477&idt=455&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600%2C1200x280%2C1200x280&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4758&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=shBEHE1AvQ&p=https%3A//www.anrfactory.com&dtd=457

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5ba431addebca895832667d33e2ad51e4da1a1f2fbab72116d716c08077695a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Tue, 31 Oct 2023 19:18:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74499
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8430
x-xss-protection: 0
server: cafe
etag: 7000445677337367579
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Nov 2023 19:18:54 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 977E 188 KB
59 KB 85ms
84ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5948233133&adk=1087588583&adf=3152050774&pi=t.ma~as.5948233133&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=477&idt=455&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600%2C1200x280%2C1200x280&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4758&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=shBEHE1AvQ&p=https%3A//www.anrfactory.com&dtd=457

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfd86eed5b662601ed1effa05e0922030a1bbfb3111d160df9b4f71630198c37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60393
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698666127188353"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Nov 2023 16:00:33 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame A409 14 KB
1 KB 50ms
49ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5948233133&adk=1083092672&adf=245134348&pi=t.ma~as.5948233133&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=476&idt=449&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600%2C1200x280&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4478&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=kY34AZIFex&p=https%3A//www.anrfactory.com&dtd=452

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 01 Nov 2023 16:00:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 01 Nov 2023 15:06:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Nov 2023 16:00:33 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/ Frame A409 2 KB
825 B 43ms
42ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5948233133&adk=1083092672&adf=245134348&pi=t.ma~as.5948233133&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=476&idt=449&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600%2C1200x280&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4478&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=kY34AZIFex&p=https%3A//www.anrfactory.com&dtd=452

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d66ca23a7be1d8803307f937a250d0f90959f1289862b8e870d6795000f2b731

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Tue, 31 Oct 2023 19:19:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74474
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 798
x-xss-protection: 0
server: cafe
etag: 15713038447858168282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Nov 2023 19:19:19 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231026/r20110914/ Frame A409 23 KB
9 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231026/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5948233133&adk=1083092672&adf=245134348&pi=t.ma~as.5948233133&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=476&idt=449&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600%2C1200x280&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4478&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=kY34AZIFex&p=https%3A//www.anrfactory.com&dtd=452

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

08979ac5dc183c913f0f274b03a248982b04fea0aac48c10ae1bd0b717f42641

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Tue, 31 Oct 2023 19:18:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74512
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9142
x-xss-protection: 0
server: cafe
etag: 3118617226516770384
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Nov 2023 19:18:41 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/ Frame A409 3 KB
1 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5948233133&adk=1083092672&adf=245134348&pi=t.ma~as.5948233133&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=476&idt=449&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600%2C1200x280&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4478&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=kY34AZIFex&p=https%3A//www.anrfactory.com&dtd=452

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 15:26:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2050
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Nov 2023 15:26:23 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/ Frame A409 20 KB
8 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231026/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5948233133&adk=1083092672&adf=245134348&pi=t.ma~as.5948233133&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=476&idt=449&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600%2C1200x280&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4478&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=kY34AZIFex&p=https%3A//www.anrfactory.com&dtd=452

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5ba431addebca895832667d33e2ad51e4da1a1f2fbab72116d716c08077695a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Tue, 31 Oct 2023 19:18:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74499
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8430
x-xss-protection: 0
server: cafe
etag: 7000445677337367579
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Nov 2023 19:18:54 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A409 188 KB
59 KB 137ms
136ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5948233133&adk=1083092672&adf=245134348&pi=t.ma~as.5948233133&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=476&idt=449&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600%2C1200x280&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4478&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=kY34AZIFex&p=https%3A//www.anrfactory.com&dtd=452

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfd86eed5b662601ed1effa05e0922030a1bbfb3111d160df9b4f71630198c37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60393
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698666127188353"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Nov 2023 16:00:33 GMT

GET
H2 200 d599a13f2d55174d184d6a153b52b21f.js Show response
www.gstatic.com/mysidia/ Frame A409 36 KB
15 KB 48ms
48ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/d599a13f2d55174d184d6a153b52b21f.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5948233133&adk=1083092672&adf=245134348&pi=t.ma~as.5948233133&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=476&idt=449&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600%2C1200x280&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4478&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=kY34AZIFex&p=https%3A//www.anrfactory.com&dtd=452

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

880716a61b8dc1d71256ba9d615d8ae2830984de2e66490da8a6a6a80cc5b630

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Tue, 31 Oct 2023 16:00:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 86395
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15146
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 15:46:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 29 Jan 2024 16:00:38 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 89B5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKd2rHiCytdOVA6wtLrQrNU&google_cver=1

43 B
737 B

53ms
53ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKd2rHiCytdOVA6wtLrQrNU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNXn0h2KSziSXn4NK99_s_HnMrEA1RdKWk5hza7ItgzSuv5xRStF4CdPfGsD_d9-4g-MfmQEtHwHQc-eXNyMVWiPjIy9BWXhJfJMNBnGW1p95isUhYGgHWYDxIhROKxdQWJzXzzuABtX0uSmTKox3gur73hgmzUfVic48BMtDXk28rdRAKs
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:33 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YafON03Ke0%2BYhZgC%2BdxMHYsyvsHPHumdUNpWtMZCurPHHUKtBfABxXhhXlaeZAgdWQDPzWsVYtvJ%2F7tHr%2F9wRsquIuvu7oiZKc3YYVQ%2BUun0nG0PLr%2FYkrz9iejOstyyCJCJATLGibUf5g%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 81f559ef58473a76-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:33 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKd2rHiCytdOVA6wtLrQrNU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 89B5
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZUJ2IJUsnMyIkpVkZ3.pTQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKd2rHiCytdOVA6wtLrQrNU&google_cver=1&google_hm=2

43 B
735 B

57ms
56ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKd2rHiCytdOVA6wtLrQrNU&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNXn0h2KSziSXn4NK99_s_HnMrEA1RdKWk5hza7ItgzSuv5xRStF4CdPfGsD_d9-4g-MfmQEtHwHQc-eXNyMVWiPjIy9BWXhJfJMNBnGW1p95isUhYGgHWYDxIhROKxdQWJzXzzuABtX0uSmTKox3gur73hgmzUfVic48BMtDXk28rdRAKs
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:33 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jkcRZvXjkpXFBFZVXycix4gBCcfJsNCddSa%2BOdmeLrHnK66EYMwZIeqUso0PKFmAUuYCbN1NzliEMnHujXbvpO3WepeO9Gl4eIza%2Fn4ykKpaPo8BY2RnedGXaF%2BAJv%2FUCS37d9PgzqvHAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 81f559efd8d83a76-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:33 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKd2rHiCytdOVA6wtLrQrNU&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 89B5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEAh6uijMSHskqn6_5nBsZ2E&google_cver=1

43 B
841 B

49ms
48ms

Image
image/gif

37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEAh6uijMSHskqn6_5nBsZ2E&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNXn0h2KSziSXn4NK99_s_HnMrEA1RdKWk5hza7ItgzSuv5xRStF4CdPfGsD_d9-4g-MfmQEtHwHQc-eXNyMVWiPjIy9BWXhJfJMNBnGW1p95isUhYGgHWYDxIhROKxdQWJzXzzuABtX0uSmTKox3gur73hgmzUfVic48BMtDXk28rdRAKs

Protocol

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:33 GMT
an-x-request-uuid: 8a98312f-dab3-40d4-97e0-64a7f0495189
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 80.255.7.103; 80.255.7.103; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:33 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEAh6uijMSHskqn6_5nBsZ2E&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 89B5
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjYzNTIzMTI5NzEwOTcwNzAy

170 B
188 B

50ms
50ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjYzNTIzMTI5NzEwOTcwNzAy

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:33 GMT
an-x-request-uuid: bd1cbcc5-377e-4297-b48d-0823d8ff154e
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjYzNTIzMTI5NzEwOTcwNzAy
x-proxy-origin: 80.255.7.103; 80.255.7.103; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 35B7 199 KB
58 KB 226ms
133ms Document
text/html 2a02:2638:3::12
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZUJ2IAAEP4MJCUJkAAqh6y-eLtzYERisEdVJog&u=%7CRtZyootPBjEBEV0TuDTrxm9S8HdHesjGG3HR9ttpNMs%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANSWY8jeVe2k8ZUPprk5OgF73hJYGYv9W4HEPFn34Pj0r9baK6KwSU3-aSRLdKGI9O5mAUZ163LVxIpWjnfpdgUbH51aRKFre9pk8spW1erNyHDHw1ZiZ9lnRovsf9WYW3qq1nWM_gNhZlXrVDhDLqxp6vU_lkOli57ut1SkslyYn-1qEYWo5zjFqBrUmtC0fWo1MO1FettrM31oqPs0gyYW-59eP8BlSWS2NaGBQp0BP8mHzwP2GQ7Lw6HCNd2ErJ36bX3uQXsgW4HXIp1zTCaydb-VGMwFbxFis18GS2iDQdXtuZmI1qLO1A27YmODeZ6j3KwKGAgFdmXrwoBWLzpBYoIcX-TPWAmEuaIiJUwqenkp4EEN3fP_HlfI_xj1jTNeTMeo1vLjEDNdshMScwrtOKWXcSmjUBo7XQQixSfdEqD33--Cahki0dwuDOIsbbl72GxlV_murZfMw7ZLKEWt6EeXPMtdJ11uNiMq1uw8AXWbf6UfZohrAN70kbnNyivmOPDFESNTQHj-NQe3u4Xl9X9XsMeeFlII_NEuwchVh&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvv4rIHZCZYP_EOSEpfgP68OqoAbJntKxXMWymPdwwI23ARABIABglYKAgLAHggEXY2EtcHViLTQzODc0NzE4MTAwMTU3NjDIAQmpAnq6GyBXt7E-qAMByAMCqgSbAk_QhPru2aCE7HOdhHuZmev0yBOlKTcV30wfNGEUa9e5FQ9uNvWXgrvmHrjQDfhNy3fuVYsvB4T7xb6jhp2bFEf3AVutmEZw_ygTE8Z2a-fIUJt5q6UXkWt0xdc2pWhXPsQzWo1s8IS2jf5nVo-iZjpHTaoztnlIYTZEzVLAtxV-rzfFhc6F_h4oRe6wKKkDPVyi-PyoLMF94uQ9eEdn7DRrmJEz-Ad_oNOAY_pL0Sj7zrVdX4Fc193siQQLFhk7Cs8sLaHTPxGzXdL5uo-2xmjspp4JitC6Aj-nfikAi1JjhZSsj7PgFmgJMCmrzFT2y7IufUrY9nRnp7EZ7r5lKYwuUVR3MhgYyu_3CjHiL1GjnYOEFj2wzqHJyJKABrbKkt-fqNqelgGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0qM1-Qg-xwOXOOhzXq2uY8rG1sfA%26client%3Dca-pub-4387471810015760%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5948233133&adk=1087588583&adf=3152050774&pi=t.ma~as.5948233133&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=477&idt=455&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600%2C1200x280%2C1200x280&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4758&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=shBEHE1AvQ&p=https%3A//www.anrfactory.com&dtd=457

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

2d64be1c054043799fe1548360496d3304e0039a2128af8e311499181fbc82fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Wed, 01 Nov 2023 16:00:32 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=_TCjaWuKnl-tmDys6QXuAiWo3PChR4u_TAh5oorzXi1SxEGsLtGORSR1huSjjVG_GRKGUSHze-fcrINPTwB1Njp68CXgWCbTtcL5SM_DZvKJ60Nvvtoznnbx_M5JlvhObaOGywk1_agrPTEFfdnHgP6Q5kiH7bZr_7x7Bpw40LZhYJUIQAlZfAd7ll2QIKWsICjm1S0a3O9HFyePf6bb0K9uokvWXzxe8Ep0ltqNMETGdhftAQrbrKLdjna145b_A7TJZg"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 71383478
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame FE22 16 KB
16 KB 44ms
43ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Tue, 31 Oct 2023 17:26:14 GMT
x-content-type-options: nosniff
age: 81259
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Oct 2024 17:26:14 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame FE22 15 KB
15 KB 43ms
43ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 23:02:07 GMT
x-content-type-options: nosniff
age: 147506
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Oct 2024 23:02:07 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/4563024044894609929/ Frame A409 57 KB
57 KB 43ms
42ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4563024044894609929/14763004658117789537?w=600&h=314&tw=1&q=75

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5948233133&adk=1083092672&adf=245134348&pi=t.ma~as.5948233133&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=476&idt=449&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600%2C1200x280&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4478&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=kY34AZIFex&p=https%3A//www.anrfactory.com&dtd=452

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29f07e96fd9428cb445451844aa187f980cbab7e2f8fa0386e783afa31dc2ed3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 21:11:32 GMT
x-content-type-options: nosniff
age: 154141
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58763
x-xss-protection: 0
last-modified: Thu, 21 Jul 2022 00:39:07 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 29 Oct 2024 21:11:32 GMT

GET
DATA 200
OK truncated
/ Frame A409 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame A409 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame F2EA 38 KB
13 KB 41ms
41ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 438132
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 27 Oct 2023 14:18:21 GMT
expires: Sat, 26 Oct 2024 14:18:21 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

request.php Show response
hal90006.redintelligence.net/ Frame 0470
Redirect Chain

https://hal90006.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=e8cb66458a&subid=&uid=192b826e103c77d4&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90006.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=e8cb66458a&subid=&uid=192b826e103c77d4&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

4 KB
2 KB

222ms
144ms

Script
application/x-javascript

138.201.63.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90006.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=e8cb66458a&subid=&uid=192b826e103c77d4&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCm7XSIHZCZfHxDL6wpfgP7_GX0Aym5b2gab2YnKfJD_AuEAEgpP6-GmCVgoCAsAfIAQmpAlMqZWSOsrE-qAMByAObBKoE_QFP0Kchyh3MNNUU3zLzZrfGi39sHX53X_mn_vLKqadx_XeEWKTU3LBNda5P8JPg0CNxGLL9ORuMM1AT3VOnhAcX78_GY0CIcCgR9GHlUY0kKdj4uCNbGVy_-ZEomIb658n7aBgU_QS4s2q265bxKYhQNL0gS66N71Ma3G6mbLcUU7Qwp1e0MpBCagzNrauHjzZRL8ez44W26-ofLwTl8x_Z9ooPpeTWuNZ5nl3VX1ZDR2yBmnboOPygnFSuP77J3r7txz-bgZHHtjVCJG3ZO8maFL1QZ6I93Tq8ZNaHwdH22viIfrw5ALI6GMZ84ioQ6itTHsNcArhJjkOBFcjtwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREWwE_q8sBXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26num%3D1%26cid%3DCAQSSwDICaaNzDfXT3s0nGjLYLkooqPALpRIU1aXUqyyi0lTzMw3Zo9HlK1lSa4PC0LZV0FBLQInanOsyR090p2TWegj6G7IVKzl-yp2_xgB%26sig%3DAOD64_3SXnBwJ36blFn8-a55E8PRNaqDRw%26client%3Dca-pub-4387471810015760%26dbm_c%3DAKAmf-Czmzf97c-AxpV9JJUD6AFwpYYcSsPeLaR4bRtcBJUD85V3AWQXtdQdDpDyAaqtR1-lHZ-FJLISARwqUNb2TgdinAFOSNHM0470VBHTolZUhsvQMB-_bQVAmSQaoktPFgiBsJU5OilLpb--EU8sA9dgRoEGSLH7gYrJlcD6kp7K4KYLYvPpA3BYacc6T3ZwH1_06Jm-TMy90O5ZfJD8-4yTuLUo0A%26cry%3D1%26dbm_d%3DAKAmf-D2LsA7j9-tXGSOVV7zYz2-264LPbVESp532q5YL_AQSrysc6a7KYkLbEDGuG6fSlm9bp2zPt-1BwYgYPFkbV6Xe_HF1NeRkb2ZiC1x_lhiWY35O969RK5nqOt29SzD3RJ9YDRCf7XjoOwD1IIdXcStZcySwiHGSQXtFEmzgEIdpehHdlDSfy4ilwRCJh0wQDVMlvmAgpIzc4Br-FSxcCUAZqFXRyPM8xfQkuWrJ_UA4SDfdJGtAD0bDKfMN0hU6AB7bQyNd4_UTeJUqWAuX1j4A6dVNdqfLp9mJ0QJdjgSmkLlfG_UnlAdw0x9LtdUyB4sCtRypoXPuW7AXAOJwr-nuT_dFpc_R7ZrzNg0ikbdVqiGzb3Uz3jYiGuWzV5ZukMWVmuW5m6VU3S2fJu86rt2tR4gLXuvGmQs96LQKpuLcQonIEmva7N0TRvNfC7hWyPXC3JrI2cqE-is4Gdc8fzOM9y3O3mfXbQ_QttOMXqOllgfIa8Y_8N8YxsZTpJJUbQXO2gwJsdEQViG9XZqQ8xhCRVEfLrB-dxA52fF8DqnBBPRRbHBixMba-uo5vfIBmY7SUP2cOfzYqNw0uNs94bBsI3jyopsfU7lr_fvN7iq-CT510c2iHesVP6JXgssvXgF1D7K_qRTGrM4uDggZxnX31ewDt07xJeuhavU_O2G7XRJ6_OFCGuTg36yq4iU0I_nmrvk%26adurl%3D&documentReferer=https%3A%2F%2Fwww.anrfactory.com%2F&ancestorOrigins=https%3A%2F%2Fwww.anrfactory.com&random=8258945105255&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=600&slotname=1378432737&adk=3943645601&adf=1137415096&pi=t.ma~as.1378432737&w=300&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=300x600&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431707&bpp=1&bdt=475&idt=402&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=3407&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=gNB1ZBehBQ&p=https%3A//www.anrfactory.com&dtd=404
Protocol: HTTP/1.1
Server: 138.201.63.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 8bd769874d6885f429856986f9043c4f1b8c8ad28b12129b6111a45129d01020

