koraplus.com Open in urlscan Pro
2606:4700:10::ac43:1472 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://koraplus.com/
Effective URL:
https://koraplus.com/
Submission: On January 30 via manual (January 30th 2023, 8:29:48 am UTC) from RO — Scanned from DE

Summary HTTP 683 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 42 IPs in 11 countries across 35 domains to perform 683 HTTP transactions. The main IP is 2606:4700:10::ac43:1472, located in United States and belongs to CLOUDFLARENET, US. The main domain is koraplus.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 8th 2022. Valid for: a year.

This is the only time koraplus.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 214	2606:4700:10:... 2606:4700:10::ac43:1472	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	205.185.216.42 205.185.216.42	20446 (STACKPATH...) (STACKPATH-CDN)
1	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE)
56	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3030::6815:d88	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:400d:802::2003	15169 (GOOGLE) (GOOGLE)
2	2a06:98c1:312... 2a06:98c1:3121::c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3030::6815:1b4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:400d:806::200e	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:400d:80e::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c04::9c	15169 (GOOGLE) (GOOGLE)
1 12	2a00:1450:400... 2a00:1450:4001:80e::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400d:808::2003	15169 (GOOGLE) (GOOGLE)
100	2a00:1450:400... 2a00:1450:400d:807::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:400d:80e::200a	15169 (GOOGLE) (GOOGLE)
2 88	2a00:1450:400... 2a00:1450:400d:80a::2001	15169 (GOOGLE) (GOOGLE)
18	2a00:1450:400... 2a00:1450:400d:80d::2002	15169 (GOOGLE) (GOOGLE)
10 30	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
3 5	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
2 3	37.252.173.215 37.252.173.215	29990 (ASN-APPNEX) (ASN-APPNEX)
2	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
2	104.96.128.226 104.96.128.226	16625 (AKAMAI-AS) (AKAMAI-AS)
2 4	34.249.210.67 34.249.210.67	16509 (AMAZON-02) (AMAZON-02)
30	2a00:1450:400... 2a00:1450:400d:808::2006	15169 (GOOGLE) (GOOGLE)
21	2607:f8b0:400... 2607:f8b0:4009:81a::2003	15169 (GOOGLE) (GOOGLE)
3 4	185.94.180.125 185.94.180.125	35220 (SPOTX-AMS) (SPOTX-AMS)
2 2	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
7	2600:9000:214... 2600:9000:214f:4200:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
12	2600:1f18:1ac... 2600:1f18:1aca:4280:ecee:c915:72bb:546	14618 (AMAZON-AES) (AMAZON-AES)
9	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
10	2606:4700::68... 2606:4700::6810:c40	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	185.86.137.132 185.86.137.132	201081 (SMARTADSE...) (SMARTADSERVER)
1	2a02:fa8:8806... 2a02:fa8:8806:13::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	185.29.134.244 185.29.134.244	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 5	2606:4700::68... 2606:4700::6812:18ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
4 4	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
1 1	2a05:d018:d29... 2a05:d018:d29:3601:b182:71dc:6cf5:e081	16509 (AMAZON-02) (AMAZON-02)
1 1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
6	37.157.4.40 37.157.4.40	198622 (ADFORM) (ADFORM)
2 3	2620:116:800d... 2620:116:800d:21:c5a4:625:6563:a5bb	16509 (AMAZON-02) (AMAZON-02)
3	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
4 4	216.52.2.30 216.52.2.30	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
3 6	51.89.9.252 51.89.9.252	16276 (OVH) (OVH)
3	37.157.5.73 37.157.5.73	198622 (ADFORM) (ADFORM)
1	99.81.65.5 99.81.65.5	16509 (AMAZON-02) (AMAZON-02)
683	42

214 2606:4700:10::ac43:1472 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

koraplus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
media.koraplus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 205.185.216.42 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map2.hwcdn.net

jscdn.greeter.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

56 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3030::6815:d88 (United States)

ASN13335 (CLOUDFLARENET, US)

pahtfi.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400d:802::2003 (Ireland)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3121::c (United States)

ASN13335 (CLOUDFLARENET, US)

player.adtcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3030::6815:1b4 (United States)

ASN13335 (CLOUDFLARENET, US)

aghtag.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:806::200e (Ireland)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:400d:80e::2002 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:80e::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400d:808::2003 (Ireland)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

100 2a00:1450:400d:807::2002 (Ireland)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400d:80e::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

88 2a00:1450:400d:80a::2001 (Ireland) 2 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:400d:80d::2002 (Ireland)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 142.250.184.194 (United States) 10 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.80.39.216 (Canada) 3 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.173.215 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.96.128.226 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a104-96-128-226.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.249.210.67 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-210-67.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2a00:1450:400d:808::2006 (Ireland)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2607:f8b0:4009:81a::2003 (United States)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.94.180.125 (Amsterdam, Netherlands) 3 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.126.56.137 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:9000:214f:4200:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2600:1f18:1aca:4280:ecee:c915:72bb:546 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700::6810:c40 (United States)

ASN13335 (CLOUDFLARENET, US)

c.bannerflow.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.137.132 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:13::1400 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.134.244 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6812:18ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.190.0.66 (Kansas City, United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3601:b182:71dc:6cf5:e081 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 37.157.4.40 (Denmark)

ASN198622 (ADFORM, DK)

track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:c5a4:625:6563:a5bb (United States) 2 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.52.2.30 (United States) 4 redirects

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 51.89.9.252 (London, United Kingdom) 3 redirects

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.5.73 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.81.65.5 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-81-65-5.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
214	koraplus.com 1 redirects koraplus.com media.koraplus.com	4 MB
202	googlesyndication.com 2 redirects 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 104 tpc.googlesyndication.com — Cisco Umbrella Rank: 149 7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com 96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com 94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com	2 MB
108	doubleclick.net 10 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 190 stats.g.doubleclick.net — Cisco Umbrella Rank: 78 googleads.g.doubleclick.net — Cisco Umbrella Rank: 29 cm.g.doubleclick.net — Cisco Umbrella Rank: 211 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 325	1 MB
30	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 283	646 KB
27	gstatic.com www.gstatic.com fonts.gstatic.com csi.gstatic.com	78 KB
23	adsafeprotected.com 2 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 764 static.adsafeprotected.com — Cisco Umbrella Rank: 616 dt.adsafeprotected.com — Cisco Umbrella Rank: 557 pixel.adsafeprotected.com — Cisco Umbrella Rank: 716	214 KB
18	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 70 www.google.com — Cisco Umbrella Rank: 2	5 KB
14	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 186	651 KB
10	bannerflow.net c.bannerflow.net — Cisco Umbrella Rank: 8206	115 KB
9	adform.net track.adform.net — Cisco Umbrella Rank: 3696 s1.adform.net — Cisco Umbrella Rank: 8046	185 KB
7	google.de adservice.google.de — Cisco Umbrella Rank: 8741 www.google.de — Cisco Umbrella Rank: 5986	2 KB
6	onetag-sys.com 3 redirects onetag-sys.com — Cisco Umbrella Rank: 725	1 KB
5	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 726 s.tribalfusion.com — Cisco Umbrella Rank: 1733	3 KB
5	openx.net us-u.openx.net — Cisco Umbrella Rank: 417 rtb.openx.net — Cisco Umbrella Rank: 1634	968 B
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 524	4 KB
4	lijit.com 4 redirects ap.lijit.com — Cisco Umbrella Rank: 592	3 KB
4	travelaudience.com 4 redirects ads.travelaudience.com — Cisco Umbrella Rank: 12230	975 B
4	spotxchange.com 3 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 660	2 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 34	3 KB
3	quantserve.com 2 redirects cms.quantserve.com — Cisco Umbrella Rank: 632	1 KB
3	yahoo.com 3 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 274 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 414	1 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 203	3 KB
2	smartadserver.com rtb-csync.smartadserver.com — Cisco Umbrella Rank: 560	326 B
2	teads.tv sync.teads.tv — Cisco Umbrella Rank: 1232	344 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 21	20 KB
2	adtcdn.com player.adtcdn.com — Cisco Umbrella Rank: 34416	965 B
2	greeter.me jscdn.greeter.me — Cisco Umbrella Rank: 201946	10 KB
1	krxd.net beacon.krxd.net — Cisco Umbrella Rank: 581	338 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 308	500 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 556	575 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 453	905 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 2918	104 B
1	aghtag.tech aghtag.tech — Cisco Umbrella Rank: 38868	89 KB
1	pahtfi.tech pahtfi.tech — Cisco Umbrella Rank: 460482	3 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 40	43 KB
683	35

	Domain	Requested by
133	koraplus.com	1 redirects koraplus.com
100	pagead2.googlesyndication.com	securepubads.g.doubleclick.net koraplus.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com 7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com 96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com www.googletagservices.com c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com 94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com s0.2mdn.net
88	tpc.googlesyndication.com	2 redirects 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com koraplus.com securepubads.g.doubleclick.net tpc.googlesyndication.com 7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com 96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com 94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net
81	media.koraplus.com	koraplus.com
54	securepubads.g.doubleclick.net	koraplus.com securepubads.g.doubleclick.net www.googletagservices.com 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
30	s0.2mdn.net	koraplus.com s0.2mdn.net 7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com
30	cm.g.doubleclick.net	10 redirects googleads.g.doubleclick.net 7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com 94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com 96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
21	csi.gstatic.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
14	googleads.g.doubleclick.net	koraplus.com pagead2.googlesyndication.com 7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com 96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
14	www.googletagservices.com	jscdn.greeter.me securepubads.g.doubleclick.net 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com koraplus.com 7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com 96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
12	dt.adsafeprotected.com	29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
12	www.google.com	1 redirects koraplus.com tpc.googlesyndication.com 7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com 96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
10	c.bannerflow.net	s0.2mdn.net c.bannerflow.net
9	googleads4.g.doubleclick.net	koraplus.com
7	static.adsafeprotected.com	29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com srcdoc pixel.adsafeprotected.com c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
6	onetag-sys.com	3 redirects 94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com 96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com
6	track.adform.net	c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com s1.adform.net
6	29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
6	adservice.google.com	securepubads.g.doubleclick.net
6	adservice.google.de	securepubads.g.doubleclick.net
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
4	ap.lijit.com	4 redirects
4	ads.travelaudience.com	4 redirects
4	a.tribalfusion.com	1 redirects 94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com 96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
4	sync.search.spotxchange.com	3 redirects googleads.g.doubleclick.net
4	fonts.googleapis.com	29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com tpc.googlesyndication.com
4	www.gstatic.com	koraplus.com 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
3	s1.adform.net	track.adform.net s1.adform.net c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
3	rtb.openx.net	94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com 96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
3	cms.quantserve.com	2 redirects 94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
2	pixel.adsafeprotected.com	1 redirects c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
2	rtb-csync.smartadserver.com	googleads.g.doubleclick.net
2	c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	ups.analytics.yahoo.com	2 redirects
2	94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	fw.adsafeprotected.com	1 redirects koraplus.com
2	sync.teads.tv	googleads.g.doubleclick.net
2	us-u.openx.net	googleads.g.doubleclick.net
2	fonts.gstatic.com	fonts.googleapis.com
2	7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	player.adtcdn.com	koraplus.com
2	jscdn.greeter.me	koraplus.com
1	beacon.krxd.net	c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
1	pixel.rubiconproject.com	1 redirects
1	pr-bh.ybp.yahoo.com	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	s.tribalfusion.com
1	sync.mathtag.com	1 redirects
1	dclk-match.dotomi.com	7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com
1	www.google.de	koraplus.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	aghtag.tech	pahtfi.tech
1	pahtfi.tech	koraplus.com
1	www.googletagmanager.com	koraplus.com
683	57

This site contains links to these domains. Also see Links.

Domain
www.tiktok.com
www.facebook.com
www.instagram.com
twitter.com
www.youtube.com
www.clicksegypt.net

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-10-08` - `2023-10-08`	a year	crt.sh
greeter.me E1	`2023-01-15` - `2023-04-15`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.pahtfi.tech E1	`2022-12-03` - `2023-03-03`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
teads.tv R3	`2023-01-20` - `2023-04-20`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2022-04-28` - `2023-05-27`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2022-08-06` - `2023-09-04`	a year	crt.sh
dt.adsafeprotected.com Amazon	`2022-04-10` - `2023-05-08`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-09-20` - `2023-09-20`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2022-10-20` - `2023-10-19`	a year	crt.sh

This page contains 64 frames:

Primary Page: https://koraplus.com/
Frame ID: B6B8F2ADFF18B95D41F48F5E78AE0A64
Requests: 252 HTTP requests in this frame

Frame: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 913AF7707CC0A2E7F35302132EC98F44
Requests: 1 HTTP requests in this frame

Frame: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 08894053639C677A07C37C2DE4AEE8AB
Requests: 16 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsurqLDz2MM5SI8djs3C75doafqCf2VCnPOxq0t605VJl9Z7Bb8c38qTn4FFDIlh3Hx-89CNzhK7BC1oqLb3dkCuG7F0fGeJ-X7nl7sCWhcz_spgkCZcWe5eNcZi1aKg-yxRyz8muU4nCMY2IQ3ph7BGnm0Bbi4mW2edvUacp5M7HNg6XSQcBkWnR-dwyky-D93ADzlglrAxyfJTioPpFqcx3EK5Gka2e-WGMKkiZpXxl89MWyKXE4x3OqI7cBuwKdGSJkZXFQKsOh4gZPWTbz0uSI_FvhgUPrjyja6qXnZbPyJo9z_l3u3nfmFHDYB4djijmA&sai=AMfl-YSchzzSyamU-h64hD6imN6jX6ngQcJDOO2rWVuiJiOgyz3bZzW_CbM4KcKFG7Q4mi3ULtzHhcThOIkVZ8npfnzD84xRP2Lwd6izcydCrR5L-cqkBXgpEiLTO7VpANuysZuUdS6y0lKG4n6Kh5htPmA&sig=Cg0ArKJSzHWuqp1dMRGCEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 1762C86406DDD6E21D066C61F3EB6C5B
Requests: 19 HTTP requests in this frame

Frame: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: CC0061387F79387B871AB70833CBBE74
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIGpfRDM07aKAxjjz__dATAB&v=APEucNU_MqH6CqnxozsibIBO9pP7zv1Q2J16htMy4Vhqk2TIjMlaEFwKMMwpS1Es7cpdkV71cnO7UlkOHPfEA9_qFLwYFxoTWpCIivSyw_qQpO4tV-dyDZJMOc-2byLoPYubVEU8_gXiTQLyLr2FZ7VBbsg15rJR8Z1rS0SJHHlC51YHfpzikpw
Frame ID: 4972188DC4C2E489120F02D227FB8F8A
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 217B53643E13524EE743048D7AD56B9D
Requests: 26 HTTP requests in this frame

Frame: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 35758E0B41B2FAACCE6ACA49FEDAC152
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuh1ot04n0YV7_1CpC94pN12Dn20Eh8fSyAj4BCKjryyqWArdVIwFEWgM0pQ6Zk8aYOFNIU0yeUNMsxlBx82BZciStvwcKbm2QXwkS-akIEVek75ZHKe1BcwVQhWTuUKpDMOo2JX8JXpI1LGnLlrD3XwsIyEekw1BFVg-y1MpV0h8XM1Pz0pVnFcQk8boSxc07r0cZ2z6FykFUnxFo7G_hrM8RwhbGRFpYKSA6wkHGW-3NvmDkd-LyDxCI6m7HkbH88lJtd0_sIfVnGZRp5SeAi145EnAVjvSklk3pYspHC_DVE8CCDJoseNs8jKk9FQwZVYXD_&sai=AMfl-YQkhdG7HYjIN-ZCYm9Uz7I755GaRyiMVvyJriYlxLOUHghDMv75MA165mQWAMQr7CvGuWKvfEBVLmI2g5O2MuxBeU72Yw1KLfA4B57P6ReODOfvGeBxCcGlXN_kKIHmpvwotNxbGN4UGJb1Vau73A&sig=Cg0ArKJSzKrtHHKKQqTIEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 29B613762B3616F7ED227EBDB691F82C
Requests: 18 HTTP requests in this frame

Frame: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: F9C42EADBCF946D12F6EA4947C9AE53A
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssUtU6wm8q0PjZhWELbEHbH138j2n8c1GR4Ybqb_N_NBW-Ll7O6XFvn7p7fJMQwcGeVmJgeowNOTeEdN3EKAVRCu2y_8xX2Dt7DiznhoAO4zn3PZZBAQAtFdz4ROF6b4QMID8LrSne10dW4q9joZEqvfBM1mbNPbykhIu4wsACA0iYobbbSsa9vvX4Jii5sijyGhxapGSPfK6ORGujDe311BE2NgRz3CRSIHFMbesUMBD68FbO3isnNXp9of41cpq5nJXcCik16O-q3frDP3wUoo5YyshVv75Czh84PEgE4juhFHmk7_B3ZDHqKEvoFFw&sai=AMfl-YSQG2OUjZzWZvRiaxFKNjriB9itrqF1EOTMFOqNGqOn4kxb5IVDXGhiB1PXUvwF7RLrtvXjiN4aoZp3bRT_QTfRaJzJaD70ArN2WUQrHYiW225s3gdWWFnNH6fONt3cnYgMgwItwJYwFf4uicD1bQ&sig=Cg0ArKJSzOU_9ujlLvvlEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: F26074FC8493ECCE5C31D10296440650
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COzd5gEQkuXoARiSiNzeATAB&v=APEucNXWBpoAdtspwF5V4dpxVd09NFFVqG5UPxRIbqb7XFbFD-BuNrT8tWO7M2kl5fPLaDuUj-lNqeweDaNVe42u1_ZB6nBmh33PBC-ZK5_rDnXb11ykux3eQOsz7sOsZSYFigb19mIlcGc5ScTWCqNdQ-zUtrXTIilo6Bms2OKCXPFJ7e0nA3U
Frame ID: E3E150F2C97DE767824A39BA28301BB5
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: D618977E9FC7C2AEBF89B822C4759F5A
Requests: 21 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 2DF807497EFDE9B19A922F1FC92F3033
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 21472A5088B2EEEA2FF5844BC75C1DCB
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js
Frame ID: 0ABC00EEBD33F41C392CEFAAAD9E204E
Requests: 1 HTTP requests in this frame

Frame: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 1FB5B85F45599F5C987ACA66B641F43B
Requests: 20 HTTP requests in this frame

Frame: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 703DD4F19B2F307694D36A4972023C3F
Requests: 1 HTTP requests in this frame

Frame: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: AC90D6E12BDF596758F8F500E72D59FF
Requests: 16 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsscN0Den3zzu8BVljKCZmsDV17XvaNWn9pWPM7lFnjy9wS2nQQEwTBJSLssz_yq3PoOEYbFFtNBR6N2lrQMYN-DfhNJQ6bqChoyznNsUoaLxDCbNRSDeDLUN0Z-lTtc3p9nQIZpulpqXzRCnYAb_Bed3CbmPzYOVpRkzlzzruJJT-mjYxtJ52ugVRSfm6O6gRwizdkoDHNM8SOXXWBYy4dGRfBgjQhjBTVR2z2VG5FU5WgEdVU9r9-M-wpjuPVCtxG5oJGyTs-BdoxzgAHRky-3KiFr4IywjEM-ut5ZFZEFkePiBVYx7DgS6ajPWJA053r18-A&sai=AMfl-YRW5B66zR_Dv51YpzkfQaZAwCkpNYCJvkW9pfAuWAo_HTj7Dl1OMvua8Qy8g8at0WYJy5Z9HFOUDbK1z1OfJ-YQXntmOGHfI6rl48xSzuyrOsP5LT-1mL5rAVrh8FwoMXO4wlSWQm_N4ScAm3kOa4c&sig=Cg0ArKJSzBx2kbVjwIF4EAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: CC07D63477BAAEE057BEBCCE0DE622D5
Requests: 19 HTTP requests in this frame

Frame: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 09532DA706A1E0560C8CDF61E8B741B6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COed9gIQ96fYjQIYn-X73gEwAQ&v=APEucNU9QzBnXodX1P_wr4YFakVFyWX5_F_37rNoU0NINJrFQKu5HcjuQFQTHgJzc5qWbFx-YcTgAYJS4KkQtgVaywqZUA0KMOMvGTRuGzPdqQUp8XkwUt8YjUHn4eKcXyOgyCbfsiF7APT21ge4Rn84dZhZ-u8wK9rW0x3b1gkuw0ExKOg9C4Q
Frame ID: E3F2E10C7D01CAAEB033FEB828D359F1
Requests: 4 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17559642657045610496/hrb_ct_expat_filetoday_html_145_300x250_v1_na_y/hrb_ct_expat_filetoday_html_145_300x250_v1_na_y.html
Frame ID: 7D49DF8A9C30E80FCB70DB9B24FB036E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 39D81334FF55D56B6C30958FCA09C975
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 082554B38133D00EEF56C5708C641350
Requests: 2 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 8E8F8FFBC938AB574DE290194385A1EB
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 731CE20CEDA55763E1F4C84A61A95A55
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/4900554790666240000/728x90_de_DE_2023_01_DE_Tactical_January_LH_2023-1-638095618950877025-ae68c46f-934f-4625-9b1a-44d4c4c982fa.html
Frame ID: F92C61EE795E10F21F18AD1067F753F6
Requests: 9 HTTP requests in this frame

Frame: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 321A489DC76FDADC960054E80F8078DF
Requests: 1 HTTP requests in this frame

Frame: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: C071E8FD01569F434E523485655A98A2
Requests: 1 HTTP requests in this frame

Frame: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 762D4A67A1B4D515D0CF76FC4FB4656C
Requests: 19 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C31D5FBA37DC8DE4E12561CE2618E3F6
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhiqnKp5MAE&v=APEucNVakwlhYKSFsYX91nTeuam_S7IiVHaysbuJLieh_Ppx-OOO8Lyfx1plXP7BBPO7DWqU2ysjGkck7D9mYcM9hD3_2C6QRWZHxa2E7ZGNPC4qcKf4CU7lF1RTkui-PuERqsMEe7AyUikAzYvGA2W0v6QBr534s6BKCK42fOtBxvctM7rDeHo
Frame ID: 70D19605C1A744791660412796ADF1CE
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 842667809F07960CF261D08D82A79C37
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhj73NDBATAB&v=APEucNXklVzecQ3hpoZ0h8u1VmuoPKO5-sYb72gBdk8mmY90ZCjeNkGUlKms4PalkNvOrWnZxbmK3NrVuyGPdDcMSvcrFFcVpCtcI-uWbjOdJ3CbqlsV1tshJWGmvYgFn7rhXJit6vNp0KWXm4wiDmD8g5EInhG6XT0oV5CV3XaIA8c7SQx5wgw
Frame ID: 67A44C6A9A01E3B459F32C4DB0EF3EC8
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/passback_300x250.js
Frame ID: 24F66DFAD18E64C798F2394BC6C21116
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/498083831003229311/index.html
Frame ID: 79FD8637219F450F616BAB45943D660D
Requests: 15 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js
Frame ID: C9EECDB332EF967FA87A30862C28F70B
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 7D9660C60E1F4576912FC6AE04F6BC7B
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 64D78BCAB308E3477EC4C1F708F7FB39
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 042035212CA1A6AD95A5D54AF43609F2
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: DB437DF5041AF03C33EE8ECF12CB4BC4
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 1B6F78CA351B046019B98840D8441A35
Requests: 2 HTTP requests in this frame