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Nov 2023 16:00:33 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 72152000125532904444978012495006
Connection: close
Content-Length: 1330
Expires: Wed, 01 Nov 2023 16:00:33 +0100

Redirect headers

Pragma: no-cache
Date: Wed, 01 Nov 2023 16:00:33 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=e8cb66458a&subid=&uid=192b826e103c77d4&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCm7XSIHZCZfHxDL6wpfgP7_GX0Aym5b2gab2YnKfJD_AuEAEgpP6-GmCVgoCAsAfIAQmpAlMqZWSOsrE-qAMByAObBKoE_QFP0Kchyh3MNNUU3zLzZrfGi39sHX53X_mn_vLKqadx_XeEWKTU3LBNda5P8JPg0CNxGLL9ORuMM1AT3VOnhAcX78_GY0CIcCgR9GHlUY0kKdj4uCNbGVy_-ZEomIb658n7aBgU_QS4s2q265bxKYhQNL0gS66N71Ma3G6mbLcUU7Qwp1e0MpBCagzNrauHjzZRL8ez44W26-ofLwTl8x_Z9ooPpeTWuNZ5nl3VX1ZDR2yBmnboOPygnFSuP77J3r7txz-bgZHHtjVCJG3ZO8maFL1QZ6I93Tq8ZNaHwdH22viIfrw5ALI6GMZ84ioQ6itTHsNcArhJjkOBFcjtwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREWwE_q8sBXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26num%3D1%26cid%3DCAQSSwDICaaNzDfXT3s0nGjLYLkooqPALpRIU1aXUqyyi0lTzMw3Zo9HlK1lSa4PC0LZV0FBLQInanOsyR090p2TWegj6G7IVKzl-yp2_xgB%26sig%3DAOD64_3SXnBwJ36blFn8-a55E8PRNaqDRw%26client%3Dca-pub-4387471810015760%26dbm_c%3DAKAmf-Czmzf97c-AxpV9JJUD6AFwpYYcSsPeLaR4bRtcBJUD85V3AWQXtdQdDpDyAaqtR1-lHZ-FJLISARwqUNb2TgdinAFOSNHM0470VBHTolZUhsvQMB-_bQVAmSQaoktPFgiBsJU5OilLpb--EU8sA9dgRoEGSLH7gYrJlcD6kp7K4KYLYvPpA3BYacc6T3ZwH1_06Jm-TMy90O5ZfJD8-4yTuLUo0A%26cry%3D1%26dbm_d%3DAKAmf-D2LsA7j9-tXGSOVV7zYz2-264LPbVESp532q5YL_AQSrysc6a7KYkLbEDGuG6fSlm9bp2zPt-1BwYgYPFkbV6Xe_HF1NeRkb2ZiC1x_lhiWY35O969RK5nqOt29SzD3RJ9YDRCf7XjoOwD1IIdXcStZcySwiHGSQXtFEmzgEIdpehHdlDSfy4ilwRCJh0wQDVMlvmAgpIzc4Br-FSxcCUAZqFXRyPM8xfQkuWrJ_UA4SDfdJGtAD0bDKfMN0hU6AB7bQyNd4_UTeJUqWAuX1j4A6dVNdqfLp9mJ0QJdjgSmkLlfG_UnlAdw0x9LtdUyB4sCtRypoXPuW7AXAOJwr-nuT_dFpc_R7ZrzNg0ikbdVqiGzb3Uz3jYiGuWzV5ZukMWVmuW5m6VU3S2fJu86rt2tR4gLXuvGmQs96LQKpuLcQonIEmva7N0TRvNfC7hWyPXC3JrI2cqE-is4Gdc8fzOM9y3O3mfXbQ_QttOMXqOllgfIa8Y_8N8YxsZTpJJUbQXO2gwJsdEQViG9XZqQ8xhCRVEfLrB-dxA52fF8DqnBBPRRbHBixMba-uo5vfIBmY7SUP2cOfzYqNw0uNs94bBsI3jyopsfU7lr_fvN7iq-CT510c2iHesVP6JXgssvXgF1D7K_qRTGrM4uDggZxnX31ewDt07xJeuhavU_O2G7XRJ6_OFCGuTg36yq4iU0I_nmrvk%26adurl%3D&documentReferer=https%3A%2F%2Fwww.anrfactory.com%2F&ancestorOrigins=https%3A%2F%2Fwww.anrfactory.com&random=8258945105255&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Wed, 01 Nov 2023 16:00:33 +0100

GET
DATA 200
OK truncated
/ Frame 304D 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 554ac939d96c74fc9a44e342f01d8e53640f43b6edddcbbabb3cc07dc94af5ab

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 977E 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 36691897013c909c7da9dd182b7d2dcab49dcee3f1411b289542139f19be0f3e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 146ms
145ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231030&jk=400695946823382&bg=!PzylPHPNAAbo5yKYyOc7ADQBe5WfOBMRrevU_lawOE5HJP0dkBcDV-l_fg-vSal_bmfLw_Eu23WgzFGPO7FhO_pnUSqTAgAAAGNSAAAACGgBBwoAJYazFRCXI0Qkcgs-k_4RLoUwLM0d12IK1VhYragFz-voCsktbBCZArZy7c5tEhVY3br2MpocQMxRtuemFNx5ZGMfLEsNJeAHGme8nSsFalDO5J3lzYQ6KlYhRdPAZlntVdVfJ-yo-Y7llRcARkJJRmXNU8KdNw3g3xBulD5GvlNeaIqbPjJBxo_MRU8aW-LPB6WMYMXA-Z7NYviTISWk3AFOi3vMDuzfmFZQOH9CEIthK6bZdY9eN0LN-p5Uat1wFmm2sgGNQMQ739ONEgw-7JO1QvHpSrXLyr0XZIkD9AmBieK9-iDkyUsqmXjiPlzZwJ57r2kZTLMYLUx1-A5hmYimZW07Ab76S4i7L2xjNSJx_LWLbO3UflyJE5gxB43bbMxZ_BH-S4Ick7usHuhyoiJaR56awFjhUXrVc_YSlLIXMKJhv_7Dm0y5F_AXydk9mjQof2gkTumxswgeNK6cKfB7tWR9kwPn4enkPwMyNHgJW7fyFx0y26u07C6a0uW8oqVmgCMnSSk-psyZFwv3gT-mLaDq8qU1pkL4pOz0SixgrHIIKfEFMrFItJD9kLpCyxoqqF8bfspL1n3pfS8xcVz5JYbDhEG88Ikkx45Bs0CISh7pTeJ38L-NC6-naZ2zKDD9D6pgztd30OtEkAPTZOdsckRIrkM_Ng5rbdVgJsLMdwz-sfQ55oNnfcLyXXNvtQzLux3VunXbM8RMmGr-gxUED27TbesFoItDv5EI_zkO7-vD4Al_C0iuP_cxxdCaSGZzN4Q_R-uenVB9mwDf0OW7hTsgfR7iUbCzYDyFih1OLzGTqHgcWMaDjix2q6NdtyDOhNY41Zkx6uux_c9oNaTyidMHEX2cB95hyZbsLlG_8GxsUvJJISc5140XDNb2Gkj6qrAUFvoApwVt50D7qvpbe98qxau7tCfHdkdJE70BV4ShgUGTsd-Nd1MrdUiYLuZo-7ZzY4bRV_AxA7nQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.anrfactory.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame FE22
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=COTJBIHZCZZ7VC7ra48AP2oWBsAiJidPFc6q4hueeEsCNtwEQASCk_r4aYJWCgICwB6ABu-CH7CjIAQmpAlMqZWSOsrE-qAMByAPLBKoErwJP0P-ZjZw8vUp2cIOl5g_2REe9-sWEIF5KNzj...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%229797022497941579995%22,%22debug_reporting%22:true,%22destination%22:%22https://marina-hotel.com%22,%22event_report_window%...

0
0

216ms
83ms

Fetch
text/css

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%229797022497941579995%22,%22debug_reporting%22:true,%22destination%22:%22https://marina-hotel.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210964037691%22],%224%22:[%2211-01%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%223306671006503847345%22}&andc=true

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:33 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"9797022497941579995","debug_reporting":true,"destination":"https://marina-hotel.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10964037691"],"4":["11-01"],"6":["true"]},"priority":"500","source_event_id":"3306671006503847345"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 01 Nov 2023 16:00:33 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 01 Nov 2023 16:00:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"9797022497941579995","debug_reporting":true,"destination":"https://marina-hotel.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10964037691"],"4":["11-01"],"6":["true"]},"priority":"500","source_event_id":"3306671006503847345"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 304D 33 KB
33 KB 40ms
40ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Tue, 31 Oct 2023 09:09:18 GMT
x-content-type-options: nosniff
age: 111075
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Oct 2024 09:09:18 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 304D
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CVldaIHZCZYqQDtn-48APouWd4A3E_Nv6c8jAr4mIEaaPp8mNDhABIKT-vhpglYKAgLAHoAHLktbOAcgBCakCerobIFe3sT6oAwHIA8sEqgSkAk_QxN2vAIbPYl9ChxQ0i6gSxwWDP_Z3aLe...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%224403217675671643562%22,%22debug_reporting%22:true,%22destination%22:%22https://curaprox.de%22,%22event_report_window%22:%2...

0
0

200ms
83ms

Fetch
text/css

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%224403217675671643562%22,%22debug_reporting%22:true,%22destination%22:%22https://curaprox.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22433424715%22],%224%22:[%2211-01%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2210806940224774216225%22}&andc=true

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:33 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"4403217675671643562","debug_reporting":true,"destination":"https://curaprox.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["433424715"],"4":["11-01"],"6":["true"]},"priority":"500","source_event_id":"10806940224774216225"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 01 Nov 2023 16:00:33 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 01 Nov 2023 16:00:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"4403217675671643562","debug_reporting":true,"destination":"https://curaprox.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["433424715"],"4":["11-01"],"6":["true"]},"priority":"500","source_event_id":"10806940224774216225"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 KtAbZGk4YSFPe8sm4rTLIGwqP9qmdNmoJQ7Qir-Zr9M.js Show response
pagead2.googlesyndication.com/bg/ Frame 0419 39 KB
15 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/KtAbZGk4YSFPe8sm4rTLIGwqP9qmdNmoJQ7Qir-Zr9M.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ad01b64693861214f7bcb26e2b4cb206c2a3fdaa674d9a8250ed08abf99afd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 07:11:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31729
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15118
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 31 Oct 2024 07:11:44 GMT

GET
H3 200 KtAbZGk4YSFPe8sm4rTLIGwqP9qmdNmoJQ7Qir-Zr9M.js Show response
pagead2.googlesyndication.com/bg/ Frame C8A0 39 KB
15 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/KtAbZGk4YSFPe8sm4rTLIGwqP9qmdNmoJQ7Qir-Zr9M.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5727907135&adk=3356919574&adf=2015200353&pi=t.ma~as.5727907135&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=476&idt=418&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4198&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=uY6P5JAyNc&p=https%3A//www.anrfactory.com&dtd=424

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ad01b64693861214f7bcb26e2b4cb206c2a3fdaa674d9a8250ed08abf99afd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 07:11:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31729
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15118
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 31 Oct 2024 07:11:44 GMT

GET
H3 200 mSNSQAl__hw8z5PwJ1hA32amL2zkBniEArBt9BN1XWc.js Show response
pagead2.googlesyndication.com/bg/ Frame F2EA 38 KB
15 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mSNSQAl__hw8z5PwJ1hA32amL2zkBniEArBt9BN1XWc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

99235240097ffe1c3ccf93f0275840df66a62f6ce406788402b06df413755d67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 15:45:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 917
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15010
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 31 Oct 2024 15:45:16 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame B3E2 41 KB
14 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BiQHKyeOKE4MJ5LcPkat-jd_BWIZG-mTCQhOSLa8Z_G-PcrmE3_fio548xxhWxb9zKdP79qF-OPH-dp_pnFivsbdxMbjWrxVc8mdLDeHc0zsePxPahhwZgVyL2D0rJf9mkhHZ3FQp1rCoAy72B97BlACjjcO6DAjCeMwwwDtXQyMFEYdQ&cry=1&dbm_d=AKAmf-CFGjfVf06r-12a8tfuEbht1v9mu9zxfywQTw7nS05UWyvDfMfTY8xzkiV4bUA6wp7fpO3-mB5SAAB0z0LqK4voGlXvXp-UL3O_Ab3A6pQ-ppJzz4aAn1qa6IKq7OPWIVgeL89AQRQPfusXCSdRbEayVc0aHRHpwWgPiOgBCfRp_dDupy5hb72xRRouksUfclMUthNO5jAQXSdy4e3b65iJQzTVTVR4B4fpblM3SN159oyIkMWgqata7d5twdm0dt3lVbn3Dp9OgUwEkGUp3oICPrDcwLusu8sUT-HD7rSry7jVZ95iWS0gcwvDiKQ8wNxM37abtlbOIFqkFIjZhO6uboWI3iqucPPetDNOB7KQltAIzF6CRY9rpAr_wryGAYWXwcT5D0Nrm7suVGFCcVOWasUMujHiW-D1oiGgfqE9gZ_HXd_vzONJTzdhx52KCoR-SOv27KSXmB7zK2czgwC0lPbgwjnhPAFc2rBb6m1vOdzY0wjVcpARSikXbbWCI7PYJZSIBCM2ie2O6sZmiM8TtyH2AlWxmSAPVfDxmiy2OiCx-SREJKdmDZ_vRFE9eNtE5f29LGSya79GFzF30DTLK-ey0zICr3j8f_m-m_ADK_TVVi5A2r-cqGYR2tftH_1VK5tGHWz6088KhrroXQA8MzHjz2QUYb_appOpoCyNKgD3BQ2T-7NaMfCinhuAcINH5Ik14b11EI4EdDF7O1p7BNnsBsATqKvV8wHNcjm9Ywg2TLV36ENISqE8wmIsSBldYo_fB9p732cM_ro4oY7ko7XoztGWWGOiPPa01xe0k8SAtl7iJufIJPL0rQ2--s98r401m5vD12oIncbFH-EvNsP4NqFcv2o0f-AF_yPDnJNyZQSdkOjWDeLY8OBbvq3HJdLCeg2pVQSJE5dvYxkPjIh1Br6cXRPxkWHmP2OybsIC9joNcblAQsj8crRWGPNbzBfvWVnDCx4PC7v8p3jA1D3D8xylD2wixmKxOwtP9s2A8VI-xxkI0t0bwgsEi7I1130J06JGr2hji5mBV4p7V0J9qj2pF0aV_9Nvn9Gnc1RfQNgPXRFIwf5X_TwXWNccmlePaS5QN1FX5NQ8fal_trz9hTG4ESBrGex7SYZtbUPi9cBOBfbB9_9kCxiilWPkIWvcYhRTsQQjQVKnc2xUQfuBYCwe3VhKZzjCgHOLzcPJW-HlTMF-SCdQH193H3Qh_3Ttn7N8k5GyGwsqn70-MEOS6AhDHArZn68hyXNVczVBLlMTM6a8QRkkT_m6ddcGB3e3rPuaLj2Ymcvkytqq7fLGohRjrCPt8STrc03raHNRVROa7nLWed32nSMrvD9RFTWMPUMzDK5aqRv1VeIFLHACigV43D1coe3zFZ6-6JBpwI8CJyMqTkIBKQDtga8vxNHYtXVUsOT6_k9ID_iNg1_Nk7BJ7AHoi7Cp4U17ggBTABsZO6wZUNyVgTKostK5rgnGvYVoE1Ze_xMK_xfnUHWIiptUCFn6zTgRR8fKzhjkPgMp-gRaHdNyp5jliuhiZ6110tJSiJedaFZv55NL1S-uObwTrt4AO1NCmqbKZBTnSiOvC5bpDjmwJHNXuobRjiAcDsttybwtSBl1LcccmO-krvBewwL8M3kkZu-aG7gjzg2oJNjrpexL-cl5VAEblC7YEqGuONb8Qy8KDk3-hG8AHuX-DpdBHbTNIVYtomJkMReyVFx6Vg9D1CBXxzDMEgzXesFuQnWUSe9lTRgHajyKPYOIwZrSce-hAzjE1Ms46cqGczYTRwW_KtslPh0vfOVdG_lJB5L_8LjLHqt2zUNUEPkoBsW4K1UpjgUrwzUQ0hTyGSzO0o4YtbN8LThTL9yqglSJXDnbro9wIZ5gMcnRP0OmbyIAeWHxUJsWCKBkuXvqgoQFjW1_4R1IQFDt7fV_1dXZz4vrlkm8Oqu83sAZ3fZCvfew9s6YwkX5Vpy9w6L-XM8Z01P8F8XvedEoEfJBgI7ToH7UIMGAYKeOYK6KfrXtLwwkDUH-xaSOMzU-_YyxroErj-6syafjwqBZUR2odnhwp1eL_ot_3SYL9CgPbKJmh5nNa2-E5FAlq78ol9kuzTAmMwvFA_iFvGvkmUEKAGzw21H5W7GTShDzPTXMRJZPHcsuD0BKzc-8DcE6wvo9d22LbXoHxXyS2lI22APAht_ODyTgaRyuQQAew-UaDFO0_gfIUYYowxAIKVxCTw7rfHJKR5GxItrwxsVRor_xHPbnXRGeorWuB4ZxLPWmkMTYsHEcbxUKV4WcaZ_sn2_RWpzIpCf9jjbVov6kmiRFfUAiN0pnJwngunWDV0GnKUR8wfofKpEkKVvMhcwNcffbK_rLdS3qbjnM-RmVDWllWwiDIM41XmaXaPK1sQSJ99n0BnjSdGNnFP9m7ZoxBGqUn9fI1Lmr4eAs0x08YlUanKPs31wDCy67B6CGjcWXbU0HOY_duM0yGWF1cnJIto6aYhv46oo3gHelqPsj4s2ZCizr5FixjiVM-SMou3NOaHDXycn8sZ5_AiTcT0oQkRET80uZbV358nFahy2prZQjuOOL_P1m3d08DLm3Lw_QAjlsDzjcLrK3elWkpNSPZMH4hVCOCzZFRCLYwoLcVf_XxLGMUA644miPztnhS0yiAzpsHp0N5j5FNnGrJlrUoKAbLMHNv6zzSWWb0bl1RzWhQd6UP7m7zIJj_v7V9i-snQPh94IHaBTGst1hCdsTVT8vR9WHFX6f67Fez2Nn8Wn6aEWq1yLeU4NDgB6QdOR-bIm6v64-wI7ZNnMYOGpTL_G0Vkqzrs7NoKWaEZov8V0HSBc3GdhYkbCkOlvk7e85FIgbMeyX9KOU2KIsbeSn_mIBs1TkeZ_S0yOB5BbRBSdW999mYpozwJ7boFW-0l3zqYvnBJtOZEgQKAZ_B5HSaHtJQCYEYSV2i7XH8Mt_9aLyT2ELFwh1hgUaR6DgaINu-E6lkyK2l0HUbGSFG1VHSequNIMI9QWjz46Wky0zVl4Wntev02NvoUZV3To273AI0yO2eFZNIbnuW5gva4rSc5TVuJ7M8r9gpeiJUr25-aoVoh_RPQH1cOOOdHRbFZi5yKHEsPN0e3Y5EkAD3-7LynNQmylg7yMm2OMLO4HcBKau6SWDEIkCdCTVH5_mwgWKui12OBD-SJmwJUpMugQx1Z2CHE4e8UXYsyrUQDXgsUZQUEhB6DKWZLM8dNALZAOC-LmSb6-er_1JLhkVZiOvkgLgtJXAy166Z5WgBiEB4yvslKdQviYKWJBZOsC0oMpYHiu6dtRQyrcpa-1ZDjK_wqyHNYABSkTxl1rNuirUmXBQAE26cp9siA2CjukRDzJkgNv5b-KXOhOmCHIr6KR_n8xXYMpkxOdYMDPA0t0zilgwX0We6OUndy_7AcdUXv1aKwFjkGXcH7H_1uQTUDU4pmXhNmHI6oVVijjsXe1L_GzyI3BMhuTtasFVfO7UgXk4FwlzezkWci8EHF4UUsAz7aLKvpJtpnXSd6uQIme4_XLO3HhZJnv2yOB0mm5EnLfa1Kf8lMbPHUiLHE-Kstxfg68C_R-k8ZM0V56RBzzSoWhApCZjM-VYAi_yP5YepeDkYFnTtAo-pBLKODHeOzAemPfd5EovhUa3Eq6zHrFesaIA4v6M4I2B_M14CfIVNJLpTmhfG26_zzkG3nlmlHtHqXUNLiR6nMFHK5A_Po7wW8y0jhopQR14HMbQEt_Ux6dSxogMyAn27NCNRSHAaic1QnAj4Fsj3j5ZWynF_Jn7GU5cW4NwiPUwqfA9BJXNM6dZ8356UBaUavSxgIVG1ug_v-A&cid=CAQSSwDICaaN0X34t5UsQQuYWY39n8MycRGeM46d6rgQpZ_z1w-jcKOiwnTd2Bu_mUNhMsZLPO14FVWdxL5hv4PYEFKSUQopbg4eAeHUXBgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.anrfactory.com%2F&ds=l&xdt=1&iif=1&cor=13365934127360563000&adk=250412560&idt=158&cac=0&dtd=5

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 14:17:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 438154
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 26 Oct 2024 14:17:59 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTY5ODg1NDQzMzA2ODMwNgogIHNlcnZlcl9pcDogMTM5NzkyNjUzCiAgcHJvY2Vzc19pZDogMTUxMjY0NDE2Cn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDExODY4OTQz...
ad.doubleclick.net/ddm/activity/ Frame B3E2 0
853 B 191ms
75ms Image
image/png 142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTY5ODg1NDQzMzA2ODMwNgogIHNlcnZlcl9pcDogMTM5NzkyNjUzCiAgcHJvY2Vzc19pZDogMTUxMjY0NDE2Cn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDExODY4OTQzCmFkdmVydGlzZXJfZG9tYWluOiAiaHR0cHM6Ly9zb2JlcmJlcmxpbi5jb20iCnhmYV9hdHRyaWJ1dGlvbl9pbnRlcmFjdGlvbl90eXBlOiBWSUVXCmltcHJlc3Npb25fcHJpb3JpdHk6IDAKaW1wcmVzc2lvbl9leHBpcnlfaW5fZGF5czogMzAKZXZlbnRfaW1wcmVzc2lvbl9pZDogMjE5NzI0MDEyODU2NzkzNTA5MgpkZWJ1Z19rZXk6IDE3NjU1MDg5NjA2NjQwMzgxOTgzCmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiMjAyMy0xMS0wMSIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDExODY4OTQzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQUNFTUVOVF9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMzMyMTYwNDE2CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19BRFZFUlRJU0VSX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA4NzgyNDM2OTYKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMTY2NjAxNDIwNjMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0NSRUFUSVZFX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA0MTYyMTY5ODYKICB9Cn0KYXJjaGV0eXBlX2lkOiAxCmFyY2hldHlwZV9pZDogMwphcmNoZXR5cGVfaWQ6IDQKYXJjaGV0eXBlX2lkOiA1CmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9zb2JlcmJlcmxpbi5jb20iCmltcHJlc3Npb25fZXZlbnRfcmVwb3J0aW5nX3dpbmRvd19kYXlzOiA0CmJyb3dzZXJfYXR0cmlidXRpb25fYXBpX3JlcXVlc3RfcHJvY2Vzc2luZ19iaXRzOiA3NTQ5NzQ3MjAK

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:33 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0x36edf8af49058e1a0000000000000000","3":"0xa374a3bac02963ff0000000000000000","4":"0x817f753e2e0096090000000000000000","5":"0x9ad8531c8d2fe8dd0000000000000000"},"debug_key":"17655089606640381983","debug_reporting":true,"destination":"https://soberberlin.com","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"8":["11868943"]},"priority":"0","source_event_id":"2197240128567935092"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 161ms
73ms Preflight
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 01 Nov 2023 16:00:33 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 977E 0
19 B 85ms
85ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CIng2IHZCZYP_EOSEpfgP68OqoAbJntKxXMWymPdwwI23ARABIABglYKAgLAHggEXY2EtcHViLTQzODc0NzE4MTAwMTU3NjDIAQmpAnq6GyBXt7E-qAMByAMCqgSYAk_QhPru2aCE7HOdhHuZmev0yBOlKTcV30wfNGEUa9e5FQ9uNvWXgrvmHrjQDfhNy3fuVYsvB4T7xb6jhp2bFEf3AVutmEZw_ygTE8Z2a-fIUJt5q6UXkWt0xdc2pWhXPsQzWo1s8IS2jf5nVo-iZjpHTaoztnlIYTZEzVLAtxV-rzfFhc6F_h4oRe6wKKkDPVyi-PyoLMF94uQ9eEdn7DRrmJEz-Ad_oNOAY_pL0Sj7zrVdX4Fc193siQQLFhk7Cs8sLaHTPxGzXdL5uo-2xmjspp4JitC6Aj-nfikAi1JjhZSsj7PgFmgJMCmrzFT2y7IuP0j5ZPT0d4y_Ppm_pazH9VpQOK4S5Pd1vvnfiaMcg6-cjvck7kiABrbKkt-fqNqelgGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTqACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNDM4NzQ3MTgxMDAxNTc2MBgA&sigh=KtBPROFDCps&uach_m=[UACH]&cid=CAQSTADICaaNwNUiKF-6V3WWJuxoAlx6Z4Zj0big2RHl2scYNWLpF5GTnyTT1UgDU7bHAU6Mlmw91W_irHMMsJRHdh5ABkSMz0m1_VChHe0YAQ&cbvp=2&vis=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5948233133&adk=1087588583&adf=3152050774&pi=t.ma~as.5948233133&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=477&idt=455&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600%2C1200x280%2C1200x280&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4758&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=shBEHE1AvQ&p=https%3A//www.anrfactory.com&dtd=457

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5948233133&adk=1087588583&adf=3152050774&pi=t.ma~as.5948233133&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=477&idt=455&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600%2C1200x280%2C1200x280&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4758&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=shBEHE1AvQ&p=https%3A//www.anrfactory.com&dtd=457
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 01 Nov 2023 16:00:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.fr3.eu.criteo.com/google/auction/ Frame 977E 0
126 B 151ms
50ms Image
text/plain 2a02:2638:d::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=kMHZGMz6RLAJmAKdg2ICAgAAAHvfimn6gnVwEB92QmUedtqodnM6BMYHAAASAAAKCkFRVUREd0VCRHc&wp=ZUJ2IAAEP4MJCUJkAAqh6y-eLtzYERisEdVJog&cbvp=2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5948233133&adk=1087588583&adf=3152050774&pi=t.ma~as.5948233133&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=477&idt=455&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600%2C1200x280%2C1200x280&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4758&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=shBEHE1AvQ&p=https%3A//www.anrfactory.com&dtd=457

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:32 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 147126
server: Kestrel
content-length: 0

GET
H/1.1 200
OK jf2y0amzcvu0 Show response
hal9000.redintelligence.net/zone/ Frame B3E2 12 KB
4 KB 127ms
48ms Script
text/html 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/jf2y0amzcvu0?subid=&gdpr=&gdpr_consent=&rnd=1698854432204487&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCZMpLIHZCZce9DKiBpfgPxrOKyAum5b2gab2YnKfJD_AuEAEgpP6-GmCVgoCAsAfIAQmpAnq6GyBXt7E-qAMByAObBKoE_QFP0Kn6jrWUSE8TGRy7I5PDGGNwaTPi22aI65BkyHw2kyFL2riNfTLiAtaqhg8g6F4nR84Ad7W3ctq8b8QE-XpvtCBuWpzcjTuq8Kihs7Dlhj_ast5HgkMP5DcvUgFnNCc_-bfz8wcBKp5skH7-gcMvUrLZuuMeJiEx1pfCqJNile2bg1wbuV5BPoGt8jVPIAZChL-Yh_UOpxySrQg-_ccbQKUG480a9KehTRHmAHhplS2Oc_jZnuwsRDNeDfhpWOR1wYEnnGFqZVA81OV8xo9miSHCMEMp7BD6jViF6Px708HovNDpdBDQ18S8D2WhwOAS04EwRAZMZ-WAlJ6fwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREWwE_q8sBXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSSwDICaaN0X34t5UsQQuYWY39n8MycRGeM46d6rgQpZ_z1w-jcKOiwnTd2Bu_mUNhMsZLPO14FVWdxL5hv4PYEFKSUQopbg4eAeHUXBgB%26sig%3DAOD64_3b46-RueFLQ8pDbBUBhHV_fzQGBg%26client%3Dca-pub-4387471810015760%26dbm_c%3DAKAmf-As51GJrgPnlHySml9-rje2hyKcrCqN9ZqWzmQL4Kr7oXqEQM5c4dt8gzLgbTLBzmYQhcx5JsTCFxAPz1yC5-L_iug3py8COmDXxzqt15E1yOAKO8TWPnQ2D4Q4GGu3CXzHBbM8EZIQ5rr5vOVIfECyXCVyIDiwvEMDhww_3royU-ZdFBo%26cry%3D1%26dbm_d%3DAKAmf-ALnn5GPqZO-jYhg7Ez-4QycdCYObT0jI8ID7axBaBJVEwSjPHmPYanm7TtudZzI0plUEIyufywxhqY0XLPdw3mjKm-0sU1n4P9nhjnH1y2euzYeNChTvvl3aiHuJKp5lHrl_e-mx8ce7_dhJOuiq7NNyXJd30RGiLlFiJjXIhgNLUawt0cqWi9fZIZjoEQGBpeevAtzIjJIlEmkD7LO8RdyEB0xsop1hbGKj98D6hROck2U8sh-mT1zG1e50PtVV9wEWmcNtYTaq8EYN3UydWjZNDT1-IkeuigyLax4O_yrVYsxe3wlttJdPPkq3g3PbEehY-svLhg3i-sR1IMWPlr6v-oiEiA5lDmKmFpXarSg4U74g-SBQZD_j7PruKgvACpDwyS5h57fMzy70oPiYK_5fjhWUvnu0RBCmLjdc-rJQ0a7u-c9ppErGbXb0I_LEzmY2UNpsF1J-JAylnNtZ2p49YU_qK2GvBOKDmrWfyJ8bOkE7jXLPGOKUBIVwsWzdH7zka-BiLZVy0R_5qQ_FJBE8BUnXKj_0Q8qf4BAC9JGqjK7A3ZUFFzhPTotfrGLTQ9rhsKhYuJ0h3597H3lg9jvVN2qlEtYJextsfDdPXtZ-MAQAz0RfwxNUTT0IX-hmPGIJOJ%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=600&slotname=5727907135&adk=245867249&adf=306411070&pi=t.ma~as.5727907135&w=300&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=300x600&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431707&bpp=1&bdt=475&idt=394&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=1ziUkcBYYJ&p=https%3A//www.anrfactory.com&dtd=397
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: c600b78c3ff5fc9e49a5732e28f9368aac48eb1f17cac2a2857c91ac938f6f09