Frame: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: D8AE1D11F3054BA6AC5F64BB9706DE44
Requests: 36 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: BA7D803F6E659B55544607EB9C4C71B2
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhCsuIT9ARjLl5vfATAB&v=APEucNXmbYOqegQHksALRqDcf_cjn1wU7sAYTjO5aqMODfOLPBIQgnIcH-VVxlnv5sMU5Pwyk7WV0DlvMMb2dNc_Wzf3WM5aNjLX8n6eQHUJkgykXsWklSt8lwFdrH6Kiv42OvmHJA7cnH-7AT9M0dq6gV7jlxK1Uzxh7JZQFvaDNay0yKCipb4
Frame ID: C1EDE16D528E77829F0770CA90F7BBBA
Requests: 1 HTTP requests in this frame

Frame: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 843D13476451D6C81F983FA351F8FDBD
Requests: 10 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=O9bLcDAJmX&t=1&renderingType=2&ev=01_247
Frame ID: 8A89741593CD81E0A9D938CE209A71CC
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 76ADFA2D1E50D8B496512272EDF2E35D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 681580708AC18BD59828FF71398784E9
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/index.html
Frame ID: 32BE2F35A31CFA82AD9D99B344034463
Requests: 35 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 77BEF336069E70554298C12BDF8DC63A
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 5E9C5FB432A75253B01DE4725C15AA75
Requests: 8 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=IyxHAVLxoL&t=1&renderingType=2&ev=01_247
Frame ID: 0CA346B11095DED3ED489170C2868BC9
Requests: 12 HTTP requests in this frame

Frame: blob://https://s0.2mdn.net/b343eb22-1fac-4adc-80a8-fbc31ddeb2da
Frame ID: 710AC600E67320F618A0187EC099B508
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: AFBD9A15753FDCCD56314E83ECA22A47
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 666C1083E74908E7BC9F496054EBC000
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 1E15BE945A2FD4486200D4CE261D7D17
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 29BB0B56BE84071E35DE7828DFC4AAA2
Requests: 3 HTTP requests in this frame

Frame: https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Ffinnair%2F6140ae64cb78547990abe56c%2Fimages%2F0d8542cd-e891-4bd5-8f8f-4db47961d433.jpg&w=365&h=219&q=67&f=webp&rt=cover&x1=0&y1=224&x2=6720&y2=4256
Frame ID: 0B27165F3A2A33B391EF8AB88E0B8918
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js
Frame ID: FF58A89CC569960717AB79B86243B4E4
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: FB1484900928FCEEF3E766EC34E89A35
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js
Frame ID: DC5FBD20F67A7A6145BE8ADDDA574763
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 82654EFBDEA8B5BBA452C19CC78F5060
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

كورة بلس - شاهد مباريات الدوري المصري حصريًا

Page URL History Show full URLs

http://koraplus.com/ HTTP 301
https://koraplus.com/ Page URL

Detected technologies

Firebase (Databases) Expand

Overall confidence: 100%
Detected patterns

/firebasejs/([\d.]+)/firebase

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

683
Requests

95 %
HTTPS

56 %
IPv6

35
Domains

57
Subdomains

42
IPs

11
Countries

9118 kB
Transfer

19358 kB
Size

28
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.tiktok.com/@koraplus

Search URL Search Domain Scan URL

URL: https://www.facebook.com/koraplus

Search URL Search Domain Scan URL

URL: https://www.instagram.com/koraplus

Search URL Search Domain Scan URL

URL: https://twitter.com/korapluseg

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCoTREVo1yJwXXDY0TbTA4EQ

Search URL Search Domain Scan URL

URL: https://www.clicksegypt.net/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://koraplus.com/ HTTP 301
https://koraplus.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 260

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDr3ZqF_gEQgAgYgAgyCFFyRh2Ouq9r HTTP 301
https://tpc.googlesyndication.com/simgad/624907996767536446

Request Chain 286

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFBrPmVi4G1NnV0r8MvtBow&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFBrPmVi4G1NnV0r8MvtBow&google_cver=1&C=1

Request Chain 287

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y9d-8-2kfl1NMJoaX8d.DgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFBrPmVi4G1NnV0r8MvtBow&google_cver=1&google_hm=2

Request Chain 288

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEBEGE8yiOo69QXzRIyYvuuc&google_cver=1

Request Chain 289

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkyMTQ3MjMzOTkyMTUxMzAxNA%3D%3D

Request Chain 313

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENfW3nUmPB10qbq4xxbYLhw&google_cver=1

Request Chain 315

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEJrD6X2Icas__SrNBPjpGbo&google_cver=1

Request Chain 369

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDr3ZqF_gEQgAgYgAgyCFFyRh2Ouq9r HTTP 301
https://tpc.googlesyndication.com/simgad/624907996767536446

Request Chain 370

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEFORHU0mJz98G0owLu92yT4&google_cver=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEFORHU0mJz98G0owLu92yT4&google_cver=1&__user_check__=1&sync_id=3d6727b4-a078-11ed-b9e5-1a3cf9d10306

Request Chain 371

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=3d643deb-a078-11ed-a274-1ee5b9e10506 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=M2Q2NzI3NGMtYTA3OC0xMWVkLWI5ZTUtMWEzY2Y5ZDEwMzA2

Request Chain 372

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS0udEc2VFdWRTJ1SEQ3ZnNjTzBSa1hlUGZMRkJ4R1NIQX5B

Request Chain 377

https://fw.adsafeprotected.com/rfw/st/1319389/68771741/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1010169620&ias_pubId=pub-2930805104418204&ias_chanId=1&ias_placementId=19517405192&bidurl=https://koraplus.com/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0ji2iKvuH54PZNnufY1kNje&adContainerId=brand_safety_83_XY9uoMuq49u8PlJ-K4Ao&cbFunctionName=goog_wrapCb_83_XY9uoMuq49u8PlJ-K4Ao&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_300x250.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fkoraplus.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fkoraplus.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2F29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=bed&adsafe_jsinfo=,id:164fd682-7869-3958-f88a-39a775192d20,c:2LDynf,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-experiment-primary-6d97fd7958-54qdz,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,mu:10000,br:c,bru:c,an:n,oam:0,mtim:3,mot:0,app:0,maw:0,fm:tupu1mj+11%7C121%7C13%7C141%7C1421%7C143%7C144%7C151*.1319389-68771741%7C1511%7C1512%7C161%7C1711%7C181%7C19%7C1a%7C1b%7C1c,idMap:151*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:22,oid:3d344a50-a078-11ed-9499-96385972e5f9,v:19.8.385,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4a.js

Request Chain 444

https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_dbm HTTP 302
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEIlk-T7HU_1VPLH11b8l5rk&google_cver=1

Request Chain 481

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEIS508NW50CsGa9zvmkRP8c&google_cver=1&google_push=Aa02lx_ay_42rh2Lb1SgUBj_Z5Tnn1TpkANHxEwhutTHzr7Pz16KoPur_ZRzO_BcYjh3Ngwzp3Xj9MJTqiLh1FBiqL9BY1gp6k5PuLnB6mBkylThUW5r6AdhYm7WlhC4RCNA_jZsFqMbfHxo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aa02lx_ay_42rh2Lb1SgUBj_Z5Tnn1TpkANHxEwhutTHzr7Pz16KoPur_ZRzO_BcYjh3Ngwzp3Xj9MJTqiLh1FBiqL9BY1gp6k5PuLnB6mBkylThUW5r6AdhYm7WlhC4RCNA_jZsFqMbfHxo

Request Chain 482

https://a.tribalfusion.com/i.match?p=b6&u=CAESEO35KmfsCo78G1gNAAAkWKk&google_cver=1&google_push=Aa02lx9OoS1IllBnO6E4oioW3Viz90vqiP_rAnWfEkBlCbG5YJlsGCAKDrkLjFSxsLRUKo-0eyLRZyE-P188Gfl5mvXSUspPhmAbnYJYRbSkzAcAvjV_IQGTJVn5-zHScQ8TOLCpZZclKP0&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAa02lx9OoS1IllBnO6E4oioW3Viz90vqiP_rAnWfEkBlCbG5YJlsGCAKDrkLjFSxsLRUKo-0eyLRZyE-P188Gfl5mvXSUspPhmAbnYJYRbSkzAcAvjV_IQGTJVn5-zHScQ8TOLCpZZclKP0%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEO35KmfsCo78G1gNAAAkWKk&google_cver=1&google_push=Aa02lx9OoS1IllBnO6E4oioW3Viz90vqiP_rAnWfEkBlCbG5YJlsGCAKDrkLjFSxsLRUKo-0eyLRZyE-P188Gfl5mvXSUspPhmAbnYJYRbSkzAcAvjV_IQGTJVn5-zHScQ8TOLCpZZclKP0&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAa02lx9OoS1IllBnO6E4oioW3Viz90vqiP_rAnWfEkBlCbG5YJlsGCAKDrkLjFSxsLRUKo-0eyLRZyE-P188Gfl5mvXSUspPhmAbnYJYRbSkzAcAvjV_IQGTJVn5-zHScQ8TOLCpZZclKP0%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 483

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEI2z__mc-QcunGoBchOHE6I&google_cver=1&google_push=Aa02lx9ts0cE-JrpdWltQx-eJSIUN3m_Dk16K6KYp4h0ubLZQbkG5yfa8YPZeJGjWkNrC1OPZO6HSXwvu7B6jfu3CTbWMc7h1UKCgsqBBNaV1AqlOf3yPf-8DudTalmLcs7NLdLQhJEfjGM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEI2z__mc-QcunGoBchOHE6I&google_push=Aa02lx9ts0cE-JrpdWltQx-eJSIUN3m_Dk16K6KYp4h0ubLZQbkG5yfa8YPZeJGjWkNrC1OPZO6HSXwvu7B6jfu3CTbWMc7h1UKCgsqBBNaV1AqlOf3yPf-8DudTalmLcs7NLdLQhJEfjGM

Request Chain 484

https://ads.travelaudience.com/google_pixel?google_gid=CAESEG8RJRXV3sC0v3V6FX4qIvM&google_cver=1&google_push=Aa02lx8Tna1hUTesMYoTgRA_6e-BAxmuPEI1jR5A2W1Ngn2ertSc49fSWZstQh0jW6Qbji6-MMiI0Nl5vuMi7JCEhydAHrmk8GSvjMk230BAOSWc_FWgYF4q8o1hWNvWuCTgLph8OiQ39RdN HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=aVUBxnXVSTGWlS4btHnjmw2&google_push=Aa02lx8Tna1hUTesMYoTgRA_6e-BAxmuPEI1jR5A2W1Ngn2ertSc49fSWZstQh0jW6Qbji6-MMiI0Nl5vuMi7JCEhydAHrmk8GSvjMk230BAOSWc_FWgYF4q8o1hWNvWuCTgLph8OiQ39RdN

Request Chain 485

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESECC0uDC7e1bpu_tpnzM4gsc&google_cver=1&google_push=Aa02lx_wfMUYGmz2RgLj3z0YiI0wc7JNjrTsN27PuOGCto7wP5hbpbgLhk-w2wffcvNDkSNnga1hhC7mOJhXNpqwZwAlPecOdOZ-XGwBNQqdnJDWGMAf86gi1Zp__DoT0aeE_Milt7oriG8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx_wfMUYGmz2RgLj3z0YiI0wc7JNjrTsN27PuOGCto7wP5hbpbgLhk-w2wffcvNDkSNnga1hhC7mOJhXNpqwZwAlPecOdOZ-XGwBNQqdnJDWGMAf86gi1Zp__DoT0aeE_Milt7oriG8&google_hm=eS1tbTdESTExRTJwSHpJMlU4YkZ2ZnN0cDRBeXhKSHJTcn5B

Request Chain 486

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBLZtz4hgtOMXay75Z_OJxM&google_cver=1&google_push=Aa02lx9GGzxALJY8L16-DVSmJ5S5RTeX5Y8IuzvwU9qN8BkTOJZT_T9ihxWctU87cgSASULiGsuEuUxf8hxN9uxbiKkhCw5plWD7TBtaoBUcLe4RxjHs3_JiQJMCMNFJ1PexqJwBtTyVtHw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TERJSlZCQ0otUC02NTlM&google_push=Aa02lx9GGzxALJY8L16-DVSmJ5S5RTeX5Y8IuzvwU9qN8BkTOJZT_T9ihxWctU87cgSASULiGsuEuUxf8hxN9uxbiKkhCw5plWD7TBtaoBUcLe4RxjHs3_JiQJMCMNFJ1PexqJwBtTyVtHw

Request Chain 566

https://ads.travelaudience.com/google_pixel?google_gid=CAESEG8RJRXV3sC0v3V6FX4qIvM&google_cver=1&google_push=Aa02lx8gLKAn4HWQPN3vCNKBRbdFmlDe7npTFpbUDLlicX2V1DEwQhjAe-0KIZUHcxbGknFnCoqLKbjUu82TGWBDGXjaEQG6uTHJRQ HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=aVUBxnXVSTGWlS4btHnjmw2&google_push=Aa02lx8gLKAn4HWQPN3vCNKBRbdFmlDe7npTFpbUDLlicX2V1DEwQhjAe-0KIZUHcxbGknFnCoqLKbjUu82TGWBDGXjaEQG6uTHJRQ

Request Chain 568

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEB37EHFRQSTJna5vLbhIDWk&google_cver=1&google_push=Aa02lx90Jn2KhDJOHQVFH2hQYdGi0dABOUYUG_MviK6_OD01QWQS3ZayQLaBSULmoNWW-dh7jGql97TO1amHVJgIxkeLlw2sV91fmA HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEB37EHFRQSTJna5vLbhIDWk&google_cver=1&google_push=Aa02lx90Jn2KhDJOHQVFH2hQYdGi0dABOUYUG_MviK6_OD01QWQS3ZayQLaBSULmoNWW-dh7jGql97TO1amHVJgIxkeLlw2sV91fmA&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aa02lx90Jn2KhDJOHQVFH2hQYdGi0dABOUYUG_MviK6_OD01QWQS3ZayQLaBSULmoNWW-dh7jGql97TO1amHVJgIxkeLlw2sV91fmA&google_hm=GEmduGZH_amFSaP9TSesYax6

Request Chain 569

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEMb7H18PwT7qAEQA44g42YM&google_cver=1&google_push=Aa02lx-cfFpjMh7tTf6JIDeJ5OcdQzKEMoSfwCkbX3SX0cfHgjfgZk4l-7RLSC-SsGGVbDeY_uCT-2-_na8JMk7qN_955Y9oEVLiBJM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx-cfFpjMh7tTf6JIDeJ5OcdQzKEMoSfwCkbX3SX0cfHgjfgZk4l-7RLSC-SsGGVbDeY_uCT-2-_na8JMk7qN_955Y9oEVLiBJM HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 579

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 583

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESENpDd25SS_IZ04dKfo-__8o&google_cver=1&google_push=Aa02lx_J9kSZqysNy1dnkBhPcBbRdHurXaRa-8gNTz5K5qtZSLsusti6zX60AL4JQr2YejkV-hWoiWTUvYFcbtJxb0JAbBIAiYI HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=Aa02lx_J9kSZqysNy1dnkBhPcBbRdHurXaRa-8gNTz5K5qtZSLsusti6zX60AL4JQr2YejkV-hWoiWTUvYFcbtJxb0JAbBIAiYI&google_hm=pffcBIHCq_4sugoMAy6QhA

Request Chain 585

https://ads.travelaudience.com/google_pixel?google_gid=CAESEG8RJRXV3sC0v3V6FX4qIvM&google_cver=1&google_push=Aa02lx9Ad9SpCOt-x912VC3LlkXNZD2kFBmRIOu0cM1M3akmALboKgQqehN1I0Hufx4KiSu73gQVhsd2_SaBdVtF84Kiha_nrYA HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=aVUBxnXVSTGWlS4btHnjmw2&google_push=Aa02lx9Ad9SpCOt-x912VC3LlkXNZD2kFBmRIOu0cM1M3akmALboKgQqehN1I0Hufx4KiSu73gQVhsd2_SaBdVtF84Kiha_nrYA

Request Chain 587

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEB37EHFRQSTJna5vLbhIDWk&google_cver=1&google_push=Aa02lx_dPG0Tvy8koFOi_Fx4MQhFPdOVD-50qSyP3cg_CfItaGsETa3oMD32JLoJtt1eAgh-BGhMeb7NhdJUeyNHkxeiaWWCcYM HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aa02lx_dPG0Tvy8koFOi_Fx4MQhFPdOVD-50qSyP3cg_CfItaGsETa3oMD32JLoJtt1eAgh-BGhMeb7NhdJUeyNHkxeiaWWCcYM&google_hm=GEmduGZH_amFSaP9TSesYax6

Request Chain 588

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEMb7H18PwT7qAEQA44g42YM&google_cver=1&google_push=Aa02lx_hNJbuzazD1NYUkffW-s7iGRF9-fqMDQw_0LfA3rnqMU37g5Ca-vmrB99SZFJKf24k5wQXMNbIxCaEHE30WiGQXLoEGXk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx_hNJbuzazD1NYUkffW-s7iGRF9-fqMDQw_0LfA3rnqMU37g5Ca-vmrB99SZFJKf24k5wQXMNbIxCaEHE30WiGQXLoEGXk HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 677

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESENpDd25SS_IZ04dKfo-__8o&google_cver=1&google_push=Aa02lx941PBqY-zapGISr9vSY3NEfuZqKJjua2-tPHWOWRBEGMtBEyeum8hN-MPFXdrAtLupRvdW7ETXHglQgrjp1dIYqBI7TRMD HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=Aa02lx941PBqY-zapGISr9vSY3NEfuZqKJjua2-tPHWOWRBEGMtBEyeum8hN-MPFXdrAtLupRvdW7ETXHglQgrjp1dIYqBI7TRMD&google_hm=pffcBIHCq_4sugoMAy6QhA

Request Chain 679

https://ads.travelaudience.com/google_pixel?google_gid=CAESEG8RJRXV3sC0v3V6FX4qIvM&google_cver=1&google_push=Aa02lx-HNOWnNgFEjTxXjJGZ8J_IJPZpFSpSPqUUCj-vemOj4CG_uOHoN4fQ1WGDrjcaNpJITRMp2aQ4WT_y1ZGWwZdrFVzFnQJt HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=aVUBxnXVSTGWlS4btHnjmw2&google_push=Aa02lx-HNOWnNgFEjTxXjJGZ8J_IJPZpFSpSPqUUCj-vemOj4CG_uOHoN4fQ1WGDrjcaNpJITRMp2aQ4WT_y1ZGWwZdrFVzFnQJt

Request Chain 681

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEB37EHFRQSTJna5vLbhIDWk&google_cver=1&google_push=Aa02lx871J-6MhDK0fGtXwPYHGRPGZZv7MndB1y5rXlZiZpHVtoqJQmCWOsJ-SqxKBGYMg4dZ6dNg81CbAUniyzqGsIrmLIwCF1a HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aa02lx871J-6MhDK0fGtXwPYHGRPGZZv7MndB1y5rXlZiZpHVtoqJQmCWOsJ-SqxKBGYMg4dZ6dNg81CbAUniyzqGsIrmLIwCF1a&google_hm=GEmduGZH_amFSaP9TSesYax6

Request Chain 682

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEMb7H18PwT7qAEQA44g42YM&google_cver=1&google_push=Aa02lx-XN0NF90nmh0UIVqRl4vrZjB-FWCwTZqYKf-RFoYkQLyApZolnxEhhlRvPMDLZHb4-r-8g5ELnl9CLiP-hAjq5xX6Xkzulde8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx-XN0NF90nmh0UIVqRl4vrZjB-FWCwTZqYKf-RFoYkQLyApZolnxEhhlRvPMDLZHb4-r-8g5ELnl9CLiP-hAjq5xX6Xkzulde8 HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 685

https://pixel.adsafeprotected.com/rfw/st/1322500/68733915/skeleton.js?bundleId=&ias_dspID=3&ias_campId=1010183376&ias_pubId=pub-2930805104418204&ias_chanId=1&ias_placementId=19485175112&bidurl=https://koraplus.com/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0juvhdr7GYZepFqOQnKZwEv&adsafe_url=https%3A%2F%2Fkoraplus.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fkoraplus.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fc035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fc035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:30920b62-509b-7fa7-4a02-d9128f290ee9,c:2LDz5M,sl:na,em:true,fr:false,thd:1,mn:jsserver-primary-bb8697c85-5cllh,rg:ie,pt:1-5-15,mu:10000,br:c,bru:c,an:n,oam:0,mtim:342,mot:0,app:0,maw:0,fm:tupu1Zp+11%7C121%7C13%7C141%7C1421%7C1422%7C1423%7C1424%7C143%7C1511%7C1512%7C1513%7C1514%7C161%7C1621%7C162211%7C1623%7C16241%7C163%7C164%7C1711%7C17121%7C17122%7C1713%7C181%7C18211%7C1821211%7C18213%7C182141%7C183%7C184%7C19%7C1a1%7C1b1%7C1b2*.1322500-68733915%7C1b21%7C1b221%7C1b23%7C1b31%7C1b4%7C1c1%7C1c2%7C1c3,idMap:1b2*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:1,renddet:IMG.qs,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,tt:rjss,et:359,oid:3dec4ff3-a078-11ed-8116-5ef2162634c3,v:19.8.385,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js?bundleId=

683 HTTP transactions
27 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
koraplus.com/
Redirect Chain

http://koraplus.com/
https://koraplus.com/

170 KB
25 KB

1715ms
1586ms

Document
text/html

2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 9762534abd6c963a095bbc47c6d84a2aaa1ea90e9cdf2dbfb4d08c32396134ec

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 7918d741ae4a2ba9-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 30 Jan 2023 08:29:38 GMT
expires: -1
pragma: no-cache
server: cloudflare
x-aspnet-version: 4.0.30319
x-aspnetmvc-version: 5.2
x-powered-by: ASP.NET

Redirect headers

CF-RAY: 7918d740bb4f699b-FRA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Mon, 30 Jan 2023 08:29:36 GMT
Expires: Mon, 30 Jan 2023 09:29:36 GMT
Location: https://koraplus.com/
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding

GET
H2 200 style.css
koraplus.com/Content/ 167 KB
31 KB 33ms
31ms Stylesheet
text/css 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://koraplus.com/Content/style.css?Ver8.1
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: cf6706bce36194d053434dba80d7fed9de26ae877147e30cb28d98c028572ddd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 13:37:08 GMT
server: cloudflare
age: 115
etag: W/"2ccb96f4f82fd91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=14400
cf-ray: 7918d74b9df02ba9-FRA

GET
H2 200 responsive.css
koraplus.com/Content/ 3 KB
1 KB 15ms
13ms Stylesheet
text/css 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://koraplus.com/Content/responsive.css?V1
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 9f98697897845b218e8353fca80f94186b29cc13f6485d2d30ea67df0ffe42df