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date: Wed, 01 Nov 2023 16:00:33 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4227
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame A409 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f9cdfa6f4c784e50e3dfa69e80e7332076a811e85fd28a6318c2ae78d1ee8cb8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame A409 33 KB
33 KB 40ms
39ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Tue, 31 Oct 2023 09:09:18 GMT
x-content-type-options: nosniff
age: 111075
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Oct 2024 09:09:18 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 75ms
75ms Preflight
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 01 Nov 2023 16:00:33 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 35B7 2 KB
1 KB 245ms
54ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZUJ2IAAEP4MJCUJkAAqh6y-eLtzYERisEdVJog&u=%7CRtZyootPBjEBEV0TuDTrxm9S8HdHesjGG3HR9ttpNMs%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jhV7Kd6SKvkZ2c775jfyZY6fGSNGGFpANSWY8jeVe2k8ZUPprk5OgF73hJYGYv9W4HEPFn34Pj0r9baK6KwSU3-aSRLdKGI9O5mAUZ163LVxIpWjnfpdgUbH51aRKFre9pk8spW1erNyHDHw1ZiZ9lnRovsf9WYW3qq1nWM_gNhZlXrVDhDLqxp6vU_lkOli57ut1SkslyYn-1qEYWo5zjFqBrUmtC0fWo1MO1FettrM31oqPs0gyYW-59eP8BlSWS2NaGBQp0BP8mHzwP2GQ7Lw6HCNd2ErJ36bX3uQXsgW4HXIp1zTCaydb-VGMwFbxFis18GS2iDQdXtuZmI1qLO1A27YmODeZ6j3KwKGAgFdmXrwoBWLzpBYoIcX-TPWAmEuaIiJUwqenkp4EEN3fP_HlfI_xj1jTNeTMeo1vLjEDNdshMScwrtOKWXcSmjUBo7XQQixSfdEqD33--Cahki0dwuDOIsbbl72GxlV_murZfMw7ZLKEWt6EeXPMtdJ11uNiMq1uw8AXWbf6UfZohrAN70kbnNyivmOPDFESNTQHj-NQe3u4Xl9X9XsMeeFlII_NEuwchVh&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvv4rIHZCZYP_EOSEpfgP68OqoAbJntKxXMWymPdwwI23ARABIABglYKAgLAHggEXY2EtcHViLTQzODc0NzE4MTAwMTU3NjDIAQmpAnq6GyBXt7E-qAMByAMCqgSbAk_QhPru2aCE7HOdhHuZmev0yBOlKTcV30wfNGEUa9e5FQ9uNvWXgrvmHrjQDfhNy3fuVYsvB4T7xb6jhp2bFEf3AVutmEZw_ygTE8Z2a-fIUJt5q6UXkWt0xdc2pWhXPsQzWo1s8IS2jf5nVo-iZjpHTaoztnlIYTZEzVLAtxV-rzfFhc6F_h4oRe6wKKkDPVyi-PyoLMF94uQ9eEdn7DRrmJEz-Ad_oNOAY_pL0Sj7zrVdX4Fc193siQQLFhk7Cs8sLaHTPxGzXdL5uo-2xmjspp4JitC6Aj-nfikAi1JjhZSsj7PgFmgJMCmrzFT2y7IufUrY9nRnp7EZ7r5lKYwuUVR3MhgYyu_3CjHiL1GjnYOEFj2wzqHJyJKABrbKkt-fqNqelgGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0qM1-Qg-xwOXOOhzXq2uY8rG1sfA%26client%3Dca-pub-4387471810015760%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 26 Oct 2024 16:00:33 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 35B7 2 KB
1 KB 236ms
46ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 26 Oct 2024 16:00:33 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 35B7 308 B
636 B 235ms
47ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:33 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sat, 26 Oct 2024 16:00:33 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 35B7 293 B
621 B 235ms
47ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:33 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sat, 26 Oct 2024 16:00:33 GMT

GET
H2 200 lg.php
cat.nl3.eu.criteo.com/delivery/ Frame 35B7 43 B
348 B 232ms
44ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=jonVwLJJ1NWGcSKhkbfRcEAoML3pKMY-RclfbE2F3krDs3Dc-CsCRm3QtXnJnKQlx9KONJ1f8llbEn-nMGjz-cXqEcitFHmxh-rQ4FvSWxhbZyZJ8fSIe-4tdJkOFH67_LEGTUDykI5bDv7vM8XETAYCZkjNJzRcD9Gm00BY8PRaukO5BVwQintH-2sRzlZWfNbNLUMel772swgYpWwW-TPKskdhiznaV6dLhDHPKPe2LrCGHIjBUUFZfrJWUSKy-sXccTWwEJ6MoEyNFLG-oGXHg9XaFg3wKuzHFEL0Xtc-XcxfC3FggmFym4qtYF-u16iDLdIpjrGSubIHIW7TvZhgbGjpKA_kKMZRsXzRHlf9aeX39EqrLJprBrx8OoG_mW12Mz_w0Jww2T_1fO4guu8SvD8Y3FFM6qkeqolfujHdzeJK

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:32 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1580625
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 35B7 12 KB
6 KB 234ms
54ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 26 Oct 2024 16:00:33 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 35B7 3 KB
3 KB 330ms
190ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=556&m=0&partner=9292&q=80&r=0&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F9292%2F5048790%2F411021e816b7434f8f71ebb18eb8e2f3_kare-spassamwohnen-2020-clean-rgb.jpg&v=3&w=196&rid=4&s=3IkWnM2SkKurYzke8bV4aWrB

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

7954fe9614832a5c8356adb849ba452f10b14a1a7b84daa41aaca52207b04a84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:32 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 3078
expires: Fri, 18 Oct 2024 12:23:00 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 35B7 23 KB
23 KB 223ms
83ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=1200&m=0&partner=9292&q=80&r=0&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F9292%2F5048790%2F4a9cda8f8b50497085a203e9ab9dea44_2023-09-native-ads-puppet-players-640x360px.jpg&v=3&w=1200&rid=4&s=0njbUnyeGdsUk7u6u2hXHnEE

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

9f17206c06c3f260ff0a492af2db6b94597a4912e269039691e403402f96b256

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:33 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 23404
expires: Fri, 18 Oct 2024 12:23:05 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 35B7 10 KB
10 KB 249ms
109ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=9292&q=80&r=0&u=https%3A%2F%2Fcdn.karestatic.com%2Fproduct-image%2Fb4dc99ce35be9ab553b83733f69dd63b98e27eb2.jpg%3Fio%3Dtrue%26canvas%3D1%3A1%26width%3D1024&v=3&w=800&rid=4&s=CPnuYGr-y9Zw-WSYhqHNvkGF&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

5859de66be1fc989c59aae1663ae698c1eb4ceb2793d0452a8c93603ecc725f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:32 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 10286
expires: Fri, 04 Oct 2024 10:17:45 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 35B7 99 KB
100 KB 330ms
190ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=9292&q=80&r=0&u=https%3A%2F%2Fcdn.karestatic.com%2Fproduct-image%2Fa130c5d7fa8dffc72f7c6bbde2420064b2e3cac0.jpg%3Fio%3Dtrue%26canvas%3D1%3A1%26width%3D1024&v=3&w=800&rid=4&s=VO22FyaSScdICJIk5gRsyj-K&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

b7554cdbb96fd76ab5e8c40547dd05f31d0f20a6c13d396b2a78fcc69d1d95ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:32 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 101640
expires: Wed, 02 Oct 2024 08:31:51 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 35B7 24 KB
24 KB 269ms
129ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=9292&q=80&r=0&u=https%3A%2F%2Fcdn.karestatic.com%2Fproduct-image%2F5a8126f44318466ed512e2c4e30df75f5ae094e0.jpg%3Fio%3Dtrue%26canvas%3D1%3A1%26width%3D1024&v=3&w=800&rid=4&s=nJXKfkNkDQrtMRzz_pAw7nmz&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

46d491aecda27fc374a80cd9cabbfc23b413119c7c28e0c01e4be6bcbfcc3ab3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:32 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 24814
expires: Thu, 03 Oct 2024 10:32:13 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 35B7 99 KB
99 KB 290ms
151ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=9292&q=80&r=0&u=https%3A%2F%2Fcdn.karestatic.com%2Fproduct-image%2Fedbdc5d58c96861f56cc4e44b12b699aecb55901.jpg%3Fio%3Dtrue%26canvas%3D1%3A1%26width%3D1024&v=3&w=800&rid=4&s=gHsAwy7uZ_CPU047iMeeiwsR&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ef2537ed6e478831b312c46e369172a62b04cc371b4bd34458eafaeadf69ee41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:32 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 101498
expires: Thu, 03 Oct 2024 07:00:37 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 35B7 89 KB
89 KB 174ms
163ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=9292&q=80&r=0&u=https%3A%2F%2Fcdn.karestatic.com%2Fproduct-image%2F2924b88260a8a04ba5033702854734e54e450076.jpg%3Fio%3Dtrue%26canvas%3D1%3A1%26width%3D1024&v=3&w=800&rid=4&s=GvKbLtJRKTsac0CCqc63CLC9&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

f94889f70475955a7e6eceda16ef4ad33870a5b968fb90f6a2bdd1debf7249d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:33 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 90996
expires: Wed, 02 Oct 2024 16:37:33 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 35B7 81 KB
81 KB 174ms
164ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=9292&q=80&r=0&u=https%3A%2F%2Fcdn.karestatic.com%2Fproduct-image%2F71b65d730aaaf408e626e32814b3dc46abb45166.jpg%3Fio%3Dtrue%26canvas%3D1%3A1%26width%3D1024&v=3&w=800&rid=4&s=7TD_A3isgR1VcE5jAnyGlTga&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

c54afa62a5e52b41d094941b5d467ebe04bd7262fec127940f1bb23931b5aa2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:33 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 83040
expires: Wed, 02 Oct 2024 09:46:06 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 35B7 0
128 B 189ms
50ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=_TCjaWuKnl-tmDys6QXuAiWo3PChR4u_TAh5oorzXi1SxEGsLtGORSR1huSjjVG_GRKGUSHze-fcrINPTwB1Njp68CXgWCbTtcL5SM_DZvKJ60Nvvtoznnbx_M5JlvhObaOGywk1_agrPTEFfdnHgP6Q5kiH7bZr_7x7Bpw40LZhYJUIQAlZfAd7ll2QIKWsICjm1S0a3O9HFyePf6bb0K9uokvWXzxe8Ep0ltqNMETGdhftAQrbrKLdjna145b_A7TJZg&sds=2&rev=89121&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 01 Nov 2023 16:00:32 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 35B7 2 KB
1 KB 47ms
37ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 26 Oct 2024 16:00:33 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 35B7 2 KB
1 KB 53ms
43ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 26 Oct 2024 16:00:33 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 29D4 38 KB
13 KB 59ms
41ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 438132
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 27 Oct 2023 14:18:21 GMT
expires: Sat, 26 Oct 2024 14:18:21 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame A409
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=Ca61RIHZCZcrkD8WEpfgPzM6lyA3W7tXOc9OZ88u_EbCQHxABIKT-vhpglYKAgLAHoAH8i5SZA8gBCakCUyplZI6ysT6oAwHIA8sEqgSmAk_QvhBo2SOWOKCsvgsFNCJhRfiONY9FWCU3AkZ...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2215277170428362201409%22,%22debug_reporting%22:true,%22destination%22:%22https://aroundhome.de%22,%22event_report_window%22...

0
0

77ms
74ms

Fetch
text/css

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2215277170428362201409%22,%22debug_reporting%22:true,%22destination%22:%22https://aroundhome.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22858064380%22],%224%22:[%2211-01%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2210623317401520007217%22}&andc=true

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:33 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"15277170428362201409","debug_reporting":true,"destination":"https://aroundhome.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["858064380"],"4":["11-01"],"6":["true"]},"priority":"500","source_event_id":"10623317401520007217"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 01 Nov 2023 16:00:33 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 01 Nov 2023 16:00:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"15277170428362201409","debug_reporting":true,"destination":"https://aroundhome.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["858064380"],"4":["11-01"],"6":["true"]},"priority":"500","source_event_id":"10623317401520007217"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK request.php Show response
hal90008.redintelligence.net/ Frame B3E2 3 KB
2 KB 283ms
176ms Script
application/x-javascript 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90008.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=266ff7430a&subid=&uid=03242ae658f99056&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCZMpLIHZCZce9DKiBpfgPxrOKyAum5b2gab2YnKfJD_AuEAEgpP6-GmCVgoCAsAfIAQmpAnq6GyBXt7E-qAMByAObBKoE_QFP0Kn6jrWUSE8TGRy7I5PDGGNwaTPi22aI65BkyHw2kyFL2riNfTLiAtaqhg8g6F4nR84Ad7W3ctq8b8QE-XpvtCBuWpzcjTuq8Kihs7Dlhj_ast5HgkMP5DcvUgFnNCc_-bfz8wcBKp5skH7-gcMvUrLZuuMeJiEx1pfCqJNile2bg1wbuV5BPoGt8jVPIAZChL-Yh_UOpxySrQg-_ccbQKUG480a9KehTRHmAHhplS2Oc_jZnuwsRDNeDfhpWOR1wYEnnGFqZVA81OV8xo9miSHCMEMp7BD6jViF6Px708HovNDpdBDQ18S8D2WhwOAS04EwRAZMZ-WAlJ6fwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREWwE_q8sBXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSSwDICaaN0X34t5UsQQuYWY39n8MycRGeM46d6rgQpZ_z1w-jcKOiwnTd2Bu_mUNhMsZLPO14FVWdxL5hv4PYEFKSUQopbg4eAeHUXBgB%26sig%3DAOD64_3b46-RueFLQ8pDbBUBhHV_fzQGBg%26client%3Dca-pub-4387471810015760%26dbm_c%3DAKAmf-As51GJrgPnlHySml9-rje2hyKcrCqN9ZqWzmQL4Kr7oXqEQM5c4dt8gzLgbTLBzmYQhcx5JsTCFxAPz1yC5-L_iug3py8COmDXxzqt15E1yOAKO8TWPnQ2D4Q4GGu3CXzHBbM8EZIQ5rr5vOVIfECyXCVyIDiwvEMDhww_3royU-ZdFBo%26cry%3D1%26dbm_d%3DAKAmf-ALnn5GPqZO-jYhg7Ez-4QycdCYObT0jI8ID7axBaBJVEwSjPHmPYanm7TtudZzI0plUEIyufywxhqY0XLPdw3mjKm-0sU1n4P9nhjnH1y2euzYeNChTvvl3aiHuJKp5lHrl_e-mx8ce7_dhJOuiq7NNyXJd30RGiLlFiJjXIhgNLUawt0cqWi9fZIZjoEQGBpeevAtzIjJIlEmkD7LO8RdyEB0xsop1hbGKj98D6hROck2U8sh-mT1zG1e50PtVV9wEWmcNtYTaq8EYN3UydWjZNDT1-IkeuigyLax4O_yrVYsxe3wlttJdPPkq3g3PbEehY-svLhg3i-sR1IMWPlr6v-oiEiA5lDmKmFpXarSg4U74g-SBQZD_j7PruKgvACpDwyS5h57fMzy70oPiYK_5fjhWUvnu0RBCmLjdc-rJQ0a7u-c9ppErGbXb0I_LEzmY2UNpsF1J-JAylnNtZ2p49YU_qK2GvBOKDmrWfyJ8bOkE7jXLPGOKUBIVwsWzdH7zka-BiLZVy0R_5qQ_FJBE8BUnXKj_0Q8qf4BAC9JGqjK7A3ZUFFzhPTotfrGLTQ9rhsKhYuJ0h3597H3lg9jvVN2qlEtYJextsfDdPXtZ-MAQAz0RfwxNUTT0IX-hmPGIJOJ%26adurl%3D&documentReferer=https%3A%2F%2Fwww.anrfactory.com%2F&ancestorOrigins=https%3A%2F%2Fwww.anrfactory.com&random=2981343803325&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/jf2y0amzcvu0?subid=&gdpr=&gdpr_consent=&rnd=1698854432204487&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCZMpLIHZCZce9DKiBpfgPxrOKyAum5b2gab2YnKfJD_AuEAEgpP6-GmCVgoCAsAfIAQmpAnq6GyBXt7E-qAMByAObBKoE_QFP0Kn6jrWUSE8TGRy7I5PDGGNwaTPi22aI65BkyHw2kyFL2riNfTLiAtaqhg8g6F4nR84Ad7W3ctq8b8QE-XpvtCBuWpzcjTuq8Kihs7Dlhj_ast5HgkMP5DcvUgFnNCc_-bfz8wcBKp5skH7-gcMvUrLZuuMeJiEx1pfCqJNile2bg1wbuV5BPoGt8jVPIAZChL-Yh_UOpxySrQg-_ccbQKUG480a9KehTRHmAHhplS2Oc_jZnuwsRDNeDfhpWOR1wYEnnGFqZVA81OV8xo9miSHCMEMp7BD6jViF6Px708HovNDpdBDQ18S8D2WhwOAS04EwRAZMZ-WAlJ6fwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREWwE_q8sBXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSSwDICaaN0X34t5UsQQuYWY39n8MycRGeM46d6rgQpZ_z1w-jcKOiwnTd2Bu_mUNhMsZLPO14FVWdxL5hv4PYEFKSUQopbg4eAeHUXBgB%26sig%3DAOD64_3b46-RueFLQ8pDbBUBhHV_fzQGBg%26client%3Dca-pub-4387471810015760%26dbm_c%3DAKAmf-As51GJrgPnlHySml9-rje2hyKcrCqN9ZqWzmQL4Kr7oXqEQM5c4dt8gzLgbTLBzmYQhcx5JsTCFxAPz1yC5-L_iug3py8COmDXxzqt15E1yOAKO8TWPnQ2D4Q4GGu3CXzHBbM8EZIQ5rr5vOVIfECyXCVyIDiwvEMDhww_3royU-ZdFBo%26cry%3D1%26dbm_d%3DAKAmf-ALnn5GPqZO-jYhg7Ez-4QycdCYObT0jI8ID7axBaBJVEwSjPHmPYanm7TtudZzI0plUEIyufywxhqY0XLPdw3mjKm-0sU1n4P9nhjnH1y2euzYeNChTvvl3aiHuJKp5lHrl_e-mx8ce7_dhJOuiq7NNyXJd30RGiLlFiJjXIhgNLUawt0cqWi9fZIZjoEQGBpeevAtzIjJIlEmkD7LO8RdyEB0xsop1hbGKj98D6hROck2U8sh-mT1zG1e50PtVV9wEWmcNtYTaq8EYN3UydWjZNDT1-IkeuigyLax4O_yrVYsxe3wlttJdPPkq3g3PbEehY-svLhg3i-sR1IMWPlr6v-oiEiA5lDmKmFpXarSg4U74g-SBQZD_j7PruKgvACpDwyS5h57fMzy70oPiYK_5fjhWUvnu0RBCmLjdc-rJQ0a7u-c9ppErGbXb0I_LEzmY2UNpsF1J-JAylnNtZ2p49YU_qK2GvBOKDmrWfyJ8bOkE7jXLPGOKUBIVwsWzdH7zka-BiLZVy0R_5qQ_FJBE8BUnXKj_0Q8qf4BAC9JGqjK7A3ZUFFzhPTotfrGLTQ9rhsKhYuJ0h3597H3lg9jvVN2qlEtYJextsfDdPXtZ-MAQAz0RfwxNUTT0IX-hmPGIJOJ%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 8d37e2e33166da9ee74227de89d9e5ade207fa94a5b36dfc95bd54120097599d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Nov 2023 16:00:33 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 71837000128024004444978012495008
Connection: close
Content-Length: 1101
Expires: Wed, 01 Nov 2023 16:00:33 +0100

GET
H3 200 KtAbZGk4YSFPe8sm4rTLIGwqP9qmdNmoJQ7Qir-Zr9M.js Show response
pagead2.googlesyndication.com/bg/ Frame C6C2 39 KB
15 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/KtAbZGk4YSFPe8sm4rTLIGwqP9qmdNmoJQ7Qir-Zr9M.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5948233133&adk=1083092672&adf=245134348&pi=t.ma~as.5948233133&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=476&idt=449&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600%2C1200x280&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4478&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=kY34AZIFex&p=https%3A//www.anrfactory.com&dtd=452

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ad01b64693861214f7bcb26e2b4cb206c2a3fdaa674d9a8250ed08abf99afd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 07:11:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31729
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15118
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 31 Oct 2024 07:11:44 GMT

GET
H/1.1 200
OK e99aace94e6e5873881d3400993e1e7e Show response
pv.medialead.de/trck/epv/ Frame 5719 0
616 B 200ms
78ms Document
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=72152000125532904444978012495006&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=e8cb66458a&subid=&uid=192b826e103c77d4&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCm7XSIHZCZfHxDL6wpfgP7_GX0Aym5b2gab2YnKfJD_AuEAEgpP6-GmCVgoCAsAfIAQmpAlMqZWSOsrE-qAMByAObBKoE_QFP0Kchyh3MNNUU3zLzZrfGi39sHX53X_mn_vLKqadx_XeEWKTU3LBNda5P8JPg0CNxGLL9ORuMM1AT3VOnhAcX78_GY0CIcCgR9GHlUY0kKdj4uCNbGVy_-ZEomIb658n7aBgU_QS4s2q265bxKYhQNL0gS66N71Ma3G6mbLcUU7Qwp1e0MpBCagzNrauHjzZRL8ez44W26-ofLwTl8x_Z9ooPpeTWuNZ5nl3VX1ZDR2yBmnboOPygnFSuP77J3r7txz-bgZHHtjVCJG3ZO8maFL1QZ6I93Tq8ZNaHwdH22viIfrw5ALI6GMZ84ioQ6itTHsNcArhJjkOBFcjtwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREWwE_q8sBXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26num%3D1%26cid%3DCAQSSwDICaaNzDfXT3s0nGjLYLkooqPALpRIU1aXUqyyi0lTzMw3Zo9HlK1lSa4PC0LZV0FBLQInanOsyR090p2TWegj6G7IVKzl-yp2_xgB%26sig%3DAOD64_3SXnBwJ36blFn8-a55E8PRNaqDRw%26client%3Dca-pub-4387471810015760%26dbm_c%3DAKAmf-Czmzf97c-AxpV9JJUD6AFwpYYcSsPeLaR4bRtcBJUD85V3AWQXtdQdDpDyAaqtR1-lHZ-FJLISARwqUNb2TgdinAFOSNHM0470VBHTolZUhsvQMB-_bQVAmSQaoktPFgiBsJU5OilLpb--EU8sA9dgRoEGSLH7gYrJlcD6kp7K4KYLYvPpA3BYacc6T3ZwH1_06Jm-TMy90O5ZfJD8-4yTuLUo0A%26cry%3D1%26dbm_d%3DAKAmf-D2LsA7j9-tXGSOVV7zYz2-264LPbVESp532q5YL_AQSrysc6a7KYkLbEDGuG6fSlm9bp2zPt-1BwYgYPFkbV6Xe_HF1NeRkb2ZiC1x_lhiWY35O969RK5nqOt29SzD3RJ9YDRCf7XjoOwD1IIdXcStZcySwiHGSQXtFEmzgEIdpehHdlDSfy4ilwRCJh0wQDVMlvmAgpIzc4Br-FSxcCUAZqFXRyPM8xfQkuWrJ_UA4SDfdJGtAD0bDKfMN0hU6AB7bQyNd4_UTeJUqWAuX1j4A6dVNdqfLp9mJ0QJdjgSmkLlfG_UnlAdw0x9LtdUyB4sCtRypoXPuW7AXAOJwr-nuT_dFpc_R7ZrzNg0ikbdVqiGzb3Uz3jYiGuWzV5ZukMWVmuW5m6VU3S2fJu86rt2tR4gLXuvGmQs96LQKpuLcQonIEmva7N0TRvNfC7hWyPXC3JrI2cqE-is4Gdc8fzOM9y3O3mfXbQ_QttOMXqOllgfIa8Y_8N8YxsZTpJJUbQXO2gwJsdEQViG9XZqQ8xhCRVEfLrB-dxA52fF8DqnBBPRRbHBixMba-uo5vfIBmY7SUP2cOfzYqNw0uNs94bBsI3jyopsfU7lr_fvN7iq-CT510c2iHesVP6JXgssvXgF1D7K_qRTGrM4uDggZxnX31ewDt07xJeuhavU_O2G7XRJ6_OFCGuTg36yq4iU0I_nmrvk%26adurl%3D&documentReferer=https%3A%2F%2Fwww.anrfactory.com%2F&ancestorOrigins=https%3A%2F%2Fwww.anrfactory.com&random=8258945105255&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
attribution-reporting-register-source: {"SourceEventId":"17200521800104416","Destination":"https://trck.easy-m.de","Expiry":5184000,"FilterData":{}}
content-length: 0
content-type: application/javascript; charset=utf-8
date: Wed, 01 Nov 2023 16:00:33 GMT
host: pv.medialead.de
proxy-host: pv.medialead.de
server: nginx
strict-transport-security: max-age=15768000
vary: Origin
x-iplb-instance: 40027
x-iplb-request-id: 50FF0767:E4B4_91EFC182:01BB_65427621_6E8B08C:1193C

GET
H2

200

htlp Show response
futalis.de/ Frame 8675
Redirect Chain

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=72152000125532904444978012495006&ra_cnt_active=1&ra_cnt=1
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3257521144

350 B
401 B

156ms
45ms

Document
text/html

167.233.14.134
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3257521144
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=e8cb66458a&subid=&uid=192b826e103c77d4&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCm7XSIHZCZfHxDL6wpfgP7_GX0Aym5b2gab2YnKfJD_AuEAEgpP6-GmCVgoCAsAfIAQmpAlMqZWSOsrE-qAMByAObBKoE_QFP0Kchyh3MNNUU3zLzZrfGi39sHX53X_mn_vLKqadx_XeEWKTU3LBNda5P8JPg0CNxGLL9ORuMM1AT3VOnhAcX78_GY0CIcCgR9GHlUY0kKdj4uCNbGVy_-ZEomIb658n7aBgU_QS4s2q265bxKYhQNL0gS66N71Ma3G6mbLcUU7Qwp1e0MpBCagzNrauHjzZRL8ez44W26-ofLwTl8x_Z9ooPpeTWuNZ5nl3VX1ZDR2yBmnboOPygnFSuP77J3r7txz-bgZHHtjVCJG3ZO8maFL1QZ6I93Tq8ZNaHwdH22viIfrw5ALI6GMZ84ioQ6itTHsNcArhJjkOBFcjtwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREWwE_q8sBXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26num%3D1%26cid%3DCAQSSwDICaaNzDfXT3s0nGjLYLkooqPALpRIU1aXUqyyi0lTzMw3Zo9HlK1lSa4PC0LZV0FBLQInanOsyR090p2TWegj6G7IVKzl-yp2_xgB%26sig%3DAOD64_3SXnBwJ36blFn8-a55E8PRNaqDRw%26client%3Dca-pub-4387471810015760%26dbm_c%3DAKAmf-Czmzf97c-AxpV9JJUD6AFwpYYcSsPeLaR4bRtcBJUD85V3AWQXtdQdDpDyAaqtR1-lHZ-FJLISARwqUNb2TgdinAFOSNHM0470VBHTolZUhsvQMB-_bQVAmSQaoktPFgiBsJU5OilLpb--EU8sA9dgRoEGSLH7gYrJlcD6kp7K4KYLYvPpA3BYacc6T3ZwH1_06Jm-TMy90O5ZfJD8-4yTuLUo0A%26cry%3D1%26dbm_d%3DAKAmf-D2LsA7j9-tXGSOVV7zYz2-264LPbVESp532q5YL_AQSrysc6a7KYkLbEDGuG6fSlm9bp2zPt-1BwYgYPFkbV6Xe_HF1NeRkb2ZiC1x_lhiWY35O969RK5nqOt29SzD3RJ9YDRCf7XjoOwD1IIdXcStZcySwiHGSQXtFEmzgEIdpehHdlDSfy4ilwRCJh0wQDVMlvmAgpIzc4Br-FSxcCUAZqFXRyPM8xfQkuWrJ_UA4SDfdJGtAD0bDKfMN0hU6AB7bQyNd4_UTeJUqWAuX1j4A6dVNdqfLp9mJ0QJdjgSmkLlfG_UnlAdw0x9LtdUyB4sCtRypoXPuW7AXAOJwr-nuT_dFpc_R7ZrzNg0ikbdVqiGzb3Uz3jYiGuWzV5ZukMWVmuW5m6VU3S2fJu86rt2tR4gLXuvGmQs96LQKpuLcQonIEmva7N0TRvNfC7hWyPXC3JrI2cqE-is4Gdc8fzOM9y3O3mfXbQ_QttOMXqOllgfIa8Y_8N8YxsZTpJJUbQXO2gwJsdEQViG9XZqQ8xhCRVEfLrB-dxA52fF8DqnBBPRRbHBixMba-uo5vfIBmY7SUP2cOfzYqNw0uNs94bBsI3jyopsfU7lr_fvN7iq-CT510c2iHesVP6JXgssvXgF1D7K_qRTGrM4uDggZxnX31ewDt07xJeuhavU_O2G7XRJ6_OFCGuTg36yq4iU0I_nmrvk%26adurl%3D&documentReferer=https%3A%2F%2Fwww.anrfactory.com%2F&ancestorOrigins=https%3A%2F%2Fwww.anrfactory.com&random=8258945105255&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 167.233.14.134 Hallbergmoos, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: lb-2.futalis.de
Software: /
Resource Hash: 582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 350
content-type: text/html; charset=utf-8

Redirect headers

content-length: 0
content-type: text/html; charset=utf-8
date: Wed, 01 Nov 2023 16:00:33 GMT
location: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3257521144
p3p: policyref="https://www.retailads.net/w3c/p3p.xml",CP="NOI CUR OUR STP"
server: Apache
xphp81: true

GET
H2 200 / Show response
adv.office-partner.de/ Frame F506 930 B
923 B 167ms
38ms Document
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=e8cb66458a&subid=&uid=192b826e103c77d4&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCm7XSIHZCZfHxDL6wpfgP7_GX0Aym5b2gab2YnKfJD_AuEAEgpP6-GmCVgoCAsAfIAQmpAlMqZWSOsrE-qAMByAObBKoE_QFP0Kchyh3MNNUU3zLzZrfGi39sHX53X_mn_vLKqadx_XeEWKTU3LBNda5P8JPg0CNxGLL9ORuMM1AT3VOnhAcX78_GY0CIcCgR9GHlUY0kKdj4uCNbGVy_-ZEomIb658n7aBgU_QS4s2q265bxKYhQNL0gS66N71Ma3G6mbLcUU7Qwp1e0MpBCagzNrauHjzZRL8ez44W26-ofLwTl8x_Z9ooPpeTWuNZ5nl3VX1ZDR2yBmnboOPygnFSuP77J3r7txz-bgZHHtjVCJG3ZO8maFL1QZ6I93Tq8ZNaHwdH22viIfrw5ALI6GMZ84ioQ6itTHsNcArhJjkOBFcjtwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREWwE_q8sBXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26num%3D1%26cid%3DCAQSSwDICaaNzDfXT3s0nGjLYLkooqPALpRIU1aXUqyyi0lTzMw3Zo9HlK1lSa4PC0LZV0FBLQInanOsyR090p2TWegj6G7IVKzl-yp2_xgB%26sig%3DAOD64_3SXnBwJ36blFn8-a55E8PRNaqDRw%26client%3Dca-pub-4387471810015760%26dbm_c%3DAKAmf-Czmzf97c-AxpV9JJUD6AFwpYYcSsPeLaR4bRtcBJUD85V3AWQXtdQdDpDyAaqtR1-lHZ-FJLISARwqUNb2TgdinAFOSNHM0470VBHTolZUhsvQMB-_bQVAmSQaoktPFgiBsJU5OilLpb--EU8sA9dgRoEGSLH7gYrJlcD6kp7K4KYLYvPpA3BYacc6T3ZwH1_06Jm-TMy90O5ZfJD8-4yTuLUo0A%26cry%3D1%26dbm_d%3DAKAmf-D2LsA7j9-tXGSOVV7zYz2-264LPbVESp532q5YL_AQSrysc6a7KYkLbEDGuG6fSlm9bp2zPt-1BwYgYPFkbV6Xe_HF1NeRkb2ZiC1x_lhiWY35O969RK5nqOt29SzD3RJ9YDRCf7XjoOwD1IIdXcStZcySwiHGSQXtFEmzgEIdpehHdlDSfy4ilwRCJh0wQDVMlvmAgpIzc4Br-FSxcCUAZqFXRyPM8xfQkuWrJ_UA4SDfdJGtAD0bDKfMN0hU6AB7bQyNd4_UTeJUqWAuX1j4A6dVNdqfLp9mJ0QJdjgSmkLlfG_UnlAdw0x9LtdUyB4sCtRypoXPuW7AXAOJwr-nuT_dFpc_R7ZrzNg0ikbdVqiGzb3Uz3jYiGuWzV5ZukMWVmuW5m6VU3S2fJu86rt2tR4gLXuvGmQs96LQKpuLcQonIEmva7N0TRvNfC7hWyPXC3JrI2cqE-is4Gdc8fzOM9y3O3mfXbQ_QttOMXqOllgfIa8Y_8N8YxsZTpJJUbQXO2gwJsdEQViG9XZqQ8xhCRVEfLrB-dxA52fF8DqnBBPRRbHBixMba-uo5vfIBmY7SUP2cOfzYqNw0uNs94bBsI3jyopsfU7lr_fvN7iq-CT510c2iHesVP6JXgssvXgF1D7K_qRTGrM4uDggZxnX31ewDt07xJeuhavU_O2G7XRJ6_OFCGuTg36yq4iU0I_nmrvk%26adurl%3D&documentReferer=https%3A%2F%2Fwww.anrfactory.com%2F&ancestorOrigins=https%3A%2F%2Fwww.anrfactory.com&random=8258945105255&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Wed, 01 Nov 2023 16:00:33 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Wed, 08 Nov 2023 16:00:33 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2 200 link.html Show response
track.webgains.com/ Frame 0470 2 KB
2 KB 227ms
90ms Script
text/html 18.169.160.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=72152000125532904444978012495006&nw=1
Requested by: Host: www.anrfactory.com
URL: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.169.160.74 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-169-160-74.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 2e59df97742e952ca0d154ec23dac940a147e51b781ea3399889476ed5ed9f06

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:33 GMT
last-modified: Wed, 01 Nov 2023 16:00:33 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Wed, 01 Nov 2023 16:01:33 GMT

GET
H2

200

activityi;dc_pre=CNOps_iVo4IDFdcPogMdm4cFVA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=495795281392.5925 Show response
5994599.fls.doubleclick.net/ Frame 889A
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=495795281392.5925?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CNOps_iVo4IDFdcPogMdm4cFVA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=495795281392.5925?