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 04 Nov 2021 17:42:22 GMT
server: cloudflare
age: 115
etag: W/"b188652a3d1d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=14400
cf-ray: 7918d74b9df22ba9-FRA

GET
H2 200 swiper-bundle.min.css
koraplus.com/Content/ 13 KB
4 KB 32ms
30ms Stylesheet
text/css 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://koraplus.com/Content/swiper-bundle.min.css?V5
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 486d12cebb58a39a977df6cabf3424da27ed7ed71ac6749bbfee29447d2be462

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 22 Sep 2021 11:00:03 GMT
server: cloudflare
age: 115
etag: W/"6efadffa0afd71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=14400
cf-ray: 7918d74b9df32ba9-FRA

GET
H2 200 jQueryUI.css
koraplus.com/Content/ 30 KB
7 KB 27ms
25ms Stylesheet
text/css 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://koraplus.com/Content/jQueryUI.css
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: d8a954a61020a5f26298a414f4ba3e0ef0d25cd98de2012014d5b01776fc5ceb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 22 Sep 2021 11:00:03 GMT
server: cloudflare
age: 115
etag: W/"5f5edffa0afd71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=14400
cf-ray: 7918d74b9df62ba9-FRA

GET
H2 200 font-awesome.min.css
koraplus.com/Content/ 30 KB
7 KB 18ms
17ms Stylesheet
text/css 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://koraplus.com/Content/font-awesome.min.css
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 820e169ce24824066d9973fd4b6561aae9dcd6dbef6435da905d5a1d6482997c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 22 Sep 2021 11:00:03 GMT
server: cloudflare
age: 115
etag: "80bb7dfea0afd71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74b9df82ba9-FRA
content-length: 6995

GET
H2 200 jquery-v3.4.1.min.js Show response
koraplus.com/Scripts/ 86 KB
30 KB 26ms
25ms Script
application/javascript 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://koraplus.com/Scripts/jquery-v3.4.1.min.js
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 22 Sep 2021 11:00:03 GMT
server: cloudflare
age: 115
etag: "80bb7dfea0afd71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74b9e002ba9-FRA
content-length: 30741

GET
H2 200 lightgallery.css
koraplus.com/Content/ 16 KB
3 KB 17ms
16ms Stylesheet
text/css 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://koraplus.com/Content/lightgallery.css
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 6295305ab6f5031fb1e5de69a1b1a9d27cf7516655f89cb73a49913a9a13c136

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 22 Sep 2021 11:07:05 GMT
server: cloudflare
age: 115
etag: W/"3b080faa1afd71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=14400
cf-ray: 7918d74b9dfa2ba9-FRA

GET
H2 200 lg-zoom.css
koraplus.com/Content/ 3 KB
628 B 28ms
26ms Stylesheet
text/css 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://koraplus.com/Content/lg-zoom.css
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: fbb7112651e9e565abeaed6a98122e1d202dc585580ae57d31cee4a93eaa9580

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 22 Sep 2021 11:07:05 GMT
server: cloudflare
age: 115
etag: W/"3b080faa1afd71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=14400
cf-ray: 7918d74b9dfd2ba9-FRA

GET
H2 200 justifiedGallery.css
koraplus.com/Content/ 3 KB
823 B 25ms
24ms Stylesheet
text/css 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://koraplus.com/Content/justifiedGallery.css
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: bfe5641a30aa9f838d2ec8c7a4ce57c85215abf31b9ed5a137455773f3112aa3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 22 Sep 2021 11:07:05 GMT
server: cloudflare
age: 115
etag: W/"e6280faa1afd71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=14400
cf-ray: 7918d74b9dfe2ba9-FRA

GET
H2 200 lg-thumbnail.css
koraplus.com/Content/ 2 KB
700 B 32ms
31ms Stylesheet
text/css 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://koraplus.com/Content/lg-thumbnail.css
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: a534ab0659d0f6304fa9d97c1dc5d0fa7aa3752ea103c56647cdb06487ad7f45

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 22 Sep 2021 11:07:05 GMT
server: cloudflare
age: 115
etag: W/"d8980faa1afd71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=14400
cf-ray: 7918d74b9dff2ba9-FRA

GET
H2 200 koraplusinterstitialpod.js Show response
jscdn.greeter.me/ 1 KB
2 KB 164ms
10ms Script
text/javascript 205.185.216.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL

https://jscdn.greeter.me/koraplusinterstitialpod.js

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

205.185.216.42 , United States, ASN20446 (STACKPATH-CDN, US),

Reverse DNS

map2.hwcdn.net

Software

Resource Hash

29dda5c59fefbcd5195ec3e267c1621c0beed5f12adc44ae3d5feaf95966cec4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-sp-metadata: HS256.CIKc3p4GEoUBCiRhZTU0YTc5Mi0xNjJmLTQ4ZTAtYjcxMS1iZWU2ODI4OTE2MTcQgN+fwe/E+wIaBgjy/92eBiIKODEuOTUuNS40MSi6lQMwAzgEQhZUTFNfQUVTXzEyOF9HQ01fU0hBMjU2WiAzZTliMjA2MTAwOThiNmM5YmZmOTUzODU2ZTU4MDE2YRorCAESJGI3NGQ2MjBkLTI1MGYtNDJkYS1iZDEzLTk2N2MxZjYyNzM4OBjKCSIYCAISFGNkczE2MC5mcjguaHdjZG4ubmV0.zaMG4yhxECdqP8lCWApREkyNvbwY17pR/zlghH2llXs=
last-modified: Tue, 18 Oct 2022 19:25:40 GMT
x-amz-request-id: tx000000000000050eea3b3-0063d77a1c-7fb4ac08-fra1b
etag: "5282582ef69da913989d2f9b5c635f23"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-hw: 1675067378.dop098.fr8.t,1675067378.cds165.fr8.hn,1675067378.cds160.fr8.c
content-type: text/javascript
cache-control: max-age=2106
x-rgw-object-type: Normal
accept-ranges: bytes
content-length: 1226

GET
H2 200 dynamicpod.js Show response
jscdn.greeter.me/ 8 KB
8 KB 166ms
12ms Script
text/javascript 205.185.216.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL

https://jscdn.greeter.me/dynamicpod.js

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

205.185.216.42 , United States, ASN20446 (STACKPATH-CDN, US),

Reverse DNS

map2.hwcdn.net

Software

Resource Hash

d9515e643b0c7f3716d74f10b4fbcfd7d46a063c07a1fb7e9eb1ab80e42bb370

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-sp-metadata: HS256.CIKc3p4GEoUBCiQ0NGVmOTMyMS00OTQ4LTRiZTAtYjRjMi1lNDc1YTRlMGQ3ZjYQgN+fwe/E+wIaBgjy/92eBiIKODEuOTUuNS40MSi6lQMwAzgEQhZUTFNfQUVTXzEyOF9HQ01fU0hBMjU2WiAzZTliMjA2MTAwOThiNmM5YmZmOTUzODU2ZTU4MDE2YRorCAESJDFkYTdjMTgzLTI1OGYtNDZkNy1hMjY1LWFhMWU2NzMwYTg3ZhjPPSIYCAISFGNkczMzOS5mcjguaHdjZG4ubmV0.YpZc9VLRbBLVszNoAA47ihicW4fh4qi5ht2k5HLO1zc=
last-modified: Thu, 18 Nov 2021 10:17:37 GMT
x-amz-request-id: tx0000000000000518f59a5-0063d778e0-7f332139-fra1b
etag: "35f477159dc83e9fb34f9695f88a3c4a"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-hw: 1675067378.dop098.fr8.t,1675067378.cds165.fr8.hn,1675067378.cds339.fr8.c
content-type: text/javascript
cache-control: max-age=1790
x-rgw-object-type: Normal
accept-ranges: bytes
content-length: 7887

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 110 KB
43 KB 80ms
22ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-210964759-1

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5ad815788081a7b54b50ab09b8afe49c154f2976fc26db9c647987ec6d176c00

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44091
x-xss-protection: 0
last-modified: Mon, 30 Jan 2023 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 30 Jan 2023 08:29:38 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
27 KB 138ms
79ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ab2ad59f6a0d23aad6ef765f8f0c7888b8ae29c4ef00f2e7bd5f6e995590495c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27594
x-xss-protection: 0
server: sffe
etag: "1467 / 473 of 1000 / last-modified: 1674860937"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 30 Jan 2023 08:29:38 GMT

GET
H2 200 koraplus.com.js Show response
pahtfi.tech/c/ 12 KB
3 KB 71ms
14ms Script
application/javascript 2606:4700:3030::6815:d88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pahtfi.tech/c/koraplus.com.js
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:d88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b248862812e0c1e74de9065718956e41485a8bf2d6315e2e52e8caa0f926f4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 1TR9EW9FGT8R4DXW
age: 5350
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: K+JwA3lLkzUvabTQ2Rk4b8GFeCWw1u78h2pvhbSVaDCVBtagOWWwQAYfaFbgypBTmQpuhCVHCEg=
last-modified: Thu, 22 Dec 2022 09:57:58 GMT
server: cloudflare
etag: W/"ab25e808fae6c747140524fe291c6d6f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9OPANzln6%2BanabN2FMvtFh0mCm7SdCx%2FRAzWdn%2BTqQSkKmWPt99NAMg%2FS7UCH%2FCw1mSGvCwtNWwTbk2FuxItvHYpxrazStZG%2FeIB9W9BDyctGbs4B8HuyVDfQVd2ordc92iaGq0HGFO1YA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7918d74c58789024-FRA

GET
H2 200 mainlogo.png
koraplus.com/images/ 6 KB
6 KB 110ms
82ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/mainlogo.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 60d6f54a66ebe87375c7adc0572eb4901ec94da3fda9c178d6a45237642db272

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Tue, 05 Oct 2021 11:00:27 GMT
server: cloudflare
age: 3204
etag: "80972a34d8b9d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c2ede2ba9-FRA
content-length: 5689

GET
H2 200 WLiveStreamMobile.png
koraplus.com/images/ 1 KB
1 KB 119ms
91ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/WLiveStreamMobile.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 6e4f4b756ed81fbbc582b7ec80e143ac8387b8f26084993f3a66faa9ecf50fbe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Thu, 28 Oct 2021 16:46:38 GMT
server: cloudflare
etag: "1bc379601bccd71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c2edf2ba9-FRA
content-length: 1239

GET
H2 200 avatar.jpg
koraplus.com/images/ 30 KB
30 KB 118ms
90ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/avatar.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 8881c1dcb43b1df341f951f421dadca3eefa0c964283e59f3d3927e85f3a6ed8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
cf-bgj: h2pri
last-modified: Wed, 20 Oct 2021 14:06:45 GMT
server: cloudflare
age: 3204
etag: "11979b7bbc5d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c2ee02ba9-FRA
content-length: 30817

GET
H2 200 tiktoklogo.png
koraplus.com/images/ 3 KB
4 KB 119ms
91ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/tiktoklogo.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 9c2fcb7d287acd55ced19b71605de51bb39908a81fdc28df3e87da3d43e54ccc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Thu, 07 Oct 2021 21:14:02 GMT
server: cloudflare
etag: "3d14f440c0bbd71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c2eee2ba9-FRA
content-length: 3501

GET
H2 200 172_.png
media.koraplus.com/Kora/Teams/Large/ 7 KB
7 KB 152ms
115ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/172_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: d2c5746f31b0ed678e1e18b889124cb49ce185c8d16b06c783279243916500ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 29 Jan 2023 10:16:11 GMT
server: cloudflare
etag: "ff5f46b6ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c8fcd2ba9-FRA
content-length: 7302

GET
H2 200 191_.png
media.koraplus.com/Kora/Teams/Large/ 8 KB
8 KB 144ms
106ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/191_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: fce6aeeea26df65e2a93d50152c39dc68397f7d58f3daa3cfdf70ef0fd2c2143

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 29 Jan 2023 10:16:17 GMT
server: cloudflare
etag: "caced2b9ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c8fcf2ba9-FRA
content-length: 8194

GET
H2 200 220_.png
media.koraplus.com/Kora/Teams/Large/ 7 KB
7 KB 130ms
93ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/220_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 9f70a0ad90fd3a1b077772550ea7977209cf59333f63aff8c63d631f406935f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:12:05 GMT
server: cloudflare
age: 3786
etag: "42109223ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c8fcb2ba9-FRA
content-length: 7286

GET
H2 200 214_.png
media.koraplus.com/Kora/Teams/Large/ 10 KB
10 KB 60ms
60ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/214_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 77e009ea468cd4811912a2e00f689d51d480e9ea53cbac44b711243f80e2d4bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:12:03 GMT
server: cloudflare
age: 3786
etag: "95d85422ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c8fd82ba9-FRA
content-length: 10295

GET
H2 200 344_.png
media.koraplus.com/Kora/Teams/Large/ 9 KB
9 KB 73ms
73ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/344_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: be0ec6c456c77b656bb531e87ccfba8a430b636afa06f2fdbe29a56e2cac78c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 29 Jan 2023 10:14:31 GMT
server: cloudflare
etag: "11b4467aca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c9ffe2ba9-FRA
content-length: 9235

GET
H2 200 88_.png
media.koraplus.com/Kora/Teams/Large/ 10 KB
10 KB 34ms
30ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/88_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: b751d0ca54cb457ba9e4919aac3f4ae3fa9c44a6a0dc2f9bb3af3871623b27c7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 29 Jan 2023 10:14:25 GMT
server: cloudflare
etag: "a9d1a676ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74cf8bf2ba9-FRA
content-length: 10091

GET
H2 200 JuventusFC_177_.png
media.koraplus.com/Kora/Teams/Large/ 1 KB
1 KB 24ms
21ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/JuventusFC_177_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: d4c7d5a262d2eef57d137491a91c663c9465f84cda0893639fef8b33bb71ad59

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 29 Jan 2023 10:16:13 GMT
server: cloudflare
etag: "9aa72db7ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74cf8c22ba9-FRA
content-length: 1269

GET
H2 200 A.C.Monza_5592_.png
media.koraplus.com/Kora/Teams/Large/ 8 KB
8 KB 27ms
25ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/A.C.Monza_5592_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 80ed952c4c5c2eb27b629006236caa7b3cc094085418a2e8b6ffa29e0c16817c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 29 Jan 2023 10:16:24 GMT
server: cloudflare
etag: "773c9dbdca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74cf8c62ba9-FRA
content-length: 8501

GET
H2 200 Fenerbahce_519_.png
media.koraplus.com/Kora/Teams/Large/ 11 KB
11 KB 23ms
21ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/Fenerbahce_519_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 4487453e5ea693c7a69c28a8385800d781166820d57037088b1dc6abb30a24e8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 29 Jan 2023 10:16:47 GMT
server: cloudflare
etag: "cd374ecbca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74cf8c92ba9-FRA
content-length: 11601

GET
H2 200 Kasimpasa_516_.png
media.koraplus.com/Kora/Teams/Large/ 9 KB
9 KB 26ms
26ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/Kasimpasa_516_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 07e9823eec0da5f25ebb690abd4d558660213b6c739897434632bc924e449226

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 29 Jan 2023 10:16:46 GMT
server: cloudflare
etag: "bbecc3caca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d08dc2ba9-FRA
content-length: 8780

GET
H2 200 IttihadJeddah_57_.png
media.koraplus.com/Kora/Teams/Large/ 7 KB
7 KB 16ms
15ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/IttihadJeddah_57_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 0ad70b4f549e9e5b3b5c58cd4c481cd254b0d07ad0642d74e1493dd297d38e7f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:12:34 GMT
server: cloudflare
age: 3781
etag: "d0e28f34ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d08df2ba9-FRA
content-length: 7388

GET
H2 200 Al-feiha_410_.png
media.koraplus.com/Kora/Teams/Large/ 13 KB
13 KB 15ms
12ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/Al-feiha_410_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 3791f33e7f348e405e3aefb2debddb2cfb30a6030fc86374086db7b589efd426

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:12:39 GMT
server: cloudflare
age: 3781
etag: "62f1db37ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d290c2ba9-FRA
content-length: 13221

GET
H2 200 PyramidsFC_219_.png
media.koraplus.com/Kora/Teams/Large/ 13 KB
13 KB 15ms
15ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/PyramidsFC_219_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 3ffc9d5e2655d95a1935bf1f67601e31be98fd53ffb286358738a186da1d98f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:12:05 GMT
server: cloudflare
age: 3781
etag: "6de45f23ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d290f2ba9-FRA
content-length: 12911

GET
H2 200 CleopatraFC_3451_.png
media.koraplus.com/Kora/Teams/Large/ 11 KB
11 KB 24ms
23ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/CleopatraFC_3451_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: a5ba2b447b32ab4dfa0a2a99e3859496bc3dd167a033f7c3b708ece4a7c4de62

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 29 Jan 2023 10:12:21 GMT
server: cloudflare
etag: "b264382dca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d29102ba9-FRA
content-length: 11173

GET
H2 200 208_.png
media.koraplus.com/Kora/Teams/Large/ 8 KB
8 KB 15ms
15ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/208_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 5157e3025c8ce5bd65f8509719272419a7ddad9e98ccb3327a02afb7fe2e663a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:12:01 GMT
server: cloudflare
age: 3781
etag: "aa7f1c21ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d291a2ba9-FRA
content-length: 7999

GET
H2 200 FutureFC_3556_.png
media.koraplus.com/Kora/Teams/Large/ 11 KB
11 KB 15ms
14ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/FutureFC_3556_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 46b4ccca2e11cbadd1cb5345e60ed28047fcced05a700df874106cfd2bbfa48c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:12:23 GMT
server: cloudflare
age: 3781
etag: "59c0132eca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d39272ba9-FRA
content-length: 11014

GET
H2 200 166_.png
media.koraplus.com/Kora/Teams/Large/ 11 KB
11 KB 25ms
25ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/166_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 28624ba5910df2040b8121bfd7b79951064820a60128fb12a225951d1cdbfb4b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 29 Jan 2023 10:13:33 GMT
server: cloudflare
etag: "da3358ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d39292ba9-FRA
content-length: 11281

GET
H2 200 163_.png
media.koraplus.com/Kora/Teams/Large/ 8 KB
8 KB 15ms
15ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/163_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 74386de796cc277257914a7ec958687c7e3b2175c0c4ebb910d61ddf4e99bc35

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:13:32 GMT
server: cloudflare
age: 634
etag: "661e5f57ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d39302ba9-FRA
content-length: 8300

GET
H2 200 167_.png
media.koraplus.com/Kora/Teams/Large/ 8 KB
8 KB 13ms
13ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/167_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: a911b617fa9c17296261746f2254a9e61b8b9cee6444e82025e58b4d819a03d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:13:33 GMT
server: cloudflare
age: 3781
etag: "1a8e2e58ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d39352ba9-FRA
content-length: 8269

GET
H2 200 171_.png
media.koraplus.com/Kora/Teams/Large/ 15 KB
15 KB 16ms
16ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/171_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 2eb794bc2c745207722a7484ae4c223e889f4343328cc11e10b3f6940d72dd7d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:13:35 GMT
server: cloudflare
age: 3781
etag: "c39bfb58ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d493d2ba9-FRA
content-length: 15698

GET
H2 200 64_.png
media.koraplus.com/Kora/Teams/Large/ 11 KB
11 KB 21ms
19ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/64_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 99a7c62b9ba19d6f3cfa729f396c27593659542702682b73ba87eff5d69a8755

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 29 Jan 2023 10:13:03 GMT
server: cloudflare
etag: "29394946ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d49472ba9-FRA
content-length: 11419

GET
H2 200 65_.png
media.koraplus.com/Kora/Teams/Large/ 11 KB
11 KB 24ms
24ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/65_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 4bd7fb6600ae5147ea791303676ccd945702cebe59f274241ecbeff95d423131

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 29 Jan 2023 10:13:04 GMT
server: cloudflare
etag: "91247446ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d494c2ba9-FRA
content-length: 10893

GET
H2 200 184_.png
media.koraplus.com/Kora/Teams/Large/ 8 KB
8 KB 30ms
30ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/184_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 989bb47057732be8eafd61e6bde7f3e8481068a1e396e75da443ed9be6cfc168

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 29 Jan 2023 10:16:15 GMT
server: cloudflare
etag: "7f4580b8ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d59552ba9-FRA
content-length: 7981

GET
H2 200 180_.png
media.koraplus.com/Kora/Teams/Large/ 8 KB
8 KB 28ms
28ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/180_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 9c72e71ef67572cb63d1fc8761a55e6cdafbfda9f1201c9aeb731dd68305438a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 29 Jan 2023 10:16:14 GMT
server: cloudflare
etag: "7b19bfb7ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d59602ba9-FRA
content-length: 8362

GET
H2 200 136_.png
media.koraplus.com/Kora/Teams/Large/ 9 KB
9 KB 16ms
16ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/136_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: b8e58bb0b524378bbff142e22b536b5a9e5ee57a547256a99ebfa0f5e7973b1a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:15:13 GMT
server: cloudflare
age: 1540
etag: "4364b993ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d59612ba9-FRA
content-length: 9167

GET
H2 200 144_.png
media.koraplus.com/Kora/Teams/Large/ 10 KB
10 KB 23ms
23ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/144_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 68bbfd292da6691b26f765303ada45545f16aa21f8a9e02e239fb5e57ffe6c13

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 29 Jan 2023 10:15:16 GMT
server: cloudflare
etag: "626d2195ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d596b2ba9-FRA
content-length: 10556

GET
H2 200 NationalBank_1102_.png
media.koraplus.com/Kora/Teams/Large/ 14 KB
14 KB 14ms
14ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/NationalBank_1102_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: ef1e231a2cac85a1ffb883a341f354b8a18f3ab3827c085bca5a2c0fdaa8806e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:12:17 GMT
server: cloudflare
age: 5630
etag: "ca174e2aca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d69822ba9-FRA
content-length: 13922

GET
H2 200 GhazlElMahallah_708_.png
media.koraplus.com/Kora/Teams/Large/ 14 KB
14 KB 13ms
13ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/GhazlElMahallah_708_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 23b9c55ffea7b8f3594b2798e0225c5647d10f4e61dbfc535ce9e443e3d73f62

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:12:11 GMT
server: cloudflare
age: 5630
etag: "f580d926ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d798a2ba9-FRA
content-length: 13885

GET
H2 200 182_.png
media.koraplus.com/Kora/Teams/Large/ 11 KB
11 KB 14ms
14ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/182_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: dd14601ef05de262b86de19d4bb3d757350cd85ed018c83c8497981ca11a1f93

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:16:14 GMT
server: cloudflare
age: 3784
etag: "8bdb20b8ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d798c2ba9-FRA
content-length: 11414

GET
H2 200 186_.png
media.koraplus.com/Kora/Teams/Large/ 9 KB
9 KB 17ms
16ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/186_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: aa15ae8f47666c19f907572c8135b11a02dc34f1d3ce736b7cc6fd012a99263c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:16:16 GMT
server: cloudflare
age: 3784
etag: "7738ddb8ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d899f2ba9-FRA
content-length: 9538

GET
H2 200 148_.png
media.koraplus.com/Kora/Teams/Large/ 9 KB
9 KB 14ms
13ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/148_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: f7fb6ab699c85d3b65abcb1c06ebdf8106fc712d4b75761280241118b0b0bd17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:15:17 GMT
server: cloudflare
age: 3784
etag: "875d995ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d89a32ba9-FRA
content-length: 8867