391 B
325 B

85ms
83ms

Document
text/html

142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CNOps_iVo4IDFdcPogMdm4cFVA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=495795281392.5925?

Requested by

Host: www.anrfactory.com
URL: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

cafe /

Resource Hash

852f01d7117455a68b033aabf111248d8c52005be1b62c498cf1594a7f9ebcb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 216
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Nov 2023 16:00:33 GMT
expires: Wed, 01 Nov 2023 16:00:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Nov 2023 16:00:33 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CNOps_iVo4IDFdcPogMdm4cFVA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=495795281392.5925?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal90006.redintelligence.net/ Frame C70F 7 KB
2 KB 135ms
40ms Document
text/html 138.201.63.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90006.redintelligence.net/request_content.php?s=72152000125532904444978012495006&a=98c0710c
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=e8cb66458a&subid=&uid=192b826e103c77d4&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCm7XSIHZCZfHxDL6wpfgP7_GX0Aym5b2gab2YnKfJD_AuEAEgpP6-GmCVgoCAsAfIAQmpAlMqZWSOsrE-qAMByAObBKoE_QFP0Kchyh3MNNUU3zLzZrfGi39sHX53X_mn_vLKqadx_XeEWKTU3LBNda5P8JPg0CNxGLL9ORuMM1AT3VOnhAcX78_GY0CIcCgR9GHlUY0kKdj4uCNbGVy_-ZEomIb658n7aBgU_QS4s2q265bxKYhQNL0gS66N71Ma3G6mbLcUU7Qwp1e0MpBCagzNrauHjzZRL8ez44W26-ofLwTl8x_Z9ooPpeTWuNZ5nl3VX1ZDR2yBmnboOPygnFSuP77J3r7txz-bgZHHtjVCJG3ZO8maFL1QZ6I93Tq8ZNaHwdH22viIfrw5ALI6GMZ84ioQ6itTHsNcArhJjkOBFcjtwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREWwE_q8sBXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26num%3D1%26cid%3DCAQSSwDICaaNzDfXT3s0nGjLYLkooqPALpRIU1aXUqyyi0lTzMw3Zo9HlK1lSa4PC0LZV0FBLQInanOsyR090p2TWegj6G7IVKzl-yp2_xgB%26sig%3DAOD64_3SXnBwJ36blFn8-a55E8PRNaqDRw%26client%3Dca-pub-4387471810015760%26dbm_c%3DAKAmf-Czmzf97c-AxpV9JJUD6AFwpYYcSsPeLaR4bRtcBJUD85V3AWQXtdQdDpDyAaqtR1-lHZ-FJLISARwqUNb2TgdinAFOSNHM0470VBHTolZUhsvQMB-_bQVAmSQaoktPFgiBsJU5OilLpb--EU8sA9dgRoEGSLH7gYrJlcD6kp7K4KYLYvPpA3BYacc6T3ZwH1_06Jm-TMy90O5ZfJD8-4yTuLUo0A%26cry%3D1%26dbm_d%3DAKAmf-D2LsA7j9-tXGSOVV7zYz2-264LPbVESp532q5YL_AQSrysc6a7KYkLbEDGuG6fSlm9bp2zPt-1BwYgYPFkbV6Xe_HF1NeRkb2ZiC1x_lhiWY35O969RK5nqOt29SzD3RJ9YDRCf7XjoOwD1IIdXcStZcySwiHGSQXtFEmzgEIdpehHdlDSfy4ilwRCJh0wQDVMlvmAgpIzc4Br-FSxcCUAZqFXRyPM8xfQkuWrJ_UA4SDfdJGtAD0bDKfMN0hU6AB7bQyNd4_UTeJUqWAuX1j4A6dVNdqfLp9mJ0QJdjgSmkLlfG_UnlAdw0x9LtdUyB4sCtRypoXPuW7AXAOJwr-nuT_dFpc_R7ZrzNg0ikbdVqiGzb3Uz3jYiGuWzV5ZukMWVmuW5m6VU3S2fJu86rt2tR4gLXuvGmQs96LQKpuLcQonIEmva7N0TRvNfC7hWyPXC3JrI2cqE-is4Gdc8fzOM9y3O3mfXbQ_QttOMXqOllgfIa8Y_8N8YxsZTpJJUbQXO2gwJsdEQViG9XZqQ8xhCRVEfLrB-dxA52fF8DqnBBPRRbHBixMba-uo5vfIBmY7SUP2cOfzYqNw0uNs94bBsI3jyopsfU7lr_fvN7iq-CT510c2iHesVP6JXgssvXgF1D7K_qRTGrM4uDggZxnX31ewDt07xJeuhavU_O2G7XRJ6_OFCGuTg36yq4iU0I_nmrvk%26adurl%3D&documentReferer=https%3A%2F%2Fwww.anrfactory.com%2F&ancestorOrigins=https%3A%2F%2Fwww.anrfactory.com&random=8258945105255&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 5c79a4dd005137ae81a02b33f1951de359dd905d046354ea8f6a2ab71bb4ca1b

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2045
Content-Type: text/html; charset=utf-8
Date: Wed, 01 Nov 2023 16:00:33 GMT
Expires: Wed, 01 Nov 2023 16:00:33 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

e99aace94e6e5873881d3400993e1e7e
pv.medialead.de/trck/eview/ Frame 0470
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=72152000125532904444978012495006&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=72152000125532904444978012495006&t=htlp&gdpr=1&consent=1&gdpr_consent=

43 B
632 B

89ms
53ms

Image
image/gif

145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=72152000125532904444978012495006&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:33 GMT
strict-transport-security: max-age=15768000
attribution-reporting-register-source: {"SourceEventId":"17200521800104416","Destination":"https://trck.easy-m.de","Expiry":5184000,"FilterData":{}}
server: nginx
host: pv.medialead.de
x-iplb-request-id: 50FF0767:E4B4_91EFC182:01BB_65427621_6E8B098:1193C
x-iplb-instance: 40027
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
content-length: 43
proxy-host: pv.medialead.de

Redirect headers

location: https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=72152000125532904444978012495006&t=htlp&gdpr=1&consent=1&gdpr_consent=
date: Wed, 01 Nov 2023 16:00:33 GMT
server: nginx
content-length: 154
content-type: text/html

GET
DATA 200
OK truncated
/ Frame 0470 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: efbc6414bebcdc90a0efa0e0e4893da2c33a849f77aabd04d8eed5d2ee58f5fb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/png

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 91ms
77ms Preflight
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 01 Nov 2023 16:00:33 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F2EA 0
20 B 146ms
145ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B2ONpIHZCZZzzM5CFgAeMs5CQCQAAAAA4AeAEAg&bg=!MDOlM3zNAAbo5yKYyOc7ADQBe5WfOM3LKFyKPWZap8tNZn-7_K2Ilqq_J-dmEqEYS3kDApoGYMpYYZt6GxwEhQWzVfIzAgAAAJVSAAAAB2gBB5kC378SstkyKU58tcXePm_dx_nvhaLXzCxulBPH01V2RsuSVUM2HWHvWE3OfpKD_VDaPlVqmTHJJqubDuR4iy81MIvdJ-RpWhqfPjzQfZaxd5iD1NtUTAaTmf_44tUy6zbG9tz6QMP4yibRMbt6c2E_bWY7LxiSvgODfE-QwWZeq2aJsTkoMbY4XBjoBIMMJq0k1yjWowMKm3shHHfa60n3rojueYtauDqYTtolz8ioi-im0PE9QyLUcFzErWJuMbE_bi7EXmjWCrygQs5V5j7SwG0jQ9ew5B3UBcOo7rFV5zKSyUo9M8A4_Jnm83Ax-sNYuf6JXhxeujgE1UPL0Bl2GizEXR7Q5O91EsAtMd5OZKg-arulP8F1YnbOdl4pjQB3IX2D1QZXLONTFJiWANwQXAY5sA4-vDufrwGsjMGp9YOzweVZibXZ97kqmiud43Jk9B8hmdnbyZq3c_ptXehQ9wutpwIFy60_qCu4uVgIF9hkHZgH8Hkv0lm2LkkX7UwwhnPHcI1FAXpMEd0uGATOgoXt3H3jl1UqwS4NlUzsScnUvTRGn7kiQTo21bIs8bG-7u7RPFJ3n23FjfglnWZE8cDtmFrGlsmqIwnPiFg-N1_smsnGlirnmgp-x5ga-pqDaH9sD51Bi-8fvMYhzcAieRmfLyoPRDsEDVTnuePgVQ_RiReGR2x020VwrKW-dz5nIf2h9IRPzqBX5QzAw9QlQGDVriiL7WETZe_aNduMyfO4btuJvo_I9f29SGZ1cpJIOC0JzcGcYT_LmWOenodIeWVR56knh8_SPwBbCx9bWwBUaZadO_mNJLvo0ivJeJfuWnu7lequYSKwTW98AEdML_xl-B8P4K9pJDoAfPipytejE6ezdQKWfK14x3sSBJZ0e2bZ0v-j3LwxOx8UlNnFms0LKEljBgyrUk_ku_i3AwtR4iSD6o4263dbgCU7wsOhdPHIFHz4QTk-Qd_O2L1rog

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 mSNSQAl__hw8z5PwJ1hA32amL2zkBniEArBt9BN1XWc.js Show response
pagead2.googlesyndication.com/bg/ Frame 29D4 38 KB
15 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mSNSQAl__hw8z5PwJ1hA32amL2zkBniEArBt9BN1XWc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

99235240097ffe1c3ccf93f0275840df66a62f6ce406788402b06df413755d67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 15:45:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 917
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15010
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 31 Oct 2024 15:45:16 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame C70F 5 KB
682 B 52ms
49ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request_content.php?s=72152000125532904444978012495006&a=98c0710c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90006.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 01 Nov 2023 16:00:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 01 Nov 2023 14:09:17 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Nov 2023 16:00:33 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame C70F 95 KB
95 KB 130ms
40ms Image
image/png 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=300&height=200&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-1200x627.jpg
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request_content.php?s=72152000125532904444978012495006&a=98c0710c
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 287c1f57d0d3c19c948513208e4360f499a557ee4efcabff663d5b1f9e6c206a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90006.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date: Wed, 01 Nov 2023 16:00:33 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame C70F 69 KB
69 KB 130ms
41ms Image
image/png 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=300&height=200&url=https://cdn.contentspread.net/24i/advertiser/55487/creativesup/1200x627.jpg
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request_content.php?s=72152000125532904444978012495006&a=98c0710c
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 80139b65b87060d953acf85c80abb5bc8367c2b446c10a02b9f348e3dac0b289

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90006.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date: Wed, 01 Nov 2023 16:00:33 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame C70F 81 KB
81 KB 131ms
41ms Image
image/png 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=300&height=200&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request_content.php?s=72152000125532904444978012495006&a=98c0710c
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: cf5b93ef6c6bfb8d171f39795679da1470ac33ceda3015ea2ca6b02bb0a070c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90006.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date: Wed, 01 Nov 2023 16:00:33 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: image/png

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame F506 175 KB
62 KB 58ms
51ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

69471fccec191fbd304f21057cf396fae583de8b13ef5eff56f623bb26acd7dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:33 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63928
x-xss-protection: 0
last-modified: Wed, 01 Nov 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 01 Nov 2023 16:00:33 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 0470 53 KB
19 KB 191ms
55ms Script
application/javascript 18.244.28.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=72152000125532904444978012495006&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.244.28.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-244-28-18.cdg52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 363775b6a36d37e4fe7fd331f1d9e5beba1004dca1336f33317199502910f72e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 06:34:18 GMT
content-encoding: gzip
via: 1.1 e18d0ef7b0c2f6ba6a8588eb87b7dee6.cloudfront.net (CloudFront)
last-modified: Fri, 20 Oct 2023 11:11:17 GMT
server: AmazonS3
x-amz-cf-pop: CDG52-P5
age: 33975
x-amz-server-side-encryption: AES256
etag: W/"0ae4c707fb82279f376a21c2c459fbfd"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: sEHMW2DRR4OP592WgHB9AVBwzhOZj0UJyKqxOA7Q7gDapYXhC7cDxg==

GET
H2 200 1x1.gif
cdn.track.production.webgains.team/7121/ Frame 0470 85 B
435 B 167ms
41ms Image
image/gif 99.86.4.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.gif?Expires=1698854733&Signature=C~5~Cv5lnox-PWoqwpJmesnE5cQlAw4SVSPYp~2D8xplTSLJaBoVm5aHI5DydYiGsVra7NMIm2vrUrmAHtvm2vndiiLuSYH4YLXS5k5FR-nKY3t32OwQ15Q6QR1gETirtpLlJmvi7vrDiCQpFxWL0dDvbmKEbnb9Nh5Q9cSvS8vaIWDdlOzUjdGrxwKIhNf~n3TT0VC60J2X4AfU4RdANUT5aJxBhJhIgdfGQb0IqoU1QztBL4t6q~H~RTe~Xy5z9e02GXmOWgpPS1nfS963cB5er4-~ikVvqpAyrIE-8gM1XNN0NO8CIsgNV8TNU3B8Ydq33ao8C5IVzjp1LbEq1g__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=600&slotname=1378432737&adk=3943645601&adf=1137415096&pi=t.ma~as.1378432737&w=300&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=300x600&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431707&bpp=1&bdt=475&idt=402&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=3407&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=gNB1ZBehBQ&p=https%3A//www.anrfactory.com&dtd=404
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-53.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

x-amz-version-id: null
date: Wed, 01 Nov 2023 08:31:41 GMT
via: 1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 39537
etag: "70af33d70b6810475aae19743c8c435b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 85
x-amz-cf-id: axKHiMgsZ47Hw0ujrr4lAcOe0VO5df6wwDGe-sKuWVL4_PT5NGo0iQ==