GET
H2 200 145_.png
media.koraplus.com/Kora/Teams/Large/ 9 KB
9 KB 14ms
13ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/145_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 4bc5527fcf437e2e50de6244f2c4580ab4dbc5139b7db06bdc1bf0877adc716f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:15:16 GMT
server: cloudflare
age: 3784
etag: "10584c95ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d89a52ba9-FRA
content-length: 8940

GET
H2 200 VitoriaGuimaraes_498_.png
media.koraplus.com/Kora/Teams/Large/ 8 KB
8 KB 14ms
14ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/VitoriaGuimaraes_498_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 09324606f719f99067566ff005ef0623b1442b99de9863b671565a02d7e428e0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:15:52 GMT
server: cloudflare
age: 3784
etag: "2a18e7aaca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d89a82ba9-FRA
content-length: 8398

GET
H2 200 Chaves_910_.png
media.koraplus.com/Kora/Teams/Large/ 12 KB
12 KB 14ms
14ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/Chaves_910_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: d58ce2267eaea07a8ef57e3d67f788889f547cd7f0f69a85c08e50e6be8d4cc5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:15:58 GMT
server: cloudflare
age: 5630
etag: "2ab11daeca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d89b42ba9-FRA
content-length: 12187

GET
H2 200 112_.png
media.koraplus.com/Kora/Teams/Large/ 9 KB
9 KB 16ms
15ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/112_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 66b51eab2951a9cdf008f3c19150c3014e0b2e1fdea478e382812d15db1fc474

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:12:43 GMT
server: cloudflare
age: 3784
etag: "7053f939ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d89b62ba9-FRA
content-length: 8877

GET
H2 200 AlDuhailSC_1085_.png
media.koraplus.com/Kora/Teams/Large/ 8 KB
8 KB 14ms
13ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/AlDuhailSC_1085_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 4baeca9f8f1db2cec8008fe066fe6a5a6596279afbb8bcb34073893c9f925309

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:12:45 GMT
server: cloudflare
age: 5630
etag: "8d6c3bca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d99d92ba9-FRA
content-length: 7907

GET
H2 200 113_.png
media.koraplus.com/Kora/Teams/Large/ 9 KB
9 KB 19ms
18ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/113_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: bf88a5a2d322ea15ece8931b9fc3c81b7d751cb8301bb1b7ec0831de1338e648

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:12:43 GMT
server: cloudflare
age: 5630
etag: "84a0263aca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d99dd2ba9-FRA
content-length: 9395

GET
H2 200 AlRayyan_616_.png
media.koraplus.com/Kora/Teams/Large/ 11 KB
11 KB 14ms
14ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/AlRayyan_616_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 6b5fa0a317a106f1989b011c28a334fa544940efc848d72912d2007c1b3222d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:12:40 GMT
server: cloudflare
age: 1540
etag: "bb3b6638ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d99e02ba9-FRA
content-length: 10976

GET
H2 200 114_.png
media.koraplus.com/Kora/Teams/Large/ 10 KB
10 KB 14ms
14ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/114_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 50f60888a2c8fae203727d66e4f40957015100f46fcb0c22e7346ba2f517f895

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:12:43 GMT
server: cloudflare
age: 1540
etag: "908b513aca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d99e22ba9-FRA
content-length: 9880

GET
H2 200 107_.png
media.koraplus.com/Kora/Teams/Large/ 10 KB
10 KB 13ms
13ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/107_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 62fc63c1926399ef54ee3db4ab817db33ff9a9cc298e30658b08c7958e392f81

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:12:41 GMT
server: cloudflare
age: 5630
etag: "19b1239ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74da9e32ba9-FRA
content-length: 10297

GET
H2 200 343_.png
media.koraplus.com/Kora/Teams/Large/ 6 KB
6 KB 20ms
20ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/343_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: c5df51e0b283e2ca9c6bfdd458a2b9848748843bdf94c4b4a66d9e8b14ec48e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 10:14:30 GMT
server: cloudflare
etag: "6c91b7aca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74da9e62ba9-FRA
content-length: 5847

GET
H2 200 WestHamUnited_96_.png
media.koraplus.com/Kora/Teams/Large/ 8 KB
9 KB 14ms
13ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/WestHamUnited_96_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 484a86dad80c638b0d998d03003d39573ac5bd716145245c17894a69d2073548

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:14:27 GMT
server: cloudflare
age: 633
etag: "10621678ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74db9f72ba9-FRA
content-length: 8694

GET
H2 200 CABizertin_1080_.png
media.koraplus.com/Kora/Teams/Large/ 10 KB
10 KB 21ms
21ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/CABizertin_1080_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 97a09a2ef08cf6f7a8e3ce982c8747321d4db26cf3d3854772d2c2443215ec9b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 10:17:00 GMT
server: cloudflare
etag: "e98455d3ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74db9fa2ba9-FRA
content-length: 10235

GET
H2 200 434_.png
media.koraplus.com/Kora/Teams/Large/ 7 KB
7 KB 24ms
24ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/434_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 92263d0f770102081b68c681400d9924f854f81c19df3f2caa03935202fa829c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 10:16:58 GMT
server: cloudflare
etag: "ab3f11d2ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74db9fd2ba9-FRA
content-length: 7480

GET
H2 200 CSChebba_2325_.png
media.koraplus.com/Kora/Teams/Large/ 10 KB
10 KB 19ms
19ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/CSChebba_2325_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: eb6f97a395ad4471c1b3f5a3059404e91cbce9e4c464f99492fb94543ca6dbdb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:17:03 GMT
server: cloudflare
age: 633
etag: "7cd9f4d4ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74db9fe2ba9-FRA
content-length: 10009

GET
H2 200 StadeTunisien_1083_.png
media.koraplus.com/Kora/Teams/Large/ 9 KB
9 KB 38ms
38ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/StadeTunisien_1083_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: c9ae79b34c4bff8b3a8fa8ebbf08c75c53e7611601b0e49531f2d5e023be7c44

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 10:17:01 GMT
server: cloudflare
etag: "3d76f5d3ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74dba042ba9-FRA
content-length: 9581

GET
H2 200 USTataouine_2214_.png
media.koraplus.com/Kora/Teams/Large/ 10 KB
10 KB 119ms
118ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/USTataouine_2214_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 92583fc8f4db98e31bed1a6a083bc7e22659c44b202c8cb50b06190af6673519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 10:17:02 GMT
server: cloudflare
etag: "6b7433d4ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74dca132ba9-FRA
content-length: 10356

GET
H2 200 Hammam-Sousse_3552_.png
media.koraplus.com/Kora/Teams/Large/ 11 KB
11 KB 18ms
18ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/Hammam-Sousse_3552_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: eca7464a94a258693d4dec59d01c8472577d265ad230e889d985cae3f3762636

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:17:04 GMT
server: cloudflare
age: 3781
etag: "b970cbd5ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74dca1a2ba9-FRA
content-length: 10882

GET
H2 200 EtoileduSahel_467_.png
media.koraplus.com/Kora/Teams/Large/ 10 KB
10 KB 13ms
13ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/EtoileduSahel_467_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: a50f4fc208a1bd79225b231e7cef6298bb55efe887305b9b523807b7aba9434f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:16:58 GMT
server: cloudflare
age: 633
etag: "caa7d5d1ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74dda2a2ba9-FRA
content-length: 10351

GET
H2 200 431_.png
media.koraplus.com/Kora/Teams/Large/ 9 KB
9 KB 14ms
14ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/431_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 298891dfee21768fc164f88ef1c5ff66829c14e5c6dcbe341beadc32d6dfeb17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:16:57 GMT
server: cloudflare
age: 3781
etag: "394476d1ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74dda2b2ba9-FRA
content-length: 9572

GET
H2 200 ESMetlaoui_1082_.png
media.koraplus.com/Kora/Teams/Large/ 9 KB
9 KB 38ms
37ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/ESMetlaoui_1082_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: d4c894096f098f182fce5e90521e0fdcb2cc9bd0d45739b7c03c69dd7a00e9a0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 10:17:01 GMT
server: cloudflare
etag: "cd28c8d3ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74dea422ba9-FRA
content-length: 8897

GET
H2 200 ASRejiche_3456_.png
media.koraplus.com/Kora/Teams/Large/ 10 KB
10 KB 27ms
26ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/ASRejiche_3456_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 406fc0b21c034cdcde14c7f1597a6240292a3293d8971391d70fb9f1b62ff620

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 10:17:04 GMT
server: cloudflare
etag: "b085a0d5ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74dea472ba9-FRA
content-length: 10380

GET
H2 200 USMonastir_1076_.png
media.koraplus.com/Kora/Teams/Large/ 12 KB
12 KB 41ms
40ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/USMonastir_1076_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 75301440d78f5146f9670713bb5f3686f549d7260717e5b2874a66026fad04a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 10:16:59 GMT
server: cloudflare
etag: "73c8dd2ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74dea4d2ba9-FRA
content-length: 12661

GET
H2 200 ASSlimane_2324_.png
media.koraplus.com/Kora/Teams/Large/ 6 KB
6 KB 14ms
14ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/ASSlimane_2324_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 6efd980b83731f2512ae8f800cc58a98c96c186f19e4296cb18315867df5da67

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:17:03 GMT
server: cloudflare
age: 633
etag: "c8cc7d4ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74dfa4e2ba9-FRA
content-length: 6459

GET
H2 200 ClubAfricain_466_.png
media.koraplus.com/Kora/Teams/Large/ 8 KB
8 KB 21ms
20ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/ClubAfricain_466_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: a4a8cecd4878422212cf319ec2cceb9a7ffacd30f31ea5409c8c4575cd8a312b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 10:16:57 GMT
server: cloudflare
etag: "d056a8d1ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74dfa5e2ba9-FRA
content-length: 7778

GET
H2 200 OlympiqueSidiBouzid_3454_.png
media.koraplus.com/Kora/Teams/Large/ 12 KB
12 KB 43ms
43ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/OlympiqueSidiBouzid_3454_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: ebaa515186f2f149e9a134e99c3442066a03e6526a5962ad9b252fb5fc0975bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 10:17:03 GMT
server: cloudflare
etag: "f3a35d5ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74e0a702ba9-FRA
content-length: 12656

GET
H2 200 OlympiqueBeja_3455_.png
media.koraplus.com/Kora/Teams/Large/ 9 KB
9 KB 31ms
31ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/OlympiqueBeja_3455_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 07889a5dbbd0dc8b0de9f6664dbdf144c9cf681c2e550ff4ce1406352aab05a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:17:04 GMT
server: cloudflare
age: 633
etag: "7f8762d5ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74e1a812ba9-FRA
content-length: 9564

GET
H2 200 USBenGuerdane_1077_.png
media.koraplus.com/Kora/Teams/Large/ 9 KB
10 KB 29ms
29ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/USBenGuerdane_1077_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 425b905bbc27bb26ccaf48e98934438370dad2305b8f626de4ebbd3d08e55740

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 10:16:59 GMT
server: cloudflare
etag: "414ebfd2ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74e1a8c2ba9-FRA
content-length: 9704

GET
H2 200 Alanyaspor_1066_.png
media.koraplus.com/Kora/Teams/Large/ 11 KB
11 KB 27ms
26ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/Alanyaspor_1066_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: d4927e7d34aa6b11318cb5d9ac80f4ec1f933131556edd466f63d946d9c31069

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 10:16:40 GMT
server: cloudflare
etag: "8b741c7ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74e1a8e2ba9-FRA
content-length: 11653

GET
H2 200 Sivasspor_512_.png
media.koraplus.com/Kora/Teams/Large/ 6 KB
7 KB 27ms
27ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/Sivasspor_512_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: efcb6bc00136c60da14d59b3eeda421a00abd4ff6ea2077d75feafcfc060dcae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 10:16:45 GMT
server: cloudflare
etag: "be671fcaca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74e3aac2ba9-FRA
content-length: 6560

GET
H2 200 Karagumruk_3442_.png
media.koraplus.com/Kora/Teams/Large/ 15 KB
15 KB 45ms
45ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/Karagumruk_3442_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: f9ac5aa6cd3285ace792529bbd525469c1f9932feb2f5ad29bfea3d733a1bc1c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 10:16:39 GMT
server: cloudflare
etag: "735ab4c6ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74e5adb2ba9-FRA
content-length: 15594

GET
H2 200 358_.png
media.koraplus.com/Kora/Teams/Large/ 6 KB
6 KB 30ms
30ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/358_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: d5d1543bd4168971599a3182c4df6f43ab78d80be3743ee02251def5de7eb948

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 10:16:47 GMT
server: cloudflare
etag: "64a80cbca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74e5ade2ba9-FRA
content-length: 6201

GET
H2 200 134_.png
media.koraplus.com/Kora/Teams/Large/ 6 KB
6 KB 29ms
29ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/134_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 6f90329882763ff4af8c8f6114bfb54b8f613d857340498819aeff41bea9db24

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 10:14:52 GMT
server: cloudflare
etag: "d58de486ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74e5adf2ba9-FRA
content-length: 5960

GET
H2 200 126_.png
media.koraplus.com/Kora/Teams/Large/ 7 KB
7 KB 17ms
17ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/126_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 7919ce47b95b64307c3053fb364120d83f76258e318f606e9d21a9979d620df5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:14:49 GMT
server: cloudflare
age: 453
etag: "d0987085ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74e5ae02ba9-FRA
content-length: 7363

GET
H2 200 PacosDeFerreira_494_.png
media.koraplus.com/Kora/Teams/Large/ 8 KB
8 KB 21ms
21ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/PacosDeFerreira_494_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: cc689d14723b0e67544df62db9f3f1bad8bdbe21fd52f8cfe9de56c033588eb3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 10:15:51 GMT
server: cloudflare
etag: "a97f2faaca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74e5aea2ba9-FRA
content-length: 7904

GET
H2 200 GilVicenteF.C_2317_.png
media.koraplus.com/Kora/Teams/Large/ 9 KB
9 KB 28ms
27ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/GilVicenteF.C_2317_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: fe69a49fad971fa67de800b945e0f5898a4326cd3646b5aeaba0662d6e86350d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 10:15:56 GMT
server: cloudflare
etag: "66b96adca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74e6afc2ba9-FRA
content-length: 9049

GET
H2 200 FCUNIONBERLIN_917_.png
media.koraplus.com/Kora/Teams/Large/ 4 KB
5 KB 17ms
17ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/FCUNIONBERLIN_917_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 3301fbb56f128177eeb42f226d0415d0b06260e8325c7b25786ffc15c5bd8fff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:14:54 GMT
server: cloudflare
age: 453
etag: "4de2488ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74e7b152ba9-FRA
content-length: 4602

GET
H2 200 127_.png
media.koraplus.com/Kora/Teams/Large/ 7 KB
7 KB 15ms
15ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/127_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: faf2c3fd638b5eed592c7bdc2108f34ac1416cd14207736e5c213dbf7cc5b5ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:14:50 GMT
server: cloudflare
age: 453
etag: "a248a085ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74e7b192ba9-FRA
content-length: 6838

GET
H2 200 Internazionale_176_.png
media.koraplus.com/Kora/Teams/Large/ 6 KB
7 KB 19ms
19ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/Internazionale_176_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 828392cd2a6e1b35bdb02cbe1e5591b5d8c799caf26342a2e1da42cd8f8d571c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:16:13 GMT
server: cloudflare
age: 453
etag: "b9e39b7ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74e8b222ba9-FRA
content-length: 6590

GET
H2 200 173_.png
media.koraplus.com/Kora/Teams/Large/ 8 KB
8 KB 33ms
33ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/173_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: e777c8f93b54f59ff59df5656680494a2b46c4545a082ddf6d6363ba06bc1b89

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 10:16:12 GMT
server: cloudflare
etag: "9bd47ab6ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74e8b282ba9-FRA
content-length: 7889

GET
H2 200 91_.png
media.koraplus.com/Kora/Teams/Large/ 12 KB
12 KB 13ms
12ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/91_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 5d1ed9066f61ede258db789a11321ba2573348dbc439f1b5c5b3bab073f70ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:14:26 GMT
server: cloudflare
age: 453
etag: "7b7c3177ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74e9b3a2ba9-FRA
content-length: 11904

GET
H2 200 92_.png
media.koraplus.com/Kora/Teams/Large/ 9 KB
9 KB 14ms
13ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/92_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 2841b577ed6f38c961a063487707f01d8ec27ca40a29b599ddbcee760c134189

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 10:14:26 GMT
server: cloudflare
age: 453
etag: "89675c77ca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74e9b3d2ba9-FRA
content-length: 9613

GET
H2 200 Arouca_504_.png
media.koraplus.com/Kora/Teams/Large/ 11 KB
12 KB 21ms
20ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/Arouca_504_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: e1698c2b89cd839a02ef0ba003660e30c8165d8b7b59cd5f3a08d08e30ca61f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 10:15:54 GMT
server: cloudflare
etag: "7686f4abca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74e9b3e2ba9-FRA
content-length: 11753

GET
H2 200 197_.png
media.koraplus.com/Kora/Teams/Large/ 11 KB
11 KB 21ms
21ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Teams/Large/197_.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 2f1e3dcfd96b1264622005639181b60e3f236ab395619b90ee28cd6146bfae5a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 10:15:55 GMT
server: cloudflare
etag: "5f9745acca33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74e9b402ba9-FRA
content-length: 10788

GET
H2 200 breaking-news-ticker.css
koraplus.com/Content/ 6 KB
1 KB 14ms
13ms Stylesheet
text/css 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://koraplus.com/Content/breaking-news-ticker.css
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 948198a9265c42c52bba934a850c9adb30ce915097b3928d189e73154b4e1874

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 14 Mar 2022 10:30:57 GMT
server: cloudflare
age: 115
etag: W/"ead562978e37d81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=14400
cf-ray: 7918d74bde572ba9-FRA

GET
H2 200 28661-%D8%A8%D9%86%D8%B1%D8%B1.png
media.koraplus.com/Blocks/ 28 KB
28 KB 84ms
84ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Blocks/28661-%D8%A8%D9%86%D8%B1%D8%B1.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: b4c11d6d3acb49caef88943624f63122c237b73b12235f42a9d336b5b6b6e6a9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Sat, 28 Jan 2023 20:49:36 GMT
server: cloudflare
etag: "9a9a9d85a33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c8fd52ba9-FRA
content-length: 28661

GET
H2 200 1643367570695202301240559485948.jpg
koraplus.com/images/2023/1/large/ 91 KB
92 KB 101ms
81ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large/1643367570695202301240559485948.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: f17e5b1aca30d6d338bba03a4afbea01c33abebe9619a0510a37e80c6e8393f4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
cf-bgj: h2pri
last-modified: Tue, 24 Jan 2023 15:59:49 GMT
server: cloudflare
age: 930
etag: "dae248e3c30d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c2ef02ba9-FRA
content-length: 93679

GET
H2 200 1649546565324202211170459315931.jpg
koraplus.com/images/2022/11/large/ 45 KB
45 KB 121ms
101ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/11/large/1649546565324202211170459315931.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: e83b21f64feea987080053a9cfbb4fb6bcff3210130f1884ba210269c6a68770

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Thu, 17 Nov 2022 14:59:32 GMT
server: cloudflare
etag: "23352b3395fad81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c2ef12ba9-FRA
content-length: 45798

GET
H2 200 16571779146349202301300118251825.jpg
koraplus.com/images/2023/1/large/ 24 KB
24 KB 103ms
83ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large/16571779146349202301300118251825.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 224fc71f229ce6d5aee3974575b2c81cab7dea7f3d087ac2f317aee094986785

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 23:18:25 GMT
server: cloudflare
age: 2522
etag: "0e01efd3734d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c2ef32ba9-FRA
content-length: 24107

GET
H2 200 16451670867588202301301219341934.jpg
koraplus.com/images/2023/1/large/ 41 KB
41 KB 117ms
98ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large/16451670867588202301301219341934.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 0fc14ea65234e0cea602ed9203b09217c52a6fe46102c1c9aeb2ddcb953d5f24

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 22:19:34 GMT
server: cloudflare
etag: "c27f7fc42f34d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c2ef52ba9-FRA
content-length: 42221

GET
H2 200 164785624411020220912065200520.jpg
koraplus.com/images/2022/9/large/ 30 KB
31 KB 85ms
66ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/9/large/164785624411020220912065200520.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: c32f037023186944ac51e43cf9a97f85eff4ad787658b494bd75ca365ede06e6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Mon, 12 Sep 2022 16:52:00 GMT
server: cloudflare
etag: "3e9110fac7c6d81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3efe2ba9-FRA
content-length: 31086

GET
H2 200 16571779146349202301301231593159.jpg
koraplus.com/images/2023/1/large/ 32 KB
32 KB 86ms
67ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large/16571779146349202301301231593159.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 50bd38d30cc1a9c90ad3dbe21171ee37c8c21992e9e2d54c0583b6fa360bddc8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 22:31:59 GMT
server: cloudflare
etag: "effa3e803134d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f002ba9-FRA
content-length: 33067

GET
H2 200 161871139862220211119095900590.jpg
koraplus.com/images/2021/11/large/ 34 KB
35 KB 87ms
68ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2021/11/large/161871139862220211119095900590.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: ab8132133b0518d13a0ab93e98292ca51c97df49a858a260fda282409bf89cce

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Fri, 19 Nov 2021 19:59:00 GMT
server: cloudflare
etag: "c4c957e57fddd71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f012ba9-FRA
content-length: 35320

GET
H2 200 16341500129698202207240750165016.jpg
koraplus.com/images/2022/7/large/ 44 KB
44 KB 98ms
79ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/7/large/16341500129698202207240750165016.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 5e931479c354d56499d738167bd6082bdb76a1f45be784f6fc5052891e886309

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Sun, 24 Jul 2022 17:50:16 GMT
server: cloudflare
etag: "731665d5859fd81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f042ba9-FRA
content-length: 45356

GET
H2 200 2871874097202111260811451145.jpg
koraplus.com/images/2021/11/large/ 28 KB
28 KB 98ms
79ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2021/11/large/2871874097202111260811451145.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 1c02b93860b37dc04ef4f253ba33f114ad25674823e48d163d59fc43651aa374

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Fri, 26 Nov 2021 18:11:45 GMT
server: cloudflare
etag: "7b39612f1e2d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f062ba9-FRA
content-length: 28354

GET
H2 200 IconTvs.png
koraplus.com/images/ 326 B
434 B 99ms
80ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/IconTvs.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: ed08de1503cae2839b33b669a964a33af728abf5067f067c1e939d92b5e5caab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Tue, 05 Oct 2021 11:00:27 GMT
server: cloudflare
etag: "80972a34d8b9d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f072ba9-FRA
content-length: 326

GET
H2 200 1634150012969820221010010712712.jpg
koraplus.com/images/2022/10/large-2/ 10 KB
10 KB 99ms
80ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/10/large-2/1634150012969820221010010712712.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 71257a1fbdfd6c1fde42c80c549cc3230be093a42a8252b0181c7cb0764fa344

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Mon, 10 Oct 2022 11:07:12 GMT
server: cloudflare
etag: "c90a17298dcd81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f092ba9-FRA
content-length: 10627

GET
H2 200 Icontv.png
koraplus.com/images/ 326 B
383 B 99ms
81ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/Icontv.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: ed08de1503cae2839b33b669a964a33af728abf5067f067c1e939d92b5e5caab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Tue, 05 Oct 2021 11:00:27 GMT
server: cloudflare
etag: "80972a34d8b9d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f0d2ba9-FRA
content-length: 326

GET
H2 200 redcorner.png
koraplus.com/images/ 769 B
831 B 100ms
81ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/redcorner.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: a9a5399f89e7a6f86666c33da3ff6f08daa804463cc60490c2c6afb00ca34fcd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Tue, 05 Oct 2021 11:00:27 GMT
server: cloudflare
etag: "80972a34d8b9d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f0e2ba9-FRA
content-length: 769

GET
H2 200 47515-1.jpg
media.koraplus.com/Blocks/ 46 KB
47 KB 35ms
34ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Blocks/47515-1.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: d78d29f5701f639091176469cd9d5123e2bab2a737ab9850386512265a56c2cd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 23:36:58 GMT
server: cloudflare
etag: "c468c943a34d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74eab4b2ba9-FRA
content-length: 47515

GET
H2 200 46707-2.jpg
media.koraplus.com/Blocks/ 46 KB
46 KB 53ms
51ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Blocks/46707-2.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: dcf530f1a470d3db533a58756e4b924ef5cf10a0a190ba7ae76678d3e85d16e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 23:37:06 GMT
server: cloudflare
etag: "15dda993a34d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74eab5a2ba9-FRA
content-length: 46707

GET
H2 200 49323-3.jpg
media.koraplus.com/Blocks/ 48 KB
48 KB 25ms
25ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Blocks/49323-3.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: fe12ba8da3bc0afa2583777777a2f4c40c48bb05fbd1a8eb2f70ae3fa3eaf6e2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 23:37:13 GMT
server: cloudflare
etag: "18aa349d3a34d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74eab5c2ba9-FRA
content-length: 49323

GET
H2 200 16571779146349202301300118251825.jpg
koraplus.com/images/2023/1/large-2/ 7 KB
7 KB 100ms
82ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/16571779146349202301300118251825.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 69abc825203e800438f446ea4630d271aa25a61595b5195213485e8c44d102ac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Sun, 29 Jan 2023 23:18:25 GMT
server: cloudflare
etag: "634221fd3734d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f102ba9-FRA
content-length: 7390

GET
H2 200 1647856244110202301300131553155.jpg
koraplus.com/images/2023/1/large-2/ 7 KB
7 KB 102ms
84ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/1647856244110202301300131553155.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 86c6f7d21a742a6a8f742c76a92f06945f95ee5d4a688d2d3f7b34a62cb8eb48

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Sun, 29 Jan 2023 23:31:55 GMT
server: cloudflare
etag: "2a20c3df3934d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f122ba9-FRA
content-length: 7528

GET
H2 200 16571779146349202301301231593159.jpg
koraplus.com/images/2023/1/large-2/ 10 KB
10 KB 103ms
85ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/16571779146349202301301231593159.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 01db50a96fd7839e90d5d004d9eb7509e492acfa218fc3e985d1748652b9f8c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 22:31:59 GMT
server: cloudflare
etag: "535d41803134d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f142ba9-FRA
content-length: 9954

GET
H2 200 16451670867588202301301219341934.jpg
koraplus.com/images/2023/1/large-2/ 12 KB
12 KB 103ms
85ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/16451670867588202301301219341934.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 38440cef7d0613d174c2559d48258646784de3bff4bb710927dc15bfdc8257d7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 22:19:34 GMT
server: cloudflare
etag: "25e281c42f34d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f152ba9-FRA
content-length: 12614

GET
H2 200 Iconlive-tv-White.png
koraplus.com/images/ 353 B
414 B 104ms
86ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/Iconlive-tv-White.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 50823da7bfb14d76ca9ed9b2f60dd24aa1186f3f1250d9fc551f782ca342b769

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Tue, 05 Oct 2021 11:00:27 GMT
server: cloudflare
etag: "80972a34d8b9d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f162ba9-FRA
content-length: 353

GET
H2 200 1634150012969820221010010712712.jpg
koraplus.com/images/2022/10/large/ 35 KB
35 KB 104ms
86ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/10/large/1634150012969820221010010712712.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: faf2dec680d35cc65bb3a72fb2e2796f147677c1fbfa426d7463266c0756aaa2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Mon, 10 Oct 2022 11:07:12 GMT
server: cloudflare
etag: "699e9e7298dcd81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f172ba9-FRA
content-length: 35977

GET
H2 200 tvicon.png
koraplus.com/images/ 2 KB
2 KB 105ms
87ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/tvicon.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 988956ea96ff762b093da48e22de94011c5399269521820b0b51d23395ce03a1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Tue, 05 Oct 2021 11:00:27 GMT
server: cloudflare
etag: "80972a34d8b9d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f192ba9-FRA
content-length: 1728

GET
H2 200 1626711020477202211071133313331.jpg
koraplus.com/images/2022/11/large-3/ 8 KB
9 KB 105ms
87ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/11/large-3/1626711020477202211071133313331.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: e9a337c022e14f6447fba01a1cb31fa378d291a3b67aea4366d1199acd81d11e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Mon, 07 Nov 2022 09:33:31 GMT
server: cloudflare
etag: "ba23cfff8bf2d81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f1a2ba9-FRA
content-length: 8697

GET
H2 200 1619696029370202301280128122812.jpg
koraplus.com/images/2023/1/large-3/ 12 KB
13 KB 105ms
88ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-3/1619696029370202301280128122812.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: de6f607bbca229055f003dfe1ef694ab5bf12ededcd4ee25cfd48f8e373a972c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Fri, 27 Jan 2023 23:28:12 GMT
server: cloudflare
etag: "5997396a732d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f1b2ba9-FRA
content-length: 12726

GET
H2 200 1643367570695202301130446214621.jpg
koraplus.com/images/2023/1/large-3/ 12 KB
12 KB 105ms
88ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-3/1643367570695202301130446214621.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 8daec1beb5269a615001dabca2e3805c2e137863f9dc7d4da6e86ddbd42a8c01

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Fri, 13 Jan 2023 14:46:22 GMT
server: cloudflare
etag: "c022b4cd5d27d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f1c2ba9-FRA
content-length: 12391

GET
H2 200 Iconwriters.png
koraplus.com/images/ 706 B
767 B 105ms
88ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/Iconwriters.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 4f18ed195e69551cc4e11dca048f0dbf93078d172b582aa5f95b026c20ec6e14

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Tue, 05 Oct 2021 11:00:27 GMT
server: cloudflare
etag: "80972a34d8b9d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f1d2ba9-FRA
content-length: 706

GET
H2 200 16281779136505202301290336273627.jpg
koraplus.com/images/2023/1/large/ 31 KB
32 KB 105ms
88ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large/16281779136505202301290336273627.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 9273e5379701f3409da682e18dd20d6a91def7325d765eff86a7b41a3bee792e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Sun, 29 Jan 2023 13:36:27 GMT
server: cloudflare
etag: "913c3fb0e633d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f1f2ba9-FRA
content-length: 32191

GET
H2 200 16151871231752202210120656295629.jpg
koraplus.com/images/2022/10/large/ 29 KB
29 KB 105ms
88ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/10/large/16151871231752202210120656295629.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 697016751229f2b7cbeb1cff1be034ce7743422b838861c7f9ae5c9aed624010

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Wed, 12 Oct 2022 16:56:30 GMT
server: cloudflare
etag: "d18e3d935bded81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f222ba9-FRA
content-length: 29362

GET
H2 200 1626711020477202212250327562756.jpg
koraplus.com/images/2022/12/large/ 32 KB
32 KB 105ms
89ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/12/large/1626711020477202212250327562756.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: b0fd488b68149b3c76618ba4df7d621fd33b6be2a036cb4b6e86225c9ff79b12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Sun, 25 Dec 2022 13:27:56 GMT
server: cloudflare
etag: "a29c10b36418d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f242ba9-FRA
content-length: 32479

GET
H2 200 162671102047720220613032600260.jpg
koraplus.com/images/2022/6/large/ 47 KB
47 KB 106ms
89ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/6/large/162671102047720220613032600260.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 353f0f01ba4a4d0aff25a5e2c26f53931f47599e039a5f1ffb6065dde101e965

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Mon, 13 Jun 2022 13:26:01 GMT
server: cloudflare
etag: "3b12c71f297fd81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f262ba9-FRA
content-length: 48373

GET
H2 200 1647856244110202209201143574357.jpg
koraplus.com/images/2022/9/large/ 29 KB
30 KB 106ms
90ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/9/large/1647856244110202209201143574357.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: d6ffc492eea847471573fd94c017a8da3516e9f4511db876aa9221fdebdfe5d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Tue, 20 Sep 2022 21:43:57 GMT
server: cloudflare
etag: "26685163acdd81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f272ba9-FRA
content-length: 30151

GET
H2 200 16311326371379202212210556305630.jpg
koraplus.com/images/2022/12/large/ 31 KB
31 KB 106ms
90ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/12/large/16311326371379202212210556305630.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: d44484eca9f94a944633613c6cf68f118f46930673bf77dd6a5d00c493e3bda0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Wed, 21 Dec 2022 15:56:30 GMT
server: cloudflare
etag: "a2fb0ca5415d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f292ba9-FRA
content-length: 31669

GET
H2 200 logo03.png
koraplus.com/images/ 2 KB
2 KB 107ms
91ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/logo03.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 484da8391d7ffd1e027cf60b07441ac4dcf9edfbefbe56b8ebf23b99839aecc7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Tue, 05 Oct 2021 11:00:27 GMT
server: cloudflare
etag: "80972a34d8b9d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f2a2ba9-FRA
content-length: 2278

GET
H2 200 16461779150471202301280755215521.jpg
koraplus.com/images/2023/1/large-2/ 13 KB
13 KB 107ms
91ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/16461779150471202301280755215521.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 23b8cfc6930ce650d05ccc5e4a40c31d3508d672997a7701316cfa7cb80b0fb0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Sat, 28 Jan 2023 17:55:21 GMT
server: cloudflare
etag: "c152adb04133d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f342ba9-FRA
content-length: 13611

GET
H2 200 16461779150471202301280559145914.jpg
koraplus.com/images/2023/1/large-2/ 12 KB
12 KB 108ms
92ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/16461779150471202301280559145914.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 703f50216781274475e93fc99fdd060d1a9ede2dd3aaba71751a6a191f905011

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Sat, 28 Jan 2023 15:59:14 GMT
server: cloudflare
etag: "b5483f783133d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f372ba9-FRA
content-length: 12465

GET
H2 200 1646177915047120230128040449449.jpg
koraplus.com/images/2023/1/large-2/ 9 KB
9 KB 108ms
92ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/1646177915047120230128040449449.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: bc0410809e43dcc1d85142fa34872d9905812e6eca04588c70ce26399119667d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Sat, 28 Jan 2023 14:04:49 GMT
server: cloudflare
etag: "989b477c2133d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f392ba9-FRA
content-length: 9434

GET
H2 200 1646177915047120230128021306136.jpg
koraplus.com/images/2023/1/large-2/ 14 KB
14 KB 108ms
93ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/1646177915047120230128021306136.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 902d8042557f4134a7cfe46454bb389075985c3758bd48a9f96acafa4a0a432c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Sat, 28 Jan 2023 12:13:07 GMT
server: cloudflare
etag: "592c89e11133d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f3b2ba9-FRA
content-length: 14451

GET
H2 200 164785624411020230130120251251.jpg
koraplus.com/images/2023/1/large-2/ 12 KB
12 KB 109ms
93ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/164785624411020230130120251251.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 737ff8288b917ed5912b360b6a9fbe86dbb0a5861175cbe7a2282222258770d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 22:02:51 GMT
server: cloudflare
etag: "761d706e2d34d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f3e2ba9-FRA
content-length: 12341

GET
H2 200 16571779146349202301301211311131.jpg
koraplus.com/images/2023/1/large-2/ 17 KB
17 KB 109ms
93ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/16571779146349202301301211311131.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 8399ecae2e9491d2f4a971d9cd42f799d2ee364ac132ea8bf007421adfba845d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 22:11:31 GMT
server: cloudflare
etag: "46f78ea42e34d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f412ba9-FRA
content-length: 17177

GET
H2 200 164785624411020220912065200520.jpg
koraplus.com/images/2022/9/large-2/ 9 KB
9 KB 109ms
94ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/9/large-2/164785624411020220912065200520.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 2d851735b8154651bb33a40154784e9da095641e6504fafae7394245e92871c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Mon, 12 Sep 2022 16:52:00 GMT
server: cloudflare
etag: "d7f312fac7c6d81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f442ba9-FRA
content-length: 9205

GET
H2 200 161871139862220211119095900590.jpg
koraplus.com/images/2021/11/large-2/ 9 KB
9 KB 109ms
94ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2021/11/large-2/161871139862220211119095900590.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: b9cc492ae8cf3d6775d039f56877730407deef9839c87f5248110613a5e52c32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Fri, 19 Nov 2021 19:59:00 GMT
server: cloudflare
etag: "28eb59e57fddd71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f452ba9-FRA
content-length: 9340

GET
H2 200 2871874097202204091150165016.jpg
koraplus.com/images/2022/4/large-2/ 10 KB
10 KB 109ms
94ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/4/large-2/2871874097202204091150165016.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: e4107c12d8f69a16b5fd230739d3c6af5023b4dda683c5019f0a6ec93246c43c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Sat, 09 Apr 2022 21:50:16 GMT
server: cloudflare
etag: "ac8bc6cc5b4cd81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f462ba9-FRA
content-length: 10263

GET
H2 200 1649546565324202301270258465846.jpg
koraplus.com/images/2023/1/large-2/ 14 KB
14 KB 110ms
95ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/1649546565324202301270258465846.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 41a7386432727a336a0f47f6131344abb963e842312d49908d1b06d76e760250

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Fri, 27 Jan 2023 12:58:46 GMT
server: cloudflare
etag: "1295f4174f32d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f482ba9-FRA
content-length: 14683

GET
H2 200 2871874097202111260811451145.jpg
koraplus.com/images/2021/11/large-2/ 8 KB
8 KB 110ms
95ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2021/11/large-2/2871874097202111260811451145.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 34b1181652a723f56ec898322fb5afa5ba022148bfa0232bcb4541df67f95c91

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Fri, 26 Nov 2021 18:11:45 GMT
server: cloudflare
etag: "69ac9812f1e2d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f4d2ba9-FRA
content-length: 7733

GET
H2 200 1653791029387202301290317561756.jpg
koraplus.com/images/2023/1/large-2/ 21 KB
21 KB 110ms
95ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/1653791029387202301290317561756.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 9bdede35405067c7cecb26fac81e2ec8b100a8a914696c95dc2121df9a9a3bdb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Sun, 29 Jan 2023 13:17:57 GMT
server: cloudflare
etag: "e5a98b1ae433d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f4f2ba9-FRA
content-length: 21438

GET
H2 200 161247113901120230127040326326.jpg
koraplus.com/images/2023/1/large-2/ 19 KB
19 KB 110ms
95ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/161247113901120230127040326326.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 6ea604a09ebb479804dd62cdaa3832a11e5b1c30f0adc79e30c90674e2731ef6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Fri, 27 Jan 2023 14:03:26 GMT
server: cloudflare
etag: "edfb9e205832d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f512ba9-FRA
content-length: 19783

GET
H2 200 162289353859520220713080025025.jpg
koraplus.com/images/2022/7/large-2/ 12 KB
12 KB 110ms
96ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/7/large-2/162289353859520220713080025025.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 88594132b00910cf410d97bcc8862225d25a0ae3528b773515a25360882596cd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Wed, 13 Jul 2022 18:00:25 GMT
server: cloudflare
etag: "438fc96de296d81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f522ba9-FRA
content-length: 12071

GET
H2 200 16196960293702023012010050959.jpg
koraplus.com/images/2023/1/large-2/ 14 KB
14 KB 110ms
96ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/16196960293702023012010050959.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: a3bc32571d65853e07135d61e528de1ab1ddaf12031898499c8530650956898b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Fri, 20 Jan 2023 20:05:09 GMT
server: cloudflare
etag: "76e6447fa2dd91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f542ba9-FRA
content-length: 14382

GET
H2 200 164954656532420220730094202422.jpg
koraplus.com/images/2022/7/large-2/ 13 KB
13 KB 111ms
96ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/7/large-2/164954656532420220730094202422.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: a1ccc5e87860b7207f2731333226e73051edb6e19ac1a2ecca0acc3096776039

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Sat, 30 Jul 2022 19:42:02 GMT
server: cloudflare
etag: "95671a714ca4d81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f572ba9-FRA
content-length: 12801

GET
H2 200 16441326371334202301261125572557.jpg
koraplus.com/images/2023/1/large-2/ 16 KB
16 KB 111ms
96ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/16441326371334202301261125572557.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 590d0785d3845aa9f2318d878915524ae006262251ffe20e4e7f2909f563a7cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Thu, 26 Jan 2023 09:25:57 GMT
server: cloudflare
etag: "23788326831d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f592ba9-FRA
content-length: 15892

GET
H2 200 164954656532420221229074008408.jpg
koraplus.com/images/2022/12/large-2/ 16 KB
16 KB 111ms
97ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/12/large-2/164954656532420221229074008408.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: d2156a30205c81818ef4988dda7c1687fce93d417d33ee57b31c6dfdcd4b7866

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Thu, 29 Dec 2022 17:40:09 GMT
server: cloudflare
etag: "5ebf7d98ac1bd91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f5b2ba9-FRA
content-length: 16291

GET
H2 200 165717791463492023012504000404.jpg
koraplus.com/images/2023/1/large-2/ 6 KB
6 KB 111ms
97ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/165717791463492023012504000404.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: ee73192a5a5191d40e77d898f1007158c85e20c2c49b2286832da2a3c55318f4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Wed, 25 Jan 2023 14:00:04 GMT
server: cloudflare
etag: "dc392053c530d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f5d2ba9-FRA
content-length: 6337

GET
H2 200 16441326371334202301161237433743.jpg
koraplus.com/images/2023/1/large-2/ 10 KB
11 KB 111ms
97ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/16441326371334202301161237433743.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: c9fa9b5fd2b7039ef13789f4a63f436e3c304f2dd0a37a414a25f0b31dac3d71

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Mon, 16 Jan 2023 10:37:44 GMT
server: cloudflare
etag: "2f4f14919629d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f5f2ba9-FRA
content-length: 10738

GET
H2 200 16451670867588202301291126182618.jpg
koraplus.com/images/2023/1/large-2/ 23 KB
24 KB 111ms
98ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/16451670867588202301291126182618.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: ffcb2f66a90cb56f5e78b9246d4ba7720bef7bc209aa4faa1879d94213210b7b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Sun, 29 Jan 2023 21:26:18 GMT
server: cloudflare
etag: "b29388532834d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f612ba9-FRA
content-length: 24013

GET
H2 200 fclogo1-9202123134710524.jpg
koraplus.com/Images/ClubMenuImages/ 8 KB
8 KB 112ms
98ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/Images/ClubMenuImages/fclogo1-9202123134710524.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 406691710ad04a6231db4fa5cd7bef943f6c5e58f744b01a42d4b3972b741dac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Thu, 23 Sep 2021 11:47:10 GMT
server: cloudflare
etag: "8733dbe70b0d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f632ba9-FRA
content-length: 8006

GET
H2 200 fclogo2-9202123134718696.jpg
koraplus.com/Images/ClubMenuImages/ 8 KB
9 KB 112ms
99ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/Images/ClubMenuImages/fclogo2-9202123134718696.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: d234b02043d4b5c504111be64be2fde0772d196734819be2d7760346512d5022

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Thu, 23 Sep 2021 11:47:18 GMT
server: cloudflare
etag: "237d1cc370b0d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f652ba9-FRA
content-length: 8632

GET
H2 200 fclogo15-9202123134737938.jpg
koraplus.com/Images/ClubMenuImages/ 8 KB
8 KB 112ms
99ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/Images/ClubMenuImages/fclogo15-9202123134737938.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: c2a1d39369355d39a6bb3406ae93ce7fab635897c92f9e35a005bd49651651d2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Thu, 23 Sep 2021 11:47:37 GMT
server: cloudflare
etag: "937394ce70b0d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f692ba9-FRA
content-length: 7745

GET
H2 200 fclogo3-9202123134744316.jpg
koraplus.com/Images/ClubMenuImages/ 10 KB
10 KB 112ms
99ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/Images/ClubMenuImages/fclogo3-9202123134744316.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: bbf93496fc764f94c1a1cbc07f5752d94dfe30df6fb06e77e4be0479fcf19748

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Thu, 23 Sep 2021 11:47:44 GMT
server: cloudflare
etag: "46a861d270b0d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f6a2ba9-FRA
content-length: 10337

GET
H2 200 fclogo4-9202123134750262.jpg
koraplus.com/Images/ClubMenuImages/ 6 KB
6 KB 113ms
99ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/Images/ClubMenuImages/fclogo4-9202123134750262.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 80be3290b4f41a47a2302767a077962a38ceb824d00f23cc5fe781e4504443f1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Thu, 23 Sep 2021 11:47:50 GMT
server: cloudflare
etag: "a7faecd570b0d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f6c2ba9-FRA
content-length: 6318

GET
H2 200 fclogo5-920212313489452.jpg
koraplus.com/Images/ClubMenuImages/ 4 KB
5 KB 113ms
99ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/Images/ClubMenuImages/fclogo5-920212313489452.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: fdb42a3889107a052e55d2dd45a0e9b938c20f4dcebca9297b0f7627a9b4f4c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Thu, 23 Sep 2021 11:48:09 GMT
server: cloudflare
etag: "53315de170b0d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f6e2ba9-FRA
content-length: 4598

GET
H2 200 fclogo6-9202123134817633.jpg
koraplus.com/Images/ClubMenuImages/ 12 KB
12 KB 113ms
100ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/Images/ClubMenuImages/fclogo6-9202123134817633.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 2179c14de4542297fcf464baaf0f1ca131ec4359c88e56cb19610c0fc60c4673

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Thu, 23 Sep 2021 11:48:17 GMT
server: cloudflare
etag: "877a3de670b0d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f6f2ba9-FRA
content-length: 11858

GET
H2 200 fclogo7-920212313482988.jpg
koraplus.com/Images/ClubMenuImages/ 10 KB
10 KB 113ms
100ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/Images/ClubMenuImages/fclogo7-920212313482988.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 30295594f4c7f30b6b8adfaba2c78486ec844f84aae015295a75848b1baa722d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Thu, 23 Sep 2021 11:48:29 GMT
server: cloudflare
etag: "486e11ed70b0d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f722ba9-FRA
content-length: 9931

GET
H2 200 fclogo8-9202123134836726.jpg
koraplus.com/Images/ClubMenuImages/ 4 KB
4 KB 115ms
102ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/Images/ClubMenuImages/fclogo8-9202123134836726.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 078eabeec375c3e2e7ce1d3721a3be989ca4e2575796f6754111361cb5e228f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Thu, 23 Sep 2021 11:48:36 GMT
server: cloudflare
etag: "f0eb9ef170b0d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f732ba9-FRA
content-length: 4237

GET
H2 200 fclogo9-9202123134913602.jpg
koraplus.com/Images/ClubMenuImages/ 9 KB
9 KB 113ms
100ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/Images/ClubMenuImages/fclogo9-9202123134913602.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: af8176bec25bdf12f86c5e39af1d45acb501af350e10d7fb7c6b2ce73d5ae6bd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Thu, 23 Sep 2021 11:49:13 GMT
server: cloudflare
etag: "f6b799771b0d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f752ba9-FRA
content-length: 9174