GET
H/1.1 200
OK 89f7480c0afa0150827cf163f8728151 Show response
pv.medialead.de/trck/epv/ Frame FC84 0
616 B 116ms
59ms Document
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/89f7480c0afa0150827cf163f8728151?subid=71837000128024004444978012495008&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=266ff7430a&subid=&uid=03242ae658f99056&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCZMpLIHZCZce9DKiBpfgPxrOKyAum5b2gab2YnKfJD_AuEAEgpP6-GmCVgoCAsAfIAQmpAnq6GyBXt7E-qAMByAObBKoE_QFP0Kn6jrWUSE8TGRy7I5PDGGNwaTPi22aI65BkyHw2kyFL2riNfTLiAtaqhg8g6F4nR84Ad7W3ctq8b8QE-XpvtCBuWpzcjTuq8Kihs7Dlhj_ast5HgkMP5DcvUgFnNCc_-bfz8wcBKp5skH7-gcMvUrLZuuMeJiEx1pfCqJNile2bg1wbuV5BPoGt8jVPIAZChL-Yh_UOpxySrQg-_ccbQKUG480a9KehTRHmAHhplS2Oc_jZnuwsRDNeDfhpWOR1wYEnnGFqZVA81OV8xo9miSHCMEMp7BD6jViF6Px708HovNDpdBDQ18S8D2WhwOAS04EwRAZMZ-WAlJ6fwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREWwE_q8sBXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSSwDICaaN0X34t5UsQQuYWY39n8MycRGeM46d6rgQpZ_z1w-jcKOiwnTd2Bu_mUNhMsZLPO14FVWdxL5hv4PYEFKSUQopbg4eAeHUXBgB%26sig%3DAOD64_3b46-RueFLQ8pDbBUBhHV_fzQGBg%26client%3Dca-pub-4387471810015760%26dbm_c%3DAKAmf-As51GJrgPnlHySml9-rje2hyKcrCqN9ZqWzmQL4Kr7oXqEQM5c4dt8gzLgbTLBzmYQhcx5JsTCFxAPz1yC5-L_iug3py8COmDXxzqt15E1yOAKO8TWPnQ2D4Q4GGu3CXzHBbM8EZIQ5rr5vOVIfECyXCVyIDiwvEMDhww_3royU-ZdFBo%26cry%3D1%26dbm_d%3DAKAmf-ALnn5GPqZO-jYhg7Ez-4QycdCYObT0jI8ID7axBaBJVEwSjPHmPYanm7TtudZzI0plUEIyufywxhqY0XLPdw3mjKm-0sU1n4P9nhjnH1y2euzYeNChTvvl3aiHuJKp5lHrl_e-mx8ce7_dhJOuiq7NNyXJd30RGiLlFiJjXIhgNLUawt0cqWi9fZIZjoEQGBpeevAtzIjJIlEmkD7LO8RdyEB0xsop1hbGKj98D6hROck2U8sh-mT1zG1e50PtVV9wEWmcNtYTaq8EYN3UydWjZNDT1-IkeuigyLax4O_yrVYsxe3wlttJdPPkq3g3PbEehY-svLhg3i-sR1IMWPlr6v-oiEiA5lDmKmFpXarSg4U74g-SBQZD_j7PruKgvACpDwyS5h57fMzy70oPiYK_5fjhWUvnu0RBCmLjdc-rJQ0a7u-c9ppErGbXb0I_LEzmY2UNpsF1J-JAylnNtZ2p49YU_qK2GvBOKDmrWfyJ8bOkE7jXLPGOKUBIVwsWzdH7zka-BiLZVy0R_5qQ_FJBE8BUnXKj_0Q8qf4BAC9JGqjK7A3ZUFFzhPTotfrGLTQ9rhsKhYuJ0h3597H3lg9jvVN2qlEtYJextsfDdPXtZ-MAQAz0RfwxNUTT0IX-hmPGIJOJ%26adurl%3D&documentReferer=https%3A%2F%2Fwww.anrfactory.com%2F&ancestorOrigins=https%3A%2F%2Fwww.anrfactory.com&random=2981343803325&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
attribution-reporting-register-source: {"SourceEventId":"25200521800103636","Destination":"https://trck.easy-m.de","Expiry":5184000,"FilterData":{}}
content-length: 0
content-type: application/javascript; charset=utf-8
date: Wed, 01 Nov 2023 16:00:33 GMT
host: pv.medialead.de
proxy-host: pv.medialead.de
server: nginx
strict-transport-security: max-age=15768000
vary: Origin
x-iplb-instance: 40027
x-iplb-request-id: 50FF0767:E4B4_91EFC182:01BB_65427621_6E8B0A0:1193C

GET
H2

200

activityi;dc_pre=CNPqt_iVo4IDFU6mGAodpyAPmA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1418765705396.7317 Show response
5994599.fls.doubleclick.net/ Frame E883
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1418765705396.7317?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CNPqt_iVo4IDFU6mGAodpyAPmA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1418765705396.7317?

392 B
287 B

83ms
82ms

Document
text/html

142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CNPqt_iVo4IDFU6mGAodpyAPmA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1418765705396.7317?

Requested by

Host: www.anrfactory.com
URL: https://www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

cafe /

Resource Hash

75dcff1fa953b0b941f5720a4ec3ad6f7dadba7cf30839e10d57a248cc1a4c85

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 218
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Nov 2023 16:00:33 GMT
expires: Wed, 01 Nov 2023 16:00:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Nov 2023 16:00:33 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CNPqt_iVo4IDFU6mGAodpyAPmA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1418765705396.7317?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal90008.redintelligence.net/ Frame DC57 7 KB
2 KB 120ms
41ms Document
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90008.redintelligence.net/request_content.php?s=71837000128024004444978012495008&a=c9715872
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=266ff7430a&subid=&uid=03242ae658f99056&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCZMpLIHZCZce9DKiBpfgPxrOKyAum5b2gab2YnKfJD_AuEAEgpP6-GmCVgoCAsAfIAQmpAnq6GyBXt7E-qAMByAObBKoE_QFP0Kn6jrWUSE8TGRy7I5PDGGNwaTPi22aI65BkyHw2kyFL2riNfTLiAtaqhg8g6F4nR84Ad7W3ctq8b8QE-XpvtCBuWpzcjTuq8Kihs7Dlhj_ast5HgkMP5DcvUgFnNCc_-bfz8wcBKp5skH7-gcMvUrLZuuMeJiEx1pfCqJNile2bg1wbuV5BPoGt8jVPIAZChL-Yh_UOpxySrQg-_ccbQKUG480a9KehTRHmAHhplS2Oc_jZnuwsRDNeDfhpWOR1wYEnnGFqZVA81OV8xo9miSHCMEMp7BD6jViF6Px708HovNDpdBDQ18S8D2WhwOAS04EwRAZMZ-WAlJ6fwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREWwE_q8sBXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSSwDICaaN0X34t5UsQQuYWY39n8MycRGeM46d6rgQpZ_z1w-jcKOiwnTd2Bu_mUNhMsZLPO14FVWdxL5hv4PYEFKSUQopbg4eAeHUXBgB%26sig%3DAOD64_3b46-RueFLQ8pDbBUBhHV_fzQGBg%26client%3Dca-pub-4387471810015760%26dbm_c%3DAKAmf-As51GJrgPnlHySml9-rje2hyKcrCqN9ZqWzmQL4Kr7oXqEQM5c4dt8gzLgbTLBzmYQhcx5JsTCFxAPz1yC5-L_iug3py8COmDXxzqt15E1yOAKO8TWPnQ2D4Q4GGu3CXzHBbM8EZIQ5rr5vOVIfECyXCVyIDiwvEMDhww_3royU-ZdFBo%26cry%3D1%26dbm_d%3DAKAmf-ALnn5GPqZO-jYhg7Ez-4QycdCYObT0jI8ID7axBaBJVEwSjPHmPYanm7TtudZzI0plUEIyufywxhqY0XLPdw3mjKm-0sU1n4P9nhjnH1y2euzYeNChTvvl3aiHuJKp5lHrl_e-mx8ce7_dhJOuiq7NNyXJd30RGiLlFiJjXIhgNLUawt0cqWi9fZIZjoEQGBpeevAtzIjJIlEmkD7LO8RdyEB0xsop1hbGKj98D6hROck2U8sh-mT1zG1e50PtVV9wEWmcNtYTaq8EYN3UydWjZNDT1-IkeuigyLax4O_yrVYsxe3wlttJdPPkq3g3PbEehY-svLhg3i-sR1IMWPlr6v-oiEiA5lDmKmFpXarSg4U74g-SBQZD_j7PruKgvACpDwyS5h57fMzy70oPiYK_5fjhWUvnu0RBCmLjdc-rJQ0a7u-c9ppErGbXb0I_LEzmY2UNpsF1J-JAylnNtZ2p49YU_qK2GvBOKDmrWfyJ8bOkE7jXLPGOKUBIVwsWzdH7zka-BiLZVy0R_5qQ_FJBE8BUnXKj_0Q8qf4BAC9JGqjK7A3ZUFFzhPTotfrGLTQ9rhsKhYuJ0h3597H3lg9jvVN2qlEtYJextsfDdPXtZ-MAQAz0RfwxNUTT0IX-hmPGIJOJ%26adurl%3D&documentReferer=https%3A%2F%2Fwww.anrfactory.com%2F&ancestorOrigins=https%3A%2F%2Fwww.anrfactory.com&random=2981343803325&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 819c351123ad139baf4ce81b5d36ad3b21056e239fab27a4a1d35148faa1d923

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2000
Content-Type: text/html; charset=utf-8
Date: Wed, 01 Nov 2023 16:00:33 GMT
Expires: Wed, 01 Nov 2023 16:00:33 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame B3E2 43 B
705 B 227ms
102ms Image
image/gif 23.192.250.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=71837000128024004444978012495008&pv=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.192.250.178 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-192-250-178.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Nov 2023 16:00:33 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame B3E2 43 B
702 B 322ms
198ms Image
image/gif 23.192.250.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2874697&v=22610&q=408799&r=296283&pref1=71837000128024004444978012495008&pv=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.192.250.178 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-192-250-178.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Nov 2023 16:00:34 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
DATA 200
OK truncated
/ Frame B3E2 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d55fcacba3bb71417701de76aa6b9b02dd6a9186e6c923361518a04d5c32b96d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK viewability Show response
hal90006.redintelligence.net/ Frame C70F 0
150 B 121ms
41ms Script
text/html 138.201.63.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90006.redintelligence.net/viewability?s=72152000125532904444978012495006&a=a111c357&vb=m
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request_content.php?s=72152000125532904444978012495006&a=98c0710c
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90006.redintelligence.net/request_content.php?s=72152000125532904444978012495006&a=98c0710c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date: Wed, 01 Nov 2023 16:00:33 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame C70F 14 KB
15 KB 44ms
43ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal90006.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 16:23:45 GMT
x-content-type-options: nosniff
age: 517008
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14824
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 25 Oct 2024 16:23:45 GMT

GET
H3 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame C70F 15 KB
15 KB 40ms
39ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal90006.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 09:02:57 GMT
x-content-type-options: nosniff
age: 457056
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14892
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 26 Oct 2024 09:02:57 GMT

GET
H2 200 dc_pre=CNOps_iVo4IDFdcPogMdm4cFVA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=495795281392.5925
adservice.google.com/ddm/fls/z/ Frame 889A 42 B
401 B 173ms
77ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CNOps_iVo4IDFdcPogMdm4cFVA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=495795281392.5925

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CNOps_iVo4IDFdcPogMdm4cFVA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=495795281392.5925?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ts.js Show response
cdn.retailads.net/ Frame 8675 5 KB
5 KB 43ms
43ms Script
application/javascript 2a01:4f8:d0a:2321::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.retailads.net/ts.js
Requested by: Host: futalis.de
URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3257521144
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 2a01:4f8:d0a:2321::2 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: Apache /
Resource Hash: 525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://futalis.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:33 GMT
last-modified: Wed, 05 Apr 2023 20:14:46 GMT
server: Apache
etag: "1416-5f89c717cdc2f"
content-type: application/javascript
xphp81: true
accept-ranges: bytes
content-length: 5142

GET
H3 200 css
fonts.googleapis.com/ Frame DC57 5 KB
682 B 49ms
48ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=71837000128024004444978012495008&a=c9715872

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 01 Nov 2023 16:00:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 01 Nov 2023 15:26:40 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Nov 2023 16:00:33 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame DC57 54 KB
54 KB 122ms
42ms Image
image/png 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=300&height=200&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native2.png
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=71837000128024004444978012495008&a=c9715872
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 29d24202d704812063c4415ac2b70d3e6c463a2b4744a7e458a00c1afa4bec3e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date: Wed, 01 Nov 2023 16:00:34 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 55238
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame DC57 95 KB
95 KB 239ms
159ms Image
image/png 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=300&height=200&url=https://cdn.contentspread.net/24i/advertiser/59171/creativesup/vega-1200x627.jpg
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=71837000128024004444978012495008&a=c9715872
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: ea83546dde060c1e0db2511c21a5e37e3ddb5ddf48add9c62c5bbbd4beabd54f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date: Wed, 01 Nov 2023 16:00:34 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame DC57 55 KB
55 KB 126ms
42ms Image
image/png 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=300&height=200&url=https://cdn.contentspread.net/24i/advertiser/50502/creativesup/Fyrst-1200x627.jpg
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=71837000128024004444978012495008&a=c9715872
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 95197c7cb12fe473ce6f7e72d387077c5dbd7fc49e669fcf26b786e519fa12dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date: Wed, 01 Nov 2023 16:00:34 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 56070
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame F506 273 KB
91 KB 53ms
53ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0529b2376e9c9eb3343183c23d79d66dd0ae0aaae4863948117cd81256db1571

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:00:34 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92631
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 01 Nov 2023 16:00:34 GMT

GET
H2 200 dc_pre=CNPqt_iVo4IDFU6mGAodpyAPmA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1418765705396.7317
adservice.google.com/ddm/fls/z/ Frame E883 42 B
107 B 123ms
78ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CNPqt_iVo4IDFU6mGAodpyAPmA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1418765705396.7317

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CNPqt_iVo4IDFU6mGAodpyAPmA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1418765705396.7317?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal90008.redintelligence.net/ Frame DC57 0
150 B 118ms
40ms Script
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90008.redintelligence.net/viewability?s=71837000128024004444978012495008&a=df21732c&vb=m
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=71837000128024004444978012495008&a=c9715872
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/request_content.php?s=71837000128024004444978012495008&a=c9715872
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date: Wed, 01 Nov 2023 16:00:34 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 29D4 0
20 B 145ms
145ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BH_3XIXZCZdKVBI2i1PIPoLmQSAAAAAA4AeAEAg&bg=!2Nul25TNAAbo5yKYyOc7ADQBe5WfOBoO3kC5UtK4j3ZdRE86amX-M1wY475qVFGTZExrhxCLPg9Tel_eO6CO3kDPvaMDAgAAAONSAAAABWgBB5kC48QDSlz0V7YorPPCVG-5uGljkvQz8fecHUeljr8M2AlOrbNX9r5_4n0Ye1UwMjnfvMPzcssCHKeAzSqawWwcUV4-l4Ln7HtZJDOZC3ris0AVjK3syoeZOxbSenDoj6y9NOePhyptP2zkhi4b5PGElpCTp2zVhpMWfY16yQWAm_SwuoZ9IPTr0qAg3j4b7t05oLLCTWyr7JLLN8ERVEpceUUMSwWQ7gBFeta69mrxL40Z7XnPNvA9TpglADLz8ds6BnTgrSlw9hPi635_5IF4pM5X4B-S_ueRfHxkGY50t952gKw1M_vfqc1sU5j6apQexOZG7rsepiZLPUafshDTpqZ1q61VHGUroa9uMo9LZL0m461H6ubIaTMs_wTgPr__O40csA-hKpcYxEZEjhz2CegGBpUZ0A_5JfpFyk6oSQt3a-fe7xTuzyM0wVkYfVCAXFPxwqDezkz3DAmxvhXmdjQHpZWlWuhhhFxsUypWs3LXUHWjXsV3wh7ak7xSrGChCRWymVDzPFRLHdy5l3_4G4J7SRhIRWWqpzsGykymBZ6-uHnv-yJMx47YFOYZ0faNXn8EjeOexLnxBlsYKbuVtThQ2OO6-mi3SYvIv0Lc7S86jUKucNvrx585qR9V5G96ijtobG7r2sSvMr_JQgCF1FY-Ji6mKAb75qpv0edezwnWTzOG4_Ukld--mOd_uxIkZMsNIqS-cm8OTnI7pd0IyRPfej_GrPb9bWumLKKLmGdP_T_YQy2dg6yYto-GyvPeFfHMYsXDKlTisNRvVRsoSWz80fRD8tG8MjQqJEybjiwWiqBoWpQAvmYLEAj6bTXTSG_fFHdgF7VLjJO0OxA1KtvxWfUoPgTLonV7CxWAMpSyiZd4nu2-WvB5mRB0Bj8TqRKCBNqwjmxMbQc3wVLpSeLxsNppy-qGq7AwTEVfRp6-NylW6_FXDT3L-Z7fCw0bt8Id0QubQ1GLNvDqxpJDdN8f0Xo

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame DC57 14 KB
15 KB 40ms
40ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal90008.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 16:23:45 GMT
x-content-type-options: nosniff
age: 517009
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14824
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 25 Oct 2024 16:23:45 GMT

GET
H3 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame DC57 15 KB
15 KB 42ms
42ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal90008.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 09:02:57 GMT
x-content-type-options: nosniff
age: 457057
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14892
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 26 Oct 2024 09:02:57 GMT

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 0470 16 B
209 B 85ms
82ms Fetch
application/json 13.43.78.194
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.43.78.194 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-43-78-194.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 01 Nov 2023 16:00:34 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 166ms
46ms Preflight 13.43.78.194
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.43.78.194 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-43-78-194.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Wed, 01 Nov 2023 16:00:34 GMT
server: nginx

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0470 0
20 B 141ms
140ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2999439015273&version=m202309260101&ct=77&x=1&cor=1885390549341713400

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B3E2 0
20 B 144ms
143ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8019536481423&version=m202309260101&ct=77&x=1&cor=13365934127360563000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 16:00:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 35B7 0
127 B 47ms
47ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 01 Nov 2023 16:00:40 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