GET
H2 200 fclogo10-9202123134921948.jpg
koraplus.com/Images/ClubMenuImages/ 11 KB
11 KB 116ms
103ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/Images/ClubMenuImages/fclogo10-9202123134921948.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: aaddea26d639384a48f5942d10306e4341fc10c9b28d7e11fdf189275e9b775c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Thu, 23 Sep 2021 11:49:21 GMT
server: cloudflare
etag: "791e93c71b0d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f772ba9-FRA
content-length: 11359

GET
H2 200 fclogo11-9202123134929902.jpg
koraplus.com/Images/ClubMenuImages/ 10 KB
10 KB 113ms
100ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/Images/ClubMenuImages/fclogo11-9202123134929902.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 8355bcb3d0e0289799a2aa478da4c819779cc49ef3938dea217aee1473e1d21b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Thu, 23 Sep 2021 11:49:29 GMT
server: cloudflare
etag: "9ee5501171b0d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f7a2ba9-FRA
content-length: 10062

GET
H2 200 fclogo12-9202123134937971.jpg
koraplus.com/Images/ClubMenuImages/ 6 KB
6 KB 113ms
100ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/Images/ClubMenuImages/fclogo12-9202123134937971.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 9ffa61667e677214bbf9bd395ccbeca73dc6f1dbcf6f02869318db4b701fbb28

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Thu, 23 Sep 2021 11:49:37 GMT
server: cloudflare
etag: "122d201671b0d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f7b2ba9-FRA
content-length: 6509

GET
H2 200 fclogo14-9202123134945394.jpg
koraplus.com/Images/ClubMenuImages/ 1017 B
1 KB 113ms
100ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/Images/ClubMenuImages/fclogo14-9202123134945394.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 863ea7e4aef0f9a8125785769124866975ed402b68f8b198070acaa9834a7c8f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Thu, 23 Sep 2021 11:49:45 GMT
server: cloudflare
etag: "a3cb8c1a71b0d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f7d2ba9-FRA
content-length: 1017

GET
H2 200 fclogo13-9202123135857919.jpg
koraplus.com/Images/ClubMenuImages/ 10 KB
10 KB 116ms
104ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/Images/ClubMenuImages/fclogo13-9202123135857919.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: e8c15a8cf23c53c797491f2c9e5b3407be7cd3f4140e7487d2514e482aadea6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Thu, 23 Sep 2021 11:58:57 GMT
server: cloudflare
etag: "7467e16372b0d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f802ba9-FRA
content-length: 10637

GET
H2 200 1647856244110202301291139323932.jpg
koraplus.com/images/2023/1/large-2/ 9 KB
9 KB 113ms
101ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/1647856244110202301291139323932.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 36e01e6c23e6d028cc94c9e1800eb6c1ef39c0f9644b1518300825a0d2846c1b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Sun, 29 Jan 2023 21:39:32 GMT
server: cloudflare
etag: "e27ec92c2a34d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f822ba9-FRA
content-length: 9411

GET
H2 200 1628177913650520230129092500250.jpg
koraplus.com/images/2023/1/large-2/ 14 KB
14 KB 115ms
103ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/1628177913650520230129092500250.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 48995f6973f1f5fa8194d60fda6c2822d5052b881e4e016bb6c37f03fe87def6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Sun, 29 Jan 2023 19:25:00 GMT
server: cloudflare
etag: "718b6e611734d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f852ba9-FRA
content-length: 14248

GET
H2 200 16271067218192202301290635393539.jpg
koraplus.com/images/2023/1/large-2/ 15 KB
15 KB 112ms
101ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/16271067218192202301290635393539.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 0c4311df00bef1093b3e3063e654db79521f152b1a3ed8e2c3343656294e8bd6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Sun, 29 Jan 2023 16:35:39 GMT
server: cloudflare
etag: "594d9b8ff33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f872ba9-FRA
content-length: 15748

GET
H2 200 1627106721819220230129053309339.jpg
koraplus.com/images/2023/1/large-2/ 14 KB
14 KB 113ms
101ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/1627106721819220230129053309339.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 21eb00836ab9e006240b59aaa5a3c7ea0cb4e47e857b9f383f55cfa1fc788ec3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Sun, 29 Jan 2023 15:33:10 GMT
server: cloudflare
etag: "d45674fef633d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f8c2ba9-FRA
content-length: 13832

GET
H2 200 ImgDontMiss.png
koraplus.com/images/ 819 B
927 B 113ms
101ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/ImgDontMiss.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 4b2b31d81c44d5de0e4a971b69c60c3ef741d56f9e7de3eb2a0907cb9b698069

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Tue, 05 Oct 2021 11:00:27 GMT
server: cloudflare
etag: "80972a34d8b9d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f8f2ba9-FRA
content-length: 819

GET
H2 200 1653791029387202209281042554255.jpg
koraplus.com/images/2022/9/large-2/ 13 KB
13 KB 114ms
103ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/9/large-2/1653791029387202209281042554255.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: ba39e79090f757f6ee238d60d3294600636abf6bdb216de76f4f0e427eed8681

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Wed, 28 Sep 2022 08:42:55 GMT
server: cloudflare
etag: "dab8be4d16d3d81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f912ba9-FRA
content-length: 13299

GET
H2 200 2871874097202112270627222722.jpg
koraplus.com/images/2021/12/large-2/ 11 KB
11 KB 121ms
110ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2021/12/large-2/2871874097202112270627222722.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 21982ba4acad9b833bdb7267fad2d259d938043b3e68caaf621d6490d92980ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Mon, 27 Dec 2021 16:27:22 GMT
server: cloudflare
etag: "ec326ea03efbd71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f922ba9-FRA
content-length: 11254

GET
H2 200 1649546565324202210190938193819.jpg
koraplus.com/images/2022/10/large-2/ 13 KB
13 KB 113ms
101ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/10/large-2/1649546565324202210190938193819.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: d7a1fe91badd3cd8bf3f142d4e8630cc94fb3811e9bbb3be5ab597a57a361eb3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Wed, 19 Oct 2022 19:38:19 GMT
server: cloudflare
etag: "68eb7557f2e3d81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f932ba9-FRA
content-length: 13574

GET
H2 200 287187409720220111070533533.jpg
koraplus.com/images/2022/1/large-2/ 17 KB
17 KB 124ms
113ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/1/large-2/287187409720220111070533533.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: eabdb0023454ac1160ac14cb1dfc8ba73ea2e7e9fcf1a3349da8ebee5c8c021e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Tue, 11 Jan 2022 17:05:34 GMT
server: cloudflare
etag: "7fb74972d7d81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f952ba9-FRA
content-length: 16941

GET
H2 200 287187409720220111070920920.jpg
koraplus.com/images/2022/1/large-2/ 15 KB
15 KB 126ms
114ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/1/large-2/287187409720220111070920920.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: f7e5e1806505e164793f68d35ea2d03ab944ee97807526f794b949e31bebeecd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Tue, 11 Jan 2022 17:09:20 GMT
server: cloudflare
etag: "eeb30f9d7d81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f962ba9-FRA
content-length: 14990

GET
H2 200 2871874097202201110543124312.jpg
koraplus.com/images/2022/1/large-2/ 14 KB
15 KB 123ms
112ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/1/large-2/2871874097202201110543124312.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: ffdedcf6a343afb2b16c899b0417ce069c3ef62c60b0dec348df0e4be8c5795e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Tue, 11 Jan 2022 15:43:12 GMT
server: cloudflare
etag: "3fd2bdf017d81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f982ba9-FRA
content-length: 14698

GET
H2 200 161250657737920211215065409549.jpg
koraplus.com/images/2021/12/large-2/ 12 KB
12 KB 113ms
102ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2021/12/large-2/161250657737920211215065409549.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 77cc89d5dfeb07aa776d08555622300a718dc1720399e6cbd8cddcee828f114f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Wed, 15 Dec 2021 16:54:09 GMT
server: cloudflare
etag: "ee261461d4f1d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f992ba9-FRA
content-length: 12595

GET
H2 200 1635203754042720211028050611611.jpg
koraplus.com/images/2021/10/large-2/ 11 KB
11 KB 121ms
111ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2021/10/large-2/1635203754042720211028050611611.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: c1ee278b624720faca713fcdb71086f76cee6a7df456afcf097f98c3007b0d92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Thu, 28 Oct 2021 15:06:11 GMT
server: cloudflare
etag: "662ad157dccd71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f9b2ba9-FRA
content-length: 11583

GET
H2 200 16451670867588202211101048584858.jpg
koraplus.com/images/2022/11/large-2/ 12 KB
12 KB 124ms
113ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/11/large-2/16451670867588202211101048584858.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 77c27eb0417a857a0bb259b6bd9027c07da1d3d1b044c13c546fa37fb916ecf4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Thu, 10 Nov 2022 20:48:58 GMT
server: cloudflare
etag: "d2195fdb45f5d81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f9c2ba9-FRA
content-length: 11950

GET
H2 200 16182087780728202208081135513551.jpg
koraplus.com/images/2022/8/large-2/ 17 KB
17 KB 115ms
104ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/8/large-2/16182087780728202208081135513551.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: a1ca959d3153c9915831702ac6c4fd3006c2badb37f6e8328f740127b7962e83

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Mon, 08 Aug 2022 21:35:51 GMT
server: cloudflare
etag: "8c5ef2d46eabd81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3f9f2ba9-FRA
content-length: 17418

GET
H2 200 16441326371334202301270453545354.jpg
koraplus.com/images/2023/1/large-2/ 18 KB
18 KB 124ms
114ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/16441326371334202301270453545354.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 4db4eb63f193ec761dcef84a13c4b7c197f19de622ec515ddd67bde888f5b3be

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Fri, 27 Jan 2023 14:53:55 GMT
server: cloudflare
etag: "d24e7c2d5f32d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3fa12ba9-FRA
content-length: 18158

GET
H2 200 1612471139011202212290852255225.jpg
koraplus.com/images/2022/12/large-2/ 16 KB
16 KB 114ms
103ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/12/large-2/1612471139011202212290852255225.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 917fb5500ab45c11f7d0ee7043d22b5a2a5f532703323f7d1aed5b732df9fd64

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Thu, 29 Dec 2022 18:52:25 GMT
server: cloudflare
etag: "152326b1b61bd91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3fa22ba9-FRA
content-length: 16057

GET
H2 200 1612471139011202212290740444044.jpg
koraplus.com/images/2022/12/large-2/ 13 KB
13 KB 124ms
114ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/12/large-2/1612471139011202212290740444044.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: b5ef2e200b14f403ac0e33204762b13f39642ac2de462a30c703a30f86193c80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Thu, 29 Dec 2022 17:40:45 GMT
server: cloudflare
etag: "66c2caeac1bd91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3fa32ba9-FRA
content-length: 13205

GET
H2 200 1615187123175220221127064701471.jpg
koraplus.com/images/2022/11/large-2/ 14 KB
14 KB 115ms
104ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/11/large-2/1615187123175220221127064701471.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 5999f41df4177292f0ab09f090c9cc1accab1fdc47f5641c71438221b4dbbe89

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Sun, 27 Nov 2022 16:47:03 GMT
server: cloudflare
etag: "13b3a2e07f2d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3fa42ba9-FRA
content-length: 14650

GET
H2 200 16571779146349202301291149524952.jpg
koraplus.com/images/2023/1/large-2/ 15 KB
15 KB 123ms
113ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/16571779146349202301291149524952.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 0f01a56efb1882b6396c3b52febe8a36464c2dc02b2a141b0ba7cde3a49ee0e8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 21:49:53 GMT
server: cloudflare
etag: "5f4b719e2b34d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3fa62ba9-FRA
content-length: 15120

GET
H2 200 1657177914634920230129104903493.jpg
koraplus.com/images/2023/1/large-2/ 18 KB
19 KB 122ms
112ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/1657177914634920230129104903493.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 2c62321f045ffb43386252bc16cb03f9465142edd6b7d686a98455a7821ca480

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Sun, 29 Jan 2023 20:49:03 GMT
server: cloudflare
etag: "f0c531f2334d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3fa72ba9-FRA
content-length: 18844

GET
H2 200 16451670867588202301290848594859.jpg
koraplus.com/images/2023/1/large-2/ 12 KB
12 KB 120ms
110ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/16451670867588202301290848594859.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: a1678d3756921a43e6e47bc8a1731145abefd0c6dae8f507d63407c32770f939

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Sun, 29 Jan 2023 18:48:59 GMT
server: cloudflare
etag: "eac77591234d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3fa82ba9-FRA
content-length: 12150

GET
H2 200 287187409720220307054809489.jpg
koraplus.com/images/2022/3/large-2/ 12 KB
12 KB 115ms
105ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/3/large-2/287187409720220307054809489.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 70c09574abb2e590eccb0b0014aa078b83c3c05ebd27ee4009417c0192cc4d68

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Mon, 07 Mar 2022 15:48:09 GMT
server: cloudflare
etag: "377c8fbe3a32d81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3fa92ba9-FRA
content-length: 12288

GET
H2 200 164119270360772022041502080585.jpg
koraplus.com/images/2022/4/large-2/ 14 KB
14 KB 123ms
114ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/4/large-2/164119270360772022041502080585.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 526aac3f4080a1fe8edbcfbe1490147b961ba53e5943a0968f985421561cd5cb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Fri, 15 Apr 2022 00:08:05 GMT
server: cloudflare
etag: "2a434fe15c50d81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3faa2ba9-FRA
content-length: 14540

GET
H2 200 Iconwhitecamera.png
koraplus.com/images/ 337 B
423 B 124ms
115ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/Iconwhitecamera.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 0662c4ea2687452003b35407c62337921a5143919e6f421446dac109100bea89

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Tue, 05 Oct 2021 11:00:27 GMT
server: cloudflare
etag: "80972a34d8b9d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3fac2ba9-FRA
content-length: 337

GET
H2 200 120232202057283.jpg
koraplus.com/Images/Albums/Covers/ 351 KB
351 KB 122ms
113ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/Images/Albums/Covers/120232202057283.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: eb3c0ab5c18d69f1536139fc688e4efc05cce7a6f07aa77fc48d79173d7e56c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Sat, 21 Jan 2023 22:20:57 GMT
server: cloudflare
etag: "3c9e4fa2e62dd91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3faf2ba9-FRA
content-length: 359132

GET
H2 200 1202319221850484.jpg
koraplus.com/Images/Albums/Covers/ 60 KB
60 KB 124ms
115ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/Images/Albums/Covers/1202319221850484.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: ab37e58d19a0b1c89f97e8b2a054ce2934fb6c6fcb2730d2977036a617bfa740

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Thu, 19 Jan 2023 20:18:50 GMT
server: cloudflare
etag: "3df15c3e432cd91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3fb12ba9-FRA
content-length: 61022

GET
H2 200 1202314044470.jpg
koraplus.com/Images/Albums/Covers/ 357 KB
357 KB 124ms
115ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/Images/Albums/Covers/1202314044470.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 2260264cb4d75958e8c23c1be2102745e928385224ae36cd5b7d4d619f68c572

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Fri, 13 Jan 2023 22:44:04 GMT
server: cloudflare
etag: "171d9689a027d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3fb72ba9-FRA
content-length: 365276

GET
H2 200 16511818936926202301261237353735.jpg
koraplus.com/images/2023/1/large-2/ 10 KB
10 KB 124ms
115ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/16511818936926202301261237353735.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: ff8f14a8686ce379a58f47538d98eadd91781d262702a827ba0842e5a9edeffa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Wed, 25 Jan 2023 22:37:36 GMT
server: cloudflare
etag: "801a699fd31d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3fb82ba9-FRA
content-length: 9849

GET
H2 200 1647856244110202301241140324032.jpg
koraplus.com/images/2023/1/large-2/ 8 KB
8 KB 122ms
113ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2023/1/large-2/1647856244110202301241140324032.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 6d7924cacc646fb891905ad15db0c492f2ba62e0667c0820f201b2c2ec88f494

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Tue, 24 Jan 2023 21:40:32 GMT
server: cloudflare
etag: "c2a48b7c3c30d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3fbb2ba9-FRA
content-length: 8381

GET
H2 200 1643367570695202212110541524152.jpg
koraplus.com/images/2022/12/large-2/ 11 KB
11 KB 123ms
114ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/2022/12/large-2/1643367570695202212110541524152.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: deff40f630a3944e426b6647aa03bcf78a42d1fcea307a416591daf5493cfe78

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Sun, 11 Dec 2022 15:41:53 GMT
server: cloudflare
etag: "125d821777dd91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3fbd2ba9-FRA
content-length: 10789

GET
H2 200 IconChampionship-stats.png
koraplus.com/images/ 571 B
632 B 132ms
124ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/IconChampionship-stats.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 1fdd917f3a593fe4a70e758cdf799a002f4ad8be18773dc66590be82563a4194

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Tue, 05 Oct 2021 11:00:27 GMT
server: cloudflare
etag: "80972a34d8b9d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3fbf2ba9-FRA
content-length: 571

GET
H2 403 /
media.koraplus.com/Kora/Player/ 0
0 22ms
21ms Image
text/html 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Player/
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

GET
H2 200 AhmedSayedZizo_19120.jpg
media.koraplus.com/Kora/Player/ 12 KB
12 KB 23ms
23ms Image
image/jpeg 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Player/AhmedSayedZizo_19120.jpg
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 21ca804fd97dc74906e902e61f8175240393a338fc586ace0c60b2f426f55905

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
cf-cache-status: REVALIDATED
cf-bgj: h2pri
last-modified: Sun, 29 Jan 2023 11:25:43 GMT
server: cloudflare
etag: "f32eb6cd433d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74ebb762ba9-FRA
content-length: 12595

GET
H2 200 RamadanSobhy_5753.png
media.koraplus.com/Kora/Player/ 119 KB
119 KB 22ms
22ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.koraplus.com/Kora/Player/RamadanSobhy_5753.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 859a6a8e2a4864ed098175375612b277c2c33d6e6d43fcf543a1885af0ab51fe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 29 Jan 2023 10:43:02 GMT
server: cloudflare
etag: "d3446876ce33d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74ebb772ba9-FRA
content-length: 122031

GET
H2 200 Clicksegypt--LogoB.png
koraplus.com/images/ 2 KB
2 KB 123ms
114ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/Clicksegypt--LogoB.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: cc9cb457f26e6b8d81a37295c29fe66fe9fe2a8a175b24cc58380a0f4b1fe17a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Tue, 05 Oct 2021 11:00:27 GMT
server: cloudflare
etag: "80972a34d8b9d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3fc12ba9-FRA
content-length: 2394

GET
H2 200 redtiktoklogo.png
koraplus.com/images/ 3 KB
3 KB 110ms
101ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/redtiktoklogo.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 0117e9167e3ef1c626663b57a724c0529d0af2701e7c8f9912dab952b5ba9ace

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Thu, 07 Oct 2021 21:14:02 GMT
server: cloudflare
age: 1802
etag: "3d14f440c0bbd71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c3fc22ba9-FRA
content-length: 3448

GET
H2 200 breaking-news-ticker.min.js Show response
koraplus.com/Scripts/ 10 KB
3 KB 14ms
14ms Script
application/javascript 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://koraplus.com/Scripts/breaking-news-ticker.min.js?Ver0.1
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: c6588d7bf15df0411498e4eff8f6f4c28bc984fc128f72c0ab8dc87d45f3b97e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 14 Mar 2022 10:30:57 GMT
server: cloudflare
age: 115
etag: W/"fd677978e37d81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7918d74bde622ba9-FRA

GET
H2 200 swiper-bundle.min.js Show response
koraplus.com/Scripts/ 138 KB
36 KB 43ms
17ms Script
application/javascript 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://koraplus.com/Scripts/swiper-bundle.min.js
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: e79cd35e4c98c9f78fc026019e6bbb8503223821407cfc5320c2478b7c6b0650

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 22 Sep 2021 11:00:04 GMT
server: cloudflare
age: 115
etag: W/"a0ff16ffa0afd71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7918d74c1ece2ba9-FRA

GET
H2 200 Mainfunctios.js Show response
koraplus.com/Scripts/ 32 KB
5 KB 113ms
82ms Script
application/javascript 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://koraplus.com/Scripts/Mainfunctios.js?Ver6.5
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: f208dcecc28d86728b8e2cbbeca279de158ac58a268896981d73856d1069b5a2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 10 Jan 2023 16:49:10 GMT
server: cloudflare
age: 115
etag: W/"d74d76761325d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7918d74c2ee32ba9-FRA

GET
H2 200 GeneralScript.js Show response
koraplus.com/Scripts/ 3 KB
1 KB 117ms
87ms Script
application/javascript 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://koraplus.com/Scripts/GeneralScript.js?v12021
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 047ef7e9416fe045fa7bf9e9dad1324ef32a1d175d94d17dc4517bda2cbaf3c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 26 Jul 2022 14:23:44 GMT
server: cloudflare
age: 115
etag: W/"eca8d04ffba0d81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7918d74c2ee52ba9-FRA

GET
H2 200 jqueryui.js Show response
koraplus.com/Scripts/ 246 KB
66 KB 120ms
90ms Script
application/javascript 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://koraplus.com/Scripts/jqueryui.js
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 6211dbc5c4ca03303f91b12a087431bff9606a65e65d084f028c6f8bb2585df8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 22 Sep 2021 11:00:04 GMT
server: cloudflare
age: 115
etag: W/"c3d716ffa0afd71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7918d74c2ee62ba9-FRA

GET
H2 200 datepicker-ar.js Show response
koraplus.com/Scripts/ 2 KB
955 B 111ms
81ms Script
application/javascript 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://koraplus.com/Scripts/datepicker-ar.js
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: f653f82c4af64ae786aad3d9171cb7b5bb8c27b9e17214d5333bf418bda83eff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 28 Sep 2021 18:54:19 GMT
server: cloudflare
age: 115
etag: W/"3964933e9ab4d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7918d74c2ee72ba9-FRA

GET
H2 200 jquery.cookie.js Show response
koraplus.com/Scripts/ 4 KB
2 KB 113ms
83ms Script
application/javascript 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://koraplus.com/Scripts/jquery.cookie.js
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 1554b57dcc808805b65fab1604ce157f0e0cf7c18ab802e8b2c1825dee65f31e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 21 Oct 2021 21:22:07 GMT
server: cloudflare
age: 115
etag: W/"90ae5cb3c1c6d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7918d74c2ee82ba9-FRA

GET
H2 200 poll.js Show response
koraplus.com/Scripts/ 4 KB
1 KB 114ms
85ms Script
application/javascript 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://koraplus.com/Scripts/poll.js?ver=0.2
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: d68b04847ddc49ad6d39d9e9a2eee8f76a7edac3e3ac41889b556abee0615112

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 09 Nov 2021 15:45:23 GMT
server: cloudflare
age: 115
etag: W/"b46c10cf80d5d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7918d74c2eea2ba9-FRA

GET
H2 200 firebase-app.js Show response
www.gstatic.com/firebasejs/8.4.2/ 21 KB
7 KB 108ms
20ms Script
text/javascript 2a00:1450:400d:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.4.2/firebase-app.js

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

692fab6756ac1cdb625795b5fb15d0e6581617cbccbc8a9419890725eb4e0fd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 23 Jan 2023 16:03:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 577566
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6763
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 20:42:52 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 23 Jan 2024 16:03:32 GMT

GET
H2 200 firebase-messaging.js Show response
www.gstatic.com/firebasejs/7.16.1/ 38 KB
10 KB 136ms
48ms Script
text/javascript 2a00:1450:400d:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/7.16.1/firebase-messaging.js

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dde1862d4503d26b9d744368aebe02c9b197486f4b4413384d9c969358612b6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 11:38:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 247885
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10600
x-xss-protection: 0
last-modified: Thu, 16 Jul 2020 22:42:23 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 27 Jan 2024 11:38:13 GMT

GET
H2 200 localfirebase.js Show response
koraplus.com/Scripts/ 4 KB
1 KB 108ms
79ms Script
application/javascript 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://koraplus.com/Scripts/localfirebase.js?ver=0.6
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: d5258761def0acb055bd92dd017d29caefa83fbe45f64ba95b7da9c5f794da4b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 30 Mar 2022 08:42:46 GMT
server: cloudflare
age: 115
etag: W/"31fb22211244d81:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7918d74c2eeb2ba9-FRA

GET
H2 200 jquery.li-scroller-rtl.1.0.js Show response
koraplus.com/Scripts/ 6 KB
1 KB 124ms
94ms Script
application/javascript 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://koraplus.com/Scripts/jquery.li-scroller-rtl.1.0.js
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 83a38b28b67b7b73105898c2f8a757e1637bd81d9ff2f940e47da25c9250de62

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: gzip
cf-cache-status: REVALIDATED
last-modified: Thu, 21 Oct 2021 21:22:07 GMT
server: cloudflare
etag: W/"8dd55cb3c1c6d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7918d74c2eed2ba9-FRA

GET
H2 200 hb_450996_12971.js Show response
player.adtcdn.com/prebidlink/465296/ 1 B
559 B 65ms
20ms Script
application/javascript 2a06:98c1:3121::c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtcdn.com/prebidlink/465296/hb_450996_12971.js
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 619
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1
last-modified: Sun, 29 Jan 2023 20:52:10 GMT
server: cloudflare
etag: "63d6dc7a-1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QKjBOYqbCvH0U1JtgEeZrJ3KN6vI0MMnypB0e9XRvvJcFtwtCB6%2FtJIfACPXamoNmMBn3TwNgZyGwmjbkPmiu7nryo%2BzkTjvX4UJr0HzPv4%2B3wv3tN1ES1VaLs%2FQsfCH3%2BHFAaIuP6NllVxDCYvHLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=345600
accept-ranges: bytes
cf-ray: 7918d74d28706946-FRA
expires: Mon, 30 Jan 2023 08:34:19 GMT

GET
H2 200 wrapper_hb_450996_12971.js Show response
player.adtcdn.com/prebidlink/465296/ 127 B
406 B 67ms
22ms Script
application/javascript 2a06:98c1:3121::c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtcdn.com/prebidlink/465296/wrapper_hb_450996_12971.js
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ea995481d7dfddb5307f94aedabe955e8bdd9ba40b925007532997185cd35c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 20:52:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 619
etag: W/"63d6dc7a-7f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4vQhLrGCc5DErP6GL3v3MiMLyw30c4WgxkztzBYUCJg7R8dHMl3BN6S2n59Cage2XwJCB%2FQT9%2BrG9fqXSb6aeWgZ1vdG6eI9N1h2QBEF0PodGONHyAbC6A8ypfRZp04zy4dfnD0StUiJWT5%2BcpcHyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=345600
cf-ray: 7918d74d28726946-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Mon, 30 Jan 2023 08:34:19 GMT

GET
H2 200 fontawesome-webfont.woff2
koraplus.com/fonts/ 75 KB
76 KB 79ms
72ms Font
application/font-woff2 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://koraplus.com/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: koraplus.com
URL: https://koraplus.com/Content/font-awesome.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: https://koraplus.com/Content/font-awesome.min.css
Origin: https://koraplus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Thu, 27 May 2021 09:24:52 GMT
server: cloudflare
age: 34
etag: "2f99a26da52d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/font-woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c2edb2ba9-FRA
content-length: 77160

GET
H2 200 Hacen-Tunisia-Bd.ttf
koraplus.com/Content/textfont/ 60 KB
60 KB 77ms
69ms Font
application/octet-stream 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://koraplus.com/Content/textfont/Hacen-Tunisia-Bd.ttf
Requested by: Host: koraplus.com
URL: https://koraplus.com/Content/style.css?Ver8.1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: c04b6be769ad84324a5fc45305d9d4905741a014f42471415acc151fb49ea7b5

Request headers

Referer: https://koraplus.com/Content/style.css?Ver8.1
Origin: https://koraplus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Wed, 22 Sep 2021 11:07:05 GMT
server: cloudflare
age: 34
etag: "03084faa1afd71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/octet-stream
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c2edc2ba9-FRA
content-length: 61292

GET
H2 200 Hacen-Tunisia-Lt.ttf
koraplus.com/Content/textfont/ 60 KB
60 KB 87ms
80ms Font
application/octet-stream 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://koraplus.com/Content/textfont/Hacen-Tunisia-Lt.ttf
Requested by: Host: koraplus.com
URL: https://koraplus.com/Content/style.css?Ver8.1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 661eab5f8a15d4e3c5ef8a60c8c3ebb1266c01095295f2e960efe521bd1dce96

Request headers

Referer: https://koraplus.com/Content/style.css?Ver8.1
Origin: https://koraplus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: HIT
last-modified: Wed, 22 Sep 2021 11:07:05 GMT
server: cloudflare
age: 34
etag: "fd5684faa1afd71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/octet-stream
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c2edd2ba9-FRA
content-length: 61248

GET
H2 200 overlayimg.png
koraplus.com/images/ 12 KB
12 KB 94ms
94ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/overlayimg.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/Content/style.css?Ver8.1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: d9460efd0d58d26708a00e24810658caa07da309285cd09805d3599ab529d8e2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/Content/style.css?Ver8.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
cf-cache-status: REVALIDATED
last-modified: Tue, 05 Oct 2021 11:00:27 GMT
server: cloudflare
etag: "80972a34d8b9d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74c8fc72ba9-FRA
content-length: 12659

GET
DATA 200
OK truncated
/ 2 KB
2 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60280b8ab4c8d489c74567c55e14945b935c2f5937855f808163ee40a65f065f

Request headers

Referer
Origin: https://koraplus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 projectagora.min.js Show response
aghtag.tech/libs/ 301 KB
89 KB 59ms
24ms Script
application/javascript 2606:4700:3030::6815:1b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aghtag.tech/libs/projectagora.min.js
Requested by: Host: pahtfi.tech
URL: https://pahtfi.tech/c/koraplus.com.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:1b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1554993bfd6558071bd0f007fbc97c32c540ad0339cdda7a274740b4b214ea7f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M1N2NTB86KQC0AHS
age: 5677
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 90328
x-amz-id-2: Ziycdzs0jykuqJMB4FKYzZp//ZTOBBQcCl0ew/L+DuS4tkSCPOZVctW3fB0OX1AjusaER3IEgEY=
last-modified: Mon, 23 Jan 2023 12:53:55 GMT
server: cloudflare
etag: "2c3fecba794ee3a60bb8d2e93da739a4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RBFIzbgbhaVlcK0exnNLlZu%2BXaOZiydOTvzhpTbieapV7WgNB%2BqgnCAQbZvdLWVRgzePzOCdSkdyZkGWlpNf%2B%2BiHPZDqrRMUogAulZyaoGiO0IOg2EXEKrzY0K6jabmmnymdfpVup5BwEw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74d2e1d9bfe-FRA

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 85ms
21ms Script
text/javascript 2a00:1450:400d:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-210964759-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 30 Jan 2023 08:21:44 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 474
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Mon, 30 Jan 2023 10:21:44 GMT

GET
H2 200 pubads_impl_2023012301.js Show response
securepubads.g.doubleclick.net/gpt/ 385 KB
130 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79e66558ee620ce57bc0a6be17a96c32074065e763b49f0be5551799623943a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 19:22:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 133611
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133281
x-xss-protection: 0
last-modified: Mon, 23 Jan 2023 09:36:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 28 Jan 2024 19:22:47 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 296 B
154 B 62ms
44ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=koraplus.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4914edf792cd8345c867600b764bac13f44022dd709aa02528a0c24405d6aa81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 129
x-xss-protection: 0
expires: Mon, 30 Jan 2023 08:29:38 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 80 KB
27 KB 139ms
63ms Script
text/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: jscdn.greeter.me
URL: https://jscdn.greeter.me/dynamicpod.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

42ce9ee9e51344dc1182f0d456164af3530858ff5ee4e53303d7982c04ed897b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27567
x-xss-protection: 0
server: sffe
etag: "1467 / 619 of 1000 / last-modified: 1674860937"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 30 Jan 2023 08:29:38 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
207 B 42ms
42ms XHR
text/plain 2a00:1450:400d:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=308029290&t=pageview&_s=1&dl=https%3A%2F%2Fkoraplus.com%2F&dp=%2F&ul=en-us&de=UTF-8&dt=%D9%83%D9%88%D8%B1%D8%A9%20%D8%A8%D9%84%D8%B3%20-%20%D8%B4%D8%A7%D9%87%D8%AF%20%D9%85%D8%A8%D8%A7%D8%B1%D9%8A%D8%A7%D8%AA%20%D8%A7%D9%84%D8%AF%D9%88%D8%B1%D9%8A%20%D8%A7%D9%84%D9%85%D8%B5%D8%B1%D9%8A%20%D8%AD%D8%B5%D8%B1%D9%8A%D9%8B%D8%A7&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=1633286082&gjid=68955374&cid=998354678.1675067379&tid=UA-210964759-1&_gid=483444470.1675067379&_r=1&_slc=1&gtm=2ou1p0&z=1590180518

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://koraplus.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://koraplus.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ 63 KB
23 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6054746292d3567c660857d4e7ed6153dadda2b3d602245f4612deef4dba2bd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:14:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 927
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23828
x-xss-protection: 0
server: cafe
etag: 9010139400925747384
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Mon, 30 Jan 2023 09:14:12 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 56ms
20ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=koraplus.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 56ms
21ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=koraplus.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 23 KB
11 KB 381ms
381ms XHR
text/plain 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1101900434958132&correlator=2960136290804976&eid=31071821%2C31071978%2C31071579%2C31061691%2C31061692&output=ldjh&gdfp_req=1&vrg=2023012301&ptt=17&impl=fifs&iu_parts=21823462148%2CKoraP-DT-LB-HP&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=1&adks=347419830&didk=3526777989&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1675067379051&lmt=1675067379&dlt=1675067378490&idt=518&adxs=436&adys=130&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fkoraplus.com%2F&rumc=1101900434958132&rume=1&frm=20&vis=1&psz=728x90&msz=728x90&fws=0&ohw=0&ga_vid=998354678.1675067379&ga_sid=1675067379&ga_hid=308029290&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

790d85367eebba77271b554e30607cb15c27e8c0511db1195bcaa1c587fdbc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10725
x-xss-protection: 0
google-lineitem-id: 6162512613
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138414489310
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://koraplus.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 100 KB
33 KB 933ms
931ms XHR
text/plain 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1101900434958132&correlator=2960136290804976&eid=31071821%2C31071978%2C31071579%2C31061691%2C31061692&output=ldjh&gdfp_req=1&vrg=2023012301&ptt=17&impl=fifs&iu_parts=21823462148%2CKoraP-TO-HP-R&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600&ifi=2&adks=2755790177&didk=2362272946&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1675067379060&lmt=1675067379&dlt=1675067378490&idt=518&adxs=1440&adys=520&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fkoraplus.com%2F&rumc=1101900434958132&rume=1&frm=20&vis=1&psz=160x600&msz=160x600&fws=0&ohw=0&ga_vid=998354678.1675067379&ga_sid=1675067379&ga_hid=308029290&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0925a65ecf5aee65cb0672204243d734d81eb0fbd298bfe72c84a72e764d9339

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33614
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://koraplus.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 100 KB
33 KB 356ms
354ms XHR
text/plain 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1101900434958132&correlator=2960136290804976&eid=31071821%2C31071978%2C31071579%2C31061691%2C31061692&output=ldjh&gdfp_req=1&vrg=2023012301&ptt=17&impl=fifs&iu_parts=21823462148%2CKoraP-TO-HP-L&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600&ifi=3&adks=3107741676&didk=2338157819&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1675067379064&lmt=1675067379&dlt=1675067378490&idt=518&adxs=0&adys=520&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fkoraplus.com%2F&rumc=1101900434958132&rume=1&frm=20&vis=1&psz=160x600&msz=160x600&fws=0&ohw=0&ga_vid=998354678.1675067379&ga_sid=1675067379&ga_hid=308029290&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d1b2863b166d7c4a4118b2b6239927c70a1710811a8072381b7e8cbd71aad4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33597
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://koraplus.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 23 KB
10 KB 957ms
956ms XHR
text/plain 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1101900434958132&correlator=2960136290804976&eid=31071821%2C31071978%2C31071579%2C31061691%2C31061692&output=ldjh&gdfp_req=1&vrg=2023012301&ptt=17&impl=fifs&iu_parts=21823462148%2CKoraP-DT-MPU-HP&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=4&adks=528338454&didk=4125220831&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1675067379067&lmt=1675067379&dlt=1675067378490&idt=518&adxs=170&adys=546&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fkoraplus.com%2F&rumc=1101900434958132&rume=1&frm=20&vis=1&psz=300x250&msz=300x250&fws=0&ohw=0&ga_vid=998354678.1675067379&ga_sid=1675067379&ga_hid=308029290&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

22dc4541fb441d87e645cbbe94a553ef725b6c20b5243d9056ad3eb262017225

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10637
x-xss-protection: 0
google-lineitem-id: 6162512613
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138413974275
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://koraplus.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 23 KB
10 KB 639ms
637ms XHR
text/plain 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1101900434958132&correlator=2960136290804976&eid=31071821%2C31071978%2C31071579%2C31061691%2C31061692&output=ldjh&gdfp_req=1&vrg=2023012301&ptt=17&impl=fifs&iu_parts=21823462148%2CKoraP-BB-HP&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x250&ifi=5&adks=640944250&didk=3266247860&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1675067379069&lmt=1675067379&dlt=1675067378490&idt=518&adxs=315&adys=1931&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fkoraplus.com%2F&rumc=1101900434958132&rume=1&frm=20&vis=1&psz=970x250&msz=970x250&fws=0&ohw=0&ga_vid=998354678.1675067379&ga_sid=1675067379&ga_hid=308029290&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

239724041fc526faabece90d4308276165a939a325233bf6b806073ea0362a8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10635
x-xss-protection: 0
google-lineitem-id: 6162512613
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138413974302
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://koraplus.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 23 KB
10 KB 581ms
580ms XHR
text/plain 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1101900434958132&correlator=2960136290804976&eid=31071821%2C31071978%2C31071579%2C31061691%2C31061692&output=ldjh&gdfp_req=1&vrg=2023012301&ptt=17&impl=fifs&iu_parts=21823462148%2CKoraP-DT-MPU2-HP&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=6&adks=3932142165&didk=2481419446&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1675067379071&lmt=1675067379&dlt=1675067378490&idt=518&adxs=209&adys=5522&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fkoraplus.com%2F&rumc=1101900434958132&rume=1&frm=20&vis=1&psz=300x250&msz=300x250&fws=0&ohw=0&ga_vid=998354678.1675067379&ga_sid=1675067379&ga_hid=308029290&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

557e7845dab99ff76a9171993b52cd53f203fd9f178698c497fffc93dc4025e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10670
x-xss-protection: 0
google-lineitem-id: 6163997747
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138414372748
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://koraplus.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 39 KB
13 KB 383ms
381ms XHR
text/plain 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1101900434958132&correlator=2960136290804976&eid=31071821%2C31071978%2C31071579%2C31061691%2C31061692&output=ldjh&gdfp_req=1&vrg=2023012301&ptt=17&impl=fifs&iu_parts=21939239661%3A21823462148%2Capl%2Cpod%2Cinter&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=1x1&ifi=7&adks=1070347424&didk=3950034169&sfv=1-0-40&ists=1&fas=8&sc=1&cookie_enabled=1&abxe=1&dt=1675067379073&lmt=1675067379&dlt=1675067378490&idt=518&adxs=-9&adys=-9&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fkoraplus.com%2F&rumc=1101900434958132&rume=1&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=998354678.1675067379&ga_sid=1675067379&ga_hid=308029290&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b81fcf42ce76a67a6595d445766cc7e2721cc7f3644ea6fd97ca59d615e0af83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13507
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://koraplus.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 35 KB
12 KB 599ms
598ms XHR
text/plain 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1101900434958132&correlator=2960136290804976&eid=31071821%2C31071978%2C31071579%2C31061691%2C31061692&output=ldjh&gdfp_req=1&vrg=2023012301&ptt=17&impl=fifs&iu_parts=21939239661%3A21823462148%2Capl%2Canchor%2Canchortop&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=1x1&ifi=8&adks=1518370406&didk=1863762736&sfv=1-0-40&ists=1&fas=2&sc=1&cookie_enabled=1&abxe=1&dt=1675067379075&lmt=1675067379&dlt=1675067378490&idt=518&adxs=-9&adys=-9&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fkoraplus.com%2F&rumc=1101900434958132&rume=1&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=998354678.1675067379&ga_sid=1675067379&ga_hid=308029290&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9f8bae50462873e199984cc7074ccdd15688fde3a50c544f6c19fe64c243e2ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12219
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://koraplus.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 913A 6 KB
3 KB 89ms
16ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://koraplus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:39 GMT
expires: Tue, 30 Jan 2024 08:29:39 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_page_level_ads_2023012301.js Show response
securepubads.g.doubleclick.net/gpt/ 37 KB
13 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2023012301.js?cb=31071978

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d7b90c0434242c2d1abcac7162ca8a7933530b32c27b57914b85bb7cee060a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 00:34:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 287717
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13724
x-xss-protection: 0
last-modified: Mon, 23 Jan 2023 09:36:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 27 Jan 2024 00:34:22 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
347 B 62ms
21ms XHR
text/plain 2a00:1450:400c:c04::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-210964759-1&cid=998354678.1675067379&jid=1633286082&gjid=68955374&_gid=483444470.1675067379&_u=YEBAAUAAAAAAACAAI~&z=1545011570

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://koraplus.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 30 Jan 2023 08:29:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://koraplus.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Iconavatar.png
koraplus.com/images/ 702 B
803 B 30ms
30ms Image
image/png 2606:4700:10::ac43:1472
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://koraplus.com/images/Iconavatar.png
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 0c1807a475ca0db71b01247d5d3627bdb55cfe09008b51cb59082cc2c351ad5f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
cf-cache-status: REVALIDATED
last-modified: Tue, 05 Oct 2021 11:00:27 GMT
server: cloudflare
etag: "80972a34d8b9d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7918d74f8cb02ba9-FRA
content-length: 702

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 240ms
212ms Image
image/gif 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-210964759-1&cid=998354678.1675067379&jid=1633286082&_u=YEBAAUAAAAAAACAAI~&z=1521774341

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 119ms
56ms Image
image/gif 2a00:1450:400d:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-210964759-1&cid=998354678.1675067379&jid=1633286082&_u=YEBAAUAAAAAAACAAI~&z=1521774341

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
12 KB 201ms
126ms XHR
application/json 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023012301&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f5017b9c723e086637bbdccf5b66cfbfafb555e27d824e43c8eb64836d1c1036

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11441
x-xss-protection: 0

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
349 B 121ms
52ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_stats&su=koraplus.com&doc=complete&pg_h=6745&pg_w=1600&pg_hs=6745&c=6&aa_c=0&av_h=340&av_w=436.333&av_a=108336.667&s=10&all_s=10&b=562.625&all_b=562.625&d=0.302&all_d=0.302&ard=0.060&all_ard=0.060&dt=d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0889 6 KB
3 KB 9ms
8ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://koraplus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:39 GMT
expires: Tue, 30 Jan 2024 08:29:39 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1762 0
0 46ms
45ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsurqLDz2MM5SI8djs3C75doafqCf2VCnPOxq0t605VJl9Z7Bb8c38qTn4FFDIlh3Hx-89CNzhK7BC1oqLb3dkCuG7F0fGeJ-X7nl7sCWhcz_spgkCZcWe5eNcZi1aKg-yxRyz8muU4nCMY2IQ3ph7BGnm0Bbi4mW2edvUacp5M7HNg6XSQcBkWnR-dwyky-D93ADzlglrAxyfJTioPpFqcx3EK5Gka2e-WGMKkiZpXxl89MWyKXE4x3OqI7cBuwKdGSJkZXFQKsOh4gZPWTbz0uSI_FvhgUPrjyja6qXnZbPyJo9z_l3u3nfmFHDYB4djijmA&sai=AMfl-YSchzzSyamU-h64hD6imN6jX6ngQcJDOO2rWVuiJiOgyz3bZzW_CbM4KcKFG7Q4mi3ULtzHhcThOIkVZ8npfnzD84xRP2Lwd6izcydCrR5L-cqkBXgpEiLTO7VpANuysZuUdS6y0lKG4n6Kh5htPmA&sig=Cg0ArKJSzHWuqp1dMRGCEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 30 Jan 2023 08:29:39 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 1762 80 KB
27 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a26780461fa5b189686ca3891aeed135a2c599eecb4d1c80a6b0f3b2e91bf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27567
x-xss-protection: 0
server: sffe
etag: "1467 / 142 of 1000 / last-modified: 1674860937"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 30 Jan 2023 08:29:39 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1762 156 KB
48 KB 65ms
65ms Script
text/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

948dfd7372d70c12a80472d86b4033d93adbb52d02d4585d519416c4f4b4be62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49065
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1674650782302584"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 30 Jan 2023 08:29:39 GMT

GET
H3 200 container.html Show response
29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame CC00 6 KB
3 KB 11ms
10ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://koraplus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:39 GMT
expires: Tue, 30 Jan 2024 08:29:39 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame 0889 4 KB
694 B 105ms
43ms Stylesheet
text/css 2a00:1450:400d:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 30 Jan 2023 08:03:02 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 30 Jan 2023 08:29:39 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/ Frame 0889 2 KB
819 B 121ms
43ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:35:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82444
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:35:35 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 0889 0
0 54ms
53ms Fetch
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CNV8Z83_XY6abB4f5xwKz54ow15rAoG7HzK-svw7v06K9wAEQASDenax1YJX68IGMB6ABsLqh1wPIAQmpAthR_5RtO7I-4AIAqAMByAPLBKoE5QFP0FqBvIaZAqq0FDOBrm_bPyM4vLrpWWUODVmBQCEedTQgFFVGwFsCqUYsm2Nm1c_5RkkB9XfuVFeWYNAQM3gdd1rD7BK-Gli-YWYCC1zFJ7rjIPo0UbCzZMS0HJjhHMU6MxJlg5590pBJOA5C921be4IEXLfvhdyNR1v8HXmks5IEbofBvbfTFiTpt5nU6g3XOp5uVB_RfLCSgux3Y_N8yNB-9UanlaSoAKmnjnxk0y0FI9fwHyVVlf3QpK71l63tSmPwJ9s2-WyscTGc6HklZqyzflwwbnJOCBVDdgxD8XIdMJP8wATRnKmq4APgBAGSBQQIBBgBkgUECAUYBKAGLoAHxfetPqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB6a-G9gHAPIHBBDVqQnSCBEIgOGAEBABGB0yAqoCOgKAQIAKA8gLAdgTDIgUAtAVAYAXAbIXHgocCAASFHB1Yi03MjA5ODA4MjQyNzE0MTg0GOzgcA&sigh=QDJCcYp7DFo&uach_m=[UACH]&cid=CAQSSwDUE5ymMM5tStGOyrMVmMpR-PRiiGsQuTdbaU6giGx5u37v8iqoC20dY4p0wWRF7PILmHah7mzwGMd4ZlepCuUHMj2YJPMYoWV7IhgBIBM&template_id=494
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/ Frame 0889 22 KB
9 KB 97ms
21ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230124/r20110914/abg_lite_fy2021.js