Verdicts & Comments Add Verdict or Comment

69 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

25 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.anrfactory.com/money-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion	1969-12-31 23:59:59	Name: quads_browser_width Value: 1600
.anrfactory.com/	1970-01-21 01:30:14	Name: _ga_VRF5C4B4X2 Value: GS1.1.1698854431.1.0.1698854431.0.0.0
.anrfactory.com/	1970-01-21 01:30:14	Name: _ga Value: GA1.2.1261436241.1698854432
.anrfactory.com/	1970-01-20 15:55:40	Name: _gid Value: GA1.2.1382813408.1698854432
.anrfactory.com/	1970-01-20 15:54:14	Name: _gat Value: 1
.anrfactory.com/	1970-01-21 01:30:14	Name: _ga_XPFYBRQKEM Value: GS1.2.1698854432.1.0.1698854432.0.0.0
.anrfactory.com/	1970-01-20 18:03:50	Name: _fbp Value: fb.1.1698854432362.1121158668
.doubleclick.net/	1970-01-21 01:15:50	Name: IDE Value: AHWqTUnsADtSYjhp0NDL_yVmR4gObXCgmtRHbh_mXiXT-uBXxdgZ7c1w-9wWhqK3
.adnxs.com/	1970-01-20 18:03:50	Name: uuid2 Value: 263523129710970702
.doubleclick.net/	1970-01-20 20:13:26	Name: APC Value: AfxxVi7rqYveiIH46brDTMFQs0oZgDbWPP7CFvN0nerbRa7Bk76wrQ
.casalemedia.com/	1970-01-20 18:03:50	Name: CMPS Value: 1189
.anrfactory.com/	1970-01-21 01:15:50	Name: __gads Value: ID=537f208775af2875:T=1698854432:RT=1698854432:S=ALNI_MY9RBHMqSZ3mpjvJ0b0FwW9EHbVXQ
.anrfactory.com/	1970-01-21 01:15:50	Name: __gpi Value: UID=00000cc62d3e4a67:T=1698854432:RT=1698854432:S=ALNI_MYNuIOkoCXxNHcJX1RRdBnoCJPwPg
.casalemedia.com/	1970-01-21 00:39:50	Name: CMID Value: ZUJ2IJUsnMyIkpVkZ3.pTQAA
.casalemedia.com/	1970-01-20 18:03:50	Name: CMPRO Value: 1189
.adnxs.com/	1970-01-20 18:03:50	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?]etN]7!]tbx8i_iqf!oN/@E'zz<*Z0Qexk@(gYm]_S8kRG7P=>b7O'3j/COKQHeYy+<QG=%9sk@3@'s>T==Y0+
.redintelligence.net/	1970-01-20 18:03:50	Name: 8lcfmzhxc8d6_uid Value: b19d5aa40bd7059c
.doubleclick.net/	1970-01-20 16:37:26	Name: ar_debug Value: 1
.googleadservices.com/	1970-01-20 18:03:50	Name: ar_debug Value: 1
.retailads.net/	1970-01-20 16:37:26	Name: ppb2172 Value: 3257521144
.office-partner.de/	1970-01-21 01:30:14	Name: source Value: {"webgains_webgains":{"timestamp":1698854433999,"clickCookie":false}}
.futalis.de/	1970-01-20 17:20:38	Name: raSIDb Value: 3257521144
.awin1.com/	1970-01-20 16:04:19	Name: awpv11601 Value: 113440\|1698854433\|ca1f8211-78cf-11ee-819e-22341370d01f
.awin1.com/	1970-01-20 15:57:07	Name: awpv22610 Value: 296283\|1698854434\|ca2b41e0-78cf-11ee-819e-22341370d01f
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 408799:2874697

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4387471810015760&output=html&h=280&slotname=5948233133&adk=1087588583&adf=3152050774&pi=t.ma~as.5948233133&w=1200&fwrn=4&fwrnh=100&lmt=1698850831&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.anrfactory.com%2Fmoney-coming-fast-otb-lucciii-is-all-about-that-cash-action-on-fashion%2F&host=ca-host-pub-2644536267352236&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698854431708&bpp=1&bdt=477&idt=455&shv=r20231030&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280%2C300x600%2C300x600%2C1200x280%2C1200x280&nras=1&correlator=2120551059623&frm=20&pv=1&ga_vid=1261436241.1698854432&ga_sid=1698854432&ga_hid=610081838&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=4758&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44805933%2C44807047%2C44807335%2C31078301%2C44806140&oid=2&pvsid=400695946823382&tmod=980502745&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=shBEHE1AvQ&p=https%3A//www.anrfactory.com&dtd=457 Message: Origin trial controlled feature not enabled: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5994599.fls.doubleclick.net
ad.doubleclick.net
ads.eu.criteo.com
adservice.google.com
adv.office-partner.de
analytics.webgains.io
api.webgains.io
cat.nl3.eu.criteo.com
cdn.retailads.net
cdn.track.production.webgains.team
cm.g.doubleclick.net
connect.facebook.net
csm.eu.criteo.net
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
futalis.de
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal90006.redintelligence.net
hal90008.redintelligence.net
i.ytimg.com
ib.adnxs.com
imageproxy.eu.criteo.net
medialead.de
pagead2.googlesyndication.com
partner.googleadservices.com
pv.medialead.de
region1.google-analytics.com
rtb.fr3.eu.criteo.com
static.criteo.net
stats.g.doubleclick.net
tpc.googlesyndication.com
track.webgains.com
www.anrfactory.com
www.awin1.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
104.18.36.155
13.43.78.194
138.201.63.145
138.201.63.150
138.201.63.164
142.250.185.102
142.250.185.98
142.250.186.38
145.239.193.130
167.233.14.134
172.217.16.194
178.250.1.6
18.169.160.74
18.244.28.18
2001:4860:4802:32::36
23.192.250.178
2606:4700:3034::6815:5e97
2a00:1450:4001:800::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:810::2008
2a00:1450:4001:810::200a
2a00:1450:4001:811::200e
2a00:1450:4001:813::2004
2a00:1450:4001:827::2003
2a00:1450:4001:829::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2016
2a00:1450:4001:830::2001
2a00:1450:4001:831::2002
2a00:1450:400c:c0d::9d
2a01:4f8:d0a:2321::2
2a02:2638:3::10
2a02:2638:3::12
2a02:2638:3::1a
2a02:2638:3::3
2a02:2638:d::c
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
2a0b:4d07:101::1
37.252.172.123
94.23.99.218
99.86.4.53
007281271696553daf7262c201bcb7b7660522f6d807b0cc0f21773b5c2b0102
04001bea5067188e2671ec5fec0a0b09e4676ad0b6468c8f2b0a58e6cb961dda
0529b2376e9c9eb3343183c23d79d66dd0ae0aaae4863948117cd81256db1571
08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185
08979ac5dc183c913f0f274b03a248982b04fea0aac48c10ae1bd0b717f42641
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0a7a621da9195e29eae2be125bb7594e185410f42070c48a3f9647c53e54597a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bcec1ef0c337c013472a4cbe75f21e16ed2bce416a316a320689c3ad464d79e
1060091178cbd6c843b802f516f230f1a3a1e85f1afbd6ef84d80e5430ba457e
137c484333cbb6737ddf81c14d798e561888cd0e3c4f4f13ca3b036c0575fe1a
14a1706631b17af4a58a99ae3a667ef40d11ca820589e19733a7fd8129a09a99
1b79dc40a99bd742ec54a743bb72ed308c98df1b7770f02416e9ec70476d92b8
20e078de8e39362dca5647c5a09f3dc81a6954e9b1e507ba2d94b17d6622b839
24c762688f41d723c084bce3727504eb4b8a9f409522a404c9dd736a20502966
24ff3ec517497fba0e6fb5a3bdafc3903f98b340c9261ebec7242e21902bfdc1
287c1f57d0d3c19c948513208e4360f499a557ee4efcabff663d5b1f9e6c206a
29d24202d704812063c4415ac2b70d3e6c463a2b4744a7e458a00c1afa4bec3e
29f07e96fd9428cb445451844aa187f980cbab7e2f8fa0386e783afa31dc2ed3
2a232d1149cb727811e8cf4e034ca26293ccc4f47c0f9deddef85781982047be
2ad01b64693861214f7bcb26e2b4cb206c2a3fdaa674d9a8250ed08abf99afd3
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2d64be1c054043799fe1548360496d3304e0039a2128af8e311499181fbc82fe
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e59df97742e952ca0d154ec23dac940a147e51b781ea3399889476ed5ed9f06
2fe0e66d412e48fdb0d858cbd7f98b855316a073a6df047ef0ea96e2838c0e51
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3240bda49d4ea8356a9098eae93879caec34cbf27fceb0d8f27d6d6682631cd4
363775b6a36d37e4fe7fd331f1d9e5beba1004dca1336f33317199502910f72e
36691897013c909c7da9dd182b7d2dcab49dcee3f1411b289542139f19be0f3e
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
38f8ac0374c2bb1477727fda495437bb1093ebc4ea905138540bbaa35f5dbf6f
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
46d491aecda27fc374a80cd9cabbfc23b413119c7c28e0c01e4be6bcbfcc3ab3
473e48c21306bbaee9b2d327fc13d23346840d26b70dd3717830636faca631d7
48d1e4a6ffb6d64c4e997c3e3f416f01ba69e897fd6e6db92bce6b9ad0af701c
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e892a8e337308998ba3261142b4dbf0a97a8cd024af6ee68718a98574a00e3d
503ce79251aa08d05c1046dcef24940a77c692918f8afdc0886b01fb03d5a451
509c67ba68a21510fe8525c7d402a7ab8a0292fd99a5915469a2cbfbaff1fe92
50f3d3eb273eb83715d94e29b54ff26248b790b580eb2bee9c46836600fad5f7
525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
53bdd242ebf4e0a72f3a68d270e1e753c839b827176c28b77085c77f39c97be3
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
554ac939d96c74fc9a44e342f01d8e53640f43b6edddcbbabb3cc07dc94af5ab
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd
5859de66be1fc989c59aae1663ae698c1eb4ceb2793d0452a8c93603ecc725f6
59026c364c3f4359520e2b1012849b86806d4924ac91fab52f41ff42323ed6cc
5aa4af0852579c003605e6527d898cc5e6a414aa9258fd937704f267e8530fdd
5ba431addebca895832667d33e2ad51e4da1a1f2fbab72116d716c08077695a6
5c79a4dd005137ae81a02b33f1951de359dd905d046354ea8f6a2ab71bb4ca1b
5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164
5d55ce9c3ac7a5f37a38813a2deed310abde9e63d0d36912e2e5e59751ca66c7
5f4ef8ff0178cb33778e410ed185b86d8c9d737caa30d192ce9c4f6cd1cae033
5fe46d2da01452067736578431f6c6e8116a24e616f58c72d9d81fdb2c7c9569
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6228ca9e6798424cc37849c7080cdc1d38c4da419a3078d4d4fc2cbb95e8a06f
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
69471fccec191fbd304f21057cf396fae583de8b13ef5eff56f623bb26acd7dc
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc
6e86a52a9858206302e32036d89907e3ac87762055e7f9c6364aec33221b3e41
6f0581de9dd8e3d8da5f4557fd631f12174a0ade3efb5493eeb43f43ee582e36
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
75dcff1fa953b0b941f5720a4ec3ad6f7dadba7cf30839e10d57a248cc1a4c85
7954fe9614832a5c8356adb849ba452f10b14a1a7b84daa41aaca52207b04a84
7afc43d9e79ff7feef8d318c788deaa8207168e4fd3674df9539efbdfc6925ef
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
80139b65b87060d953acf85c80abb5bc8367c2b446c10a02b9f348e3dac0b289
819c351123ad139baf4ce81b5d36ad3b21056e239fab27a4a1d35148faa1d923
852f01d7117455a68b033aabf111248d8c52005be1b62c498cf1594a7f9ebcb4
880716a61b8dc1d71256ba9d615d8ae2830984de2e66490da8a6a6a80cc5b630
8860ec750c479b647736b81b517acecf144f555e116aec543e92a9cbd7cc829b
8a9393df80d2dc4dc9b2d37f2e5bc1e3ec5f8b8eb082ed9a4de4da78eb05078f
8bd769874d6885f429856986f9043c4f1b8c8ad28b12129b6111a45129d01020
8d37e2e33166da9ee74227de89d9e5ade207fa94a5b36dfc95bd54120097599d
8e9c02b594d19a0a51b0eabca6ecbf03cb1d13af38e82e9c59e5fe461f0fad74
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
95197c7cb12fe473ce6f7e72d387077c5dbd7fc49e669fcf26b786e519fa12dc
99235240097ffe1c3ccf93f0275840df66a62f6ce406788402b06df413755d67
9f17206c06c3f260ff0a492af2db6b94597a4912e269039691e403402f96b256
9f46649ea544819982ea288c6f386dd67d46da0f453f95da542196372b79731e
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a27a6d8d8f9cdb3f0d89ddd6d3c5f9f0db067f62976985d820e529201a061804
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a88ba0b09a4416c080044dc095eabf66ca59e4d12a1d6201457b693687be85d3
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
ad1270333ea16969313802add43789e0558cd75e2bf91e768bcf3937f091a001
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a
b7554cdbb96fd76ab5e8c40547dd05f31d0f20a6c13d396b2a78fcc69d1d95ec
b9ba316e4faa418f84265c635f0c21cacdd5fd16bcd860f46a0f36f074338e1e
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
bb9e7dc822c6b7b95a6329932885c72ff2caf74b243fc1c40aca0e858123b83e
bbfc300888e55acc1c58b8058fc0aa11154e266f3b102b648bb860a200ef3d13
bc56a65868e7aafcd6eb4dcccf9be4a911ff85dc0136cc7bc5dd5db21b202544
bebd2370c21138168750a107504b2ce895f62aa2e80565a964ac3f0d1eef6429
bfcc2143b6f0635117b7354d9c0965778cd10168c10ca661d0ce42af30820951
c3f1e4144c0fc9a0638f42d5d6c9875ae6768680a7f2ffa5ef449ccdf25fe436
c54afa62a5e52b41d094941b5d467ebe04bd7262fec127940f1bb23931b5aa2a
c600b78c3ff5fc9e49a5732e28f9368aac48eb1f17cac2a2857c91ac938f6f09
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
cc1c81fe11d1bd086d5a8708d4aa0c22c4f7679e06de4e5ae97be8cfac8bef0a
cc60db883ccba2637578982f02724176b1d5e4fd0b280351b8e747a1bf4a5471
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cddb42bd69440699ae8fe758dac4d5f52911fa67b2a7a637d5d1bcfa2d88b0d3
cf5b93ef6c6bfb8d171f39795679da1470ac33ceda3015ea2ca6b02bb0a070c5
cfd86eed5b662601ed1effa05e0922030a1bbfb3111d160df9b4f71630198c37
d55fcacba3bb71417701de76aa6b9b02dd6a9186e6c923361518a04d5c32b96d
d66ca23a7be1d8803307f937a250d0f90959f1289862b8e870d6795000f2b731
d6a2ea657aed40576e4e098917c0cca5dccca64d0ef37a4db94568099c41b52e
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d82401a4bbf4dc537e65202c1afe76ea0b4b7e3583349a95ea2b3b1ac408d35e
d9fab7922264ea50220e264de4d91e57cfee55c70333815f6c2d0eaab807300b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dfe45e655c1c3fd2531e0d4b14d0c619a201dd34e3644a4de2ad1d90185f8c78
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e54195221626039d22fe4d330f095023f3daf07d39ab1d3a80e2bb62c6c2c440
e5fc28a845d8b8a279c9c867cb86cee52b6ddf9df67f91b0c6a15513848fdb29
ea83546dde060c1e0db2511c21a5e37e3ddb5ddf48add9c62c5bbbd4beabd54f
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef2537ed6e478831b312c46e369172a62b04cc371b4bd34458eafaeadf69ee41
efbc6414bebcdc90a0efa0e0e4893da2c33a849f77aabd04d8eed5d2ee58f5fb
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390
f94889f70475955a7e6eceda16ef4ad33870a5b968fb90f6a2bdd1debf7249d9
f9cdfa6f4c784e50e3dfa69e80e7332076a811e85fd28a6318c2ae78d1ee8cb8

www.anrfactory.com Open in urlscan Pro 2606:4700:3034::6815:5e97 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

198 Requests

93 %HTTPS

58 %IPv6

26 Domains

43 Subdomains

43 IPs

7 Countries

3373 kBTransfer

7049 kBSize

25 Cookies

15 Outgoing links

Redirected requests

198 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 18 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.anrfactory.com Open in urlscan Pro
2606:4700:3034::6815:5e97 Public Scan

Screenshot
Live screenshot

Full Image

198
Requests

93 %
HTTPS

58 %
IPv6

26
Domains

43
Subdomains

43
IPs

7
Countries

3373 kB
Transfer

7049 kB
Size

25
Cookies

198 HTTP transactions
18 data transactions