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

682b9a643ebc5c5b7f54f802fe82d4d9117b6cdff3479110b81afdccfd6148c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 10:14:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80119
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8871
x-xss-protection: 0
server: cafe
etag: 9510037503091481574
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 10:14:20 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/ Frame 0889 3 KB
1 KB 117ms
43ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/window_focus_fy2021.js

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:55:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81265
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:55:14 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/ Frame 0889 18 KB
7 KB 97ms
24ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90fef9d0acae0cc250d08d7b98da896c6c0dc6bb33999ffce7819fad76e5ff02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:55:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81265
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7523
x-xss-protection: 0
server: cafe
etag: 641023367890010850
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:55:14 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0889 156 KB
48 KB 87ms
84ms Script
text/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

948dfd7372d70c12a80472d86b4033d93adbb52d02d4585d519416c4f4b4be62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49065
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1674650782302584"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 30 Jan 2023 08:29:39 GMT

GET
H2 200 8aec859a266e19fb42fee7f82edeac28.js Show response
www.gstatic.com/mysidia/ Frame 0889 33 KB
14 KB 21ms
20ms Script
text/javascript 2a00:1450:400d:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/8aec859a266e19fb42fee7f82edeac28.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07970172ef078d9a58aa9ed9e9b54dd1cfbfec021be21b0d0fc7484c5fd5a58a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:35:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82444
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14079
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 00:31:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sat, 29 Apr 2023 09:35:35 GMT

GET
DATA 200
OK truncated
/ Frame 0889 287 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 605b14697226eeb0be6b2c11db8206b70f4c8681c3f921e4ceca4793ce1a95ce

Request headers

Referer
Origin: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2

200

624907996767536446
tpc.googlesyndication.com/simgad/ Frame 0889
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDr3ZqF_gEQgAgYgAgyCFFyRh2Ouq9r
https://tpc.googlesyndication.com/simgad/624907996767536446

8 KB
9 KB

20ms
19ms

Image
image/png

2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/624907996767536446

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

484ec1c347c17d7d3b98d5058aa5d90bb5c7315f3a67f44611e902de4be50831

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 07:53:01 GMT
x-content-type-options: nosniff
age: 88598
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8502
x-xss-protection: 0
last-modified: Tue, 09 Apr 2019 09:00:52 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 07:53:01 GMT

Redirect headers

date: Sun, 29 Jan 2023 17:08:53 GMT
x-content-type-options: nosniff
server: cafe
age: 55246
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/624907996767536446
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 28 Feb 2023 17:08:53 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame CC00 4 KB
1 KB 83ms
42ms Stylesheet
text/css 2a00:1450:400d:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 30 Jan 2023 07:59:08 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 30 Jan 2023 08:29:39 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 4972 624 B
577 B 144ms
60ms Document
text/html 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIGpfRDM07aKAxjjz__dATAB&v=APEucNU_MqH6CqnxozsibIBO9pP7zv1Q2J16htMy4Vhqk2TIjMlaEFwKMMwpS1Es7cpdkV71cnO7UlkOHPfEA9_qFLwYFxoTWpCIivSyw_qQpO4tV-dyDZJMOc-2byLoPYubVEU8_gXiTQLyLr2FZ7VBbsg15rJR8Z1rS0SJHHlC51YHfpzikpw

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:39 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 217B 76 KB
27 KB 131ms
127ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc54379b6288f5970da471f0f64ca15f8c9e3a3819a0950608a45b7479d5a11f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27384
x-xss-protection: 0
server: cafe
etag: 10506132538256102613
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 30 Jan 2023 08:29:39 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/ Frame 217B 3 KB
1 KB 95ms
44ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/window_focus_fy2021.js

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:55:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81265
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:55:14 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/ Frame 217B 18 KB
7 KB 77ms
26ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90fef9d0acae0cc250d08d7b98da896c6c0dc6bb33999ffce7819fad76e5ff02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:55:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81265
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7523
x-xss-protection: 0
server: cafe
etag: 641023367890010850
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:55:14 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 217B 156 KB
48 KB 67ms
64ms Script
text/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

948dfd7372d70c12a80472d86b4033d93adbb52d02d4585d519416c4f4b4be62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49065
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1674650782302584"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 30 Jan 2023 08:29:39 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 217B 42 B
110 B 55ms
53ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D0aJf1uPVvCHG1rSxtdk5riJDcyJ9F2GQj7QK8b5s2Al7FAD6V69qIN-h2Cy-7FEQP3_qS8NBHJWHHldar6PN6kzCDcPqsRS3ZdAcOha8UaHZYmpk

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 217B 0
56 B 53ms
51ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=5882576267676795479&x=1&ct=76

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/elements/html/ Frame CC00 19 KB
8 KB 88ms
39ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230124/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f9788d7e66abe87bcc3b3da018a88a09a3092be671c3f7b87ca1ee8eee2b1d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:35:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82444
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8242
x-xss-protection: 0
server: cafe
etag: 13932103368176740555
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:35:35 GMT

GET
H3 200 pubads_impl_2023012501.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 1762 386 KB
130 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012501.js?cb=31071971

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f368aa8ed1ff20a7f45f67285eb393b6b164a71826955217eaac1aa54c31980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 07:21:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4080
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133524
x-xss-protection: 0
last-modified: Wed, 25 Jan 2023 09:36:27 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 30 Jan 2024 07:21:39 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ Frame 1762 296 B
154 B 44ms
43ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=koraplus.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4914edf792cd8345c867600b764bac13f44022dd709aa02528a0c24405d6aa81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 129
x-xss-protection: 0
expires: Mon, 30 Jan 2023 08:29:39 GMT

GET
DATA 200
OK truncated
/ Frame 1762 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8823ea38784d0074a289936b69c06984f58d713df6876137c0d0ca5e888a506c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 88ms
88ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 30 Jan 2023 08:29:39 GMT

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 1762 63 KB
23 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012501.js?cb=31071971

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6054746292d3567c660857d4e7ed6153dadda2b3d602245f4612deef4dba2bd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:14:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 927
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23828
x-xss-protection: 0
server: cafe
etag: 9010139400925747384
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Mon, 30 Jan 2023 09:14:12 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 1762 107 B
165 B 24ms
21ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=koraplus.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012501.js?cb=31071971

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 1762 107 B
165 B 22ms
19ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=koraplus.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012501.js?cb=31071971

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1762 18 KB
8 KB 303ms
303ms XHR
text/plain 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1104399846271448&correlator=4498814689962715&eid=31071830%2C31071971&output=ldjh&gdfp_req=1&vrg=2023012501&ptt=17&impl=fif&iu_parts=7047%3A22689983766%2Capl%2Cpod%2Cdisplaybackfill&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=728x90&ifi=1&adks=3234993216&sfv=1-0-40&sc=1&cookie=ID%3D7612e6859f797750%3AT%3D1675067379%3AS%3DALNI_MYNJ0AH3KC27zPNdJE4APJ7Hv7Gxw&gpic=UID%3D00000bcedd0b9e73%3AT%3D1675067379%3ART%3D1675067379%3AS%3DALNI_MYuKbhLwbGw3eU3uQJbRIz8vgRI3w&abxe=1&dt=1675067379676&lmt=1675067379&dlt=1675067379486&idt=164&adxs=436&adys=130&biw=1600&bih=1200&isw=728&ish=90&scr_x=0&scr_y=0&btvi=0&ucis=qp5ae981rzax&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=1&url=https%3A%2F%2Fkoraplus.com%2F&ref=https%3A%2F%2Fkoraplus.com%2F&top=https%3A%2F%2Fkoraplus.com%2F&rumc=1104399846271448&frm=23&vis=1&psz=0x0&msz=728x0&fws=256&ohw=0&ea=0&ga_vid=998354678.1675067379&ga_sid=1675067380&ga_hid=1373660410&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012501.js?cb=31071971

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a6fd8baabc0ac7193f41296a9d60010b647ed3864e35184ff769e5a9bae6de81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8577
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://koraplus.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3575 6 KB
3 KB 68ms
15ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012501.js?cb=31071971

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://koraplus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:39 GMT
expires: Tue, 30 Jan 2024 08:29:39 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 29B6 0
0 46ms
45ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuh1ot04n0YV7_1CpC94pN12Dn20Eh8fSyAj4BCKjryyqWArdVIwFEWgM0pQ6Zk8aYOFNIU0yeUNMsxlBx82BZciStvwcKbm2QXwkS-akIEVek75ZHKe1BcwVQhWTuUKpDMOo2JX8JXpI1LGnLlrD3XwsIyEekw1BFVg-y1MpV0h8XM1Pz0pVnFcQk8boSxc07r0cZ2z6FykFUnxFo7G_hrM8RwhbGRFpYKSA6wkHGW-3NvmDkd-LyDxCI6m7HkbH88lJtd0_sIfVnGZRp5SeAi145EnAVjvSklk3pYspHC_DVE8CCDJoseNs8jKk9FQwZVYXD_&sai=AMfl-YQkhdG7HYjIN-ZCYm9Uz7I755GaRyiMVvyJriYlxLOUHghDMv75MA165mQWAMQr7CvGuWKvfEBVLmI2g5O2MuxBeU72Yw1KLfA4B57P6ReODOfvGeBxCcGlXN_kKIHmpvwotNxbGN4UGJb1Vau73A&sig=Cg0ArKJSzKrtHHKKQqTIEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 29B6 80 KB
27 KB 48ms
48ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8b13571b81b3a86de8b0956321cb2b0bd6a5d280bda347322737794ff824743

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27567
x-xss-protection: 0
server: sffe
etag: "1467 / 733 of 1000 / last-modified: 1674860937"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 30 Jan 2023 08:29:39 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 29B6 156 KB
48 KB 141ms
141ms Script
text/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

948dfd7372d70c12a80472d86b4033d93adbb52d02d4585d519416c4f4b4be62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49065
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1674650782302584"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 30 Jan 2023 08:29:39 GMT

GET
H3 200 container.html Show response
29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F9C4 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://koraplus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:39 GMT
expires: Tue, 30 Jan 2024 08:29:39 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F260 0
0 45ms
45ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssUtU6wm8q0PjZhWELbEHbH138j2n8c1GR4Ybqb_N_NBW-Ll7O6XFvn7p7fJMQwcGeVmJgeowNOTeEdN3EKAVRCu2y_8xX2Dt7DiznhoAO4zn3PZZBAQAtFdz4ROF6b4QMID8LrSne10dW4q9joZEqvfBM1mbNPbykhIu4wsACA0iYobbbSsa9vvX4Jii5sijyGhxapGSPfK6ORGujDe311BE2NgRz3CRSIHFMbesUMBD68FbO3isnNXp9of41cpq5nJXcCik16O-q3frDP3wUoo5YyshVv75Czh84PEgE4juhFHmk7_B3ZDHqKEvoFFw&sai=AMfl-YSQG2OUjZzWZvRiaxFKNjriB9itrqF1EOTMFOqNGqOn4kxb5IVDXGhiB1PXUvwF7RLrtvXjiN4aoZp3bRT_QTfRaJzJaD70ArN2WUQrHYiW225s3gdWWFnNH6fONt3cnYgMgwItwJYwFf4uicD1bQ&sig=Cg0ArKJSzOU_9ujlLvvlEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame F260 80 KB
27 KB 52ms
52ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0ede6405822be4ff2f1a05c3e9a6218b48a8638c634db0df0e9443b7763e093b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27630
x-xss-protection: 0
server: sffe
etag: "1467 / 354 of 1000 / last-modified: 1674860937"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 30 Jan 2023 08:29:39 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F260 156 KB
48 KB 203ms
202ms Script
text/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

948dfd7372d70c12a80472d86b4033d93adbb52d02d4585d519416c4f4b4be62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49065
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1674650782302584"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 30 Jan 2023 08:29:39 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 4972
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFBrPmVi4G1NnV0r8MvtBow&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFBrPmVi4G1NnV0r8MvtBow&google_cver=1&C=1

43 B
632 B

9ms
9ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFBrPmVi4G1NnV0r8MvtBow&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIGpfRDM07aKAxjjz__dATAB&v=APEucNU_MqH6CqnxozsibIBO9pP7zv1Q2J16htMy4Vhqk2TIjMlaEFwKMMwpS1Es7cpdkV71cnO7UlkOHPfEA9_qFLwYFxoTWpCIivSyw_qQpO4tV-dyDZJMOc-2byLoPYubVEU8_gXiTQLyLr2FZ7VBbsg15rJR8Z1rS0SJHHlC51YHfpzikpw
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 30 Jan 2023 08:29:39 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 30 Jan 2023 08:29:39 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEFBrPmVi4G1NnV0r8MvtBow&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 4972
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y9d-8-2kfl1NMJoaX8d.DgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFBrPmVi4G1NnV0r8MvtBow&google_cver=1&google_hm=2

43 B
632 B

9ms
9ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFBrPmVi4G1NnV0r8MvtBow&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIGpfRDM07aKAxjjz__dATAB&v=APEucNU_MqH6CqnxozsibIBO9pP7zv1Q2J16htMy4Vhqk2TIjMlaEFwKMMwpS1Es7cpdkV71cnO7UlkOHPfEA9_qFLwYFxoTWpCIivSyw_qQpO4tV-dyDZJMOc-2byLoPYubVEU8_gXiTQLyLr2FZ7VBbsg15rJR8Z1rS0SJHHlC51YHfpzikpw
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 30 Jan 2023 08:29:40 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:39 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFBrPmVi4G1NnV0r8MvtBow&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 4972
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEBEGE8yiOo69QXzRIyYvuuc&google_cver=1

43 B
1 KB

19ms
7ms

Image
image/gif

37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEBEGE8yiOo69QXzRIyYvuuc&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIGpfRDM07aKAxjjz__dATAB&v=APEucNU_MqH6CqnxozsibIBO9pP7zv1Q2J16htMy4Vhqk2TIjMlaEFwKMMwpS1Es7cpdkV71cnO7UlkOHPfEA9_qFLwYFxoTWpCIivSyw_qQpO4tV-dyDZJMOc-2byLoPYubVEU8_gXiTQLyLr2FZ7VBbsg15rJR8Z1rS0SJHHlC51YHfpzikpw

Protocol

HTTP/1.1

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 30 Jan 2023 08:29:39 GMT
AN-X-Request-Uuid: fdf62726-f472-48e5-9fbe-7814a5945f9e
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 81.95.5.41; 81.95.5.41; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:39 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEBEGE8yiOo69QXzRIyYvuuc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 4972
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkyMTQ3MjMzOTkyMTUxMzAxNA%3D%3D

170 B
243 B

23ms
22ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkyMTQ3MjMzOTkyMTUxMzAxNA%3D%3D

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 30 Jan 2023 08:29:39 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 81.95.5.41; 81.95.5.41; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: b88cfa6b-d5d1-4279-96c3-583546df16dd
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkyMTQ3MjMzOTkyMTUxMzAxNA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 0889 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b86fb286eac373cbc81f520715a3d5a7b660c0ffed72a2c000b90844249dcd16

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 217B 0
20 B 53ms
52ms Ping
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7334207192888&version=m202209210101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 217B 0
20 B 52ms
51ms Ping
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7334207192888&version=m202209210101&ct=76&x=1&cor=5882576267676796000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 217B 100 KB
39 KB 84ms
84ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ChkFcZ0BLuUHSOZYlnsHOhcvSWUrifzu0Fcxy7DuaT0nojMEFFM27WAX5hDFAxLuJRdgmNIyu6VV7NTVcOqtEd1_cPQFZU4wpoH9RVb-ofw6SO2kkAePQdSs7Vn9XwlTkTc-3OkHsVfDqD8XxXX-OGmBfcigjMkBoqsVQ8xqEZ11I_3QE&dbm_d=AKAmf-BbOxSSXyyP9BCYLuT2lXePqUF-TTOGe8cQWApv4KmWxs63-asEkW2TmDCCs-lwvJl_u8scbFFnebD2Uba8X4_FRwH1GA7BLnc840GRdynx3dt2qz-ApbXWrIaqs7iV4dZ0scL48tsbkhNlctIHogWuaNd8dz_5X1houPLKOe5S2R7NVFbSP1fgbWlrvhbsTQCf3DyH30iY0Q2TC7-YpN4VAk7MKpy-8VL7Woqyv0mVbuV2xkcOhm65Kica2HL_cAO6yTZjS1uLuooYyOH5DWTP1fGQfjILJoBd5a_B8_a8EOY50hqIJjTmAjlzKHvujNk43AQCGGcVK2Cw7gGbjfAQjxBZmIgVO2CeAbGUho4GCpFFRUR2JXU0joJsK4Le7ojyjyj8qO5kdmwvB3ezIjg8Fd-px0L93NF1gKk81dq8SyCPytD_r4Pm2zA7ZHeIKAtnKcO0S2mWMvNJ-PiCtSvsYOdjhD0P9e7H4it0T5QtCnWGRpR8iZhHqRQB-ddJZyHVTP30PQG5sB-cf8ftXsMlvru2kmslesdL322ZB-pcItSReejHC-uZzCNiYLF70T7GrqYTJ9xkhEE9An4-EWXvaCC3TVpn-R6ltb0LP9Pso2cdLcTBXAKmsDgm1wsfNZ00GIlqwATNy2Ag_5a1rPxka8k9_nMrKDtJ7agspoShzlyggXNo-Kwth3Vlx-gxqRkmypMHSLrpozvSAKqG0CdyTB5OtTN91jojL3_x9Uk8gjEzJim_zcTe22oeAdYpuTSU0hAWRHEQXmebUd3IoUJi9mpBximmHDytb4Am-z9v3V1Eg2g4MaMTzcTgq1iXgqWxt9mrSw7pnW_UpYxfUFADAKsW06oZXk9zEMQs502kxICZIyUisyJ0b7M4abZzI125D6BW7zb2_jW9uPkKGesw8wiKfIRaastLDl8nbuSTLuxF5NdxBXMDNKo5XtNInpTNeBWFYCHUE5z7YhPA6vZF24R0n6a3hrpqJnLrbnWtQJKwqkyCPyfhV-5qBOmBvfzcjdX4As-cPBoSTxdEilaBWrF1P1BMIhLX0CEJ2xPijpuHrnJpyhya6S4dAR53P3VxBf4PZhwMuhI-o6od-KLDATWQCgVKSs_p6p5lxBuZFLLnuWoLewsyc9hJC0_4Qhyl0zrcBMgaB6iUPROl-qWlJooKA_FzFbAj2dQidvtCt13lVaGZ4thCPWTnMWQu1g6IK-ubN3kK0FuBpdesafYBnKmGiEw8HIQK5CK0mzmUBd2IjCOu4NFp1Zwg_7h_RoWA0X_PJ0YzJPadI52u9KoKExkh5BWjZkL4wN-kSyhayfM_F7NE4IJAwWy_sFHN8FE-C1eBPsrhLVhAJQayCLmv1K3gFeJ0DiCP1gDE23opsfg1Y65DA8GI-vg8LzjW2K0z98yafXIzmOyxtIhTj5gxCQlr_MhkKJv2Y9ZyS2u6m6Zp2808m4-KXhRRNir1Hidmt9pfzCHSIOXbx2U9y-AZAUDjQ6MAZc1CE793scCIN_yCgntVDxRkAmBpaafeIbFU0cwHgz73aaxYjIBGXzoebKcjRI3jGDH4AnqWPrGq-EnMXQz9g4GO7WcuaqBk4vIdn816M8WrVNHgnk8B0roDN6F54hNLbYkk5x8RmI-91M-U6KvZDQfsfwC2LTD-nkkP5tjGPAbsu7Shrpm3c4BGF972EMA7siqpbWdJd9Jq7iAO-62l6-7gk57PcRfzNi4Hji2tx_QfMmOdbj0HjjOKcL95zrJA1wYqk1pqB8XqzW1SjlEm807Z_w3fmRraE3_JOd9pCtPhHne9sFIDpxoqYa-qFwaGVT3HyTbuFITBocAWrB1R0xtwfCR7phqEzCBeSz3IWSx6AHgxAP-b5PfLuS-sR-M9JKHS2vaaLTH2d220FUSOUraUJYxH3OOYezRMJ-7EA0Phw2754U8_46MiiIYzK33hhVVOxRel5WwMZFMbDzeWuxzUEYpaiTHLS-5v3yWv2BWHifrCgJm-qDDiqR6Yg948RnjsDnSTR3jeRvRoUb5MP1MKfAx5KXC8QeU7BY2e6h4iM6wqww3O8xt2iTplMtw-DdMtcB9Lw0fQjLJLRxp855PRWP_sMXaov-kz5U12DH3JbB4EWqAf__g3Y1cW58YFpn9dLIXvVr_65J-iLsgxQMD44TcUi_OICy-rCgzyyoSNAIkavdWSHkfh3rs0lKytEwPSedNZXyEM0epq7CHZOWY0yr8c8XRJcvbziJpL0eYOMUxrRXd8QXmLrWO6_9uwfGkGHLyKZxQV_rK5lpnLd_ONxeCCdz2UcQ6burqFKQm_WEGVZgTylM8XJIC7i2daDXnJ_LrQxMXl5jKUBzQmHw-F4nSDbWo116EKxGpZxo_6CoJl1_1qDhwqDU1TbY-t-E8cYSTgH3-_gnOGZU06ZoKEWfQiuJSOnp1YkLVBs1std-Uaoh6GnMR-fMkoGhl0b0HaTPZrwgRv-PtstKMLTeNeWSXdPFwN3yh_ndI_3ljJHb0QZJaWzkULSS2s_B6RL_8fxQLZP-Y8Fd2pS3Szo1MIRYz1cf__h-EwjwX8iWgiAt-WYob_rF-wviY2G_eMkN-jRwAGu6_B66TalxzHecuFlg8O-Rt1wL038ikPxsizib0naCUg5_a9mMMbKxFEqGPMCQhG-y4ZkdyY9yJmwLijcmuzK-eTNX4s-BiDcjAvwsFKzHsCHVz_o4KUNwSOVAR3p3fPOdU3t8kA9Ez6ntw5JvVM8882jnNt38jpN7UkwjXZay1Kn5i5wwTk4HI8S3EnmFrAGoK6-gFIcmYVzOY1TAul4knIYD-0XVUvX-YXWsVlmp7zGR8UHhTWMKgBbm73osEfwHKqjDC4WKDuD4dChM59lx2JpKDum77p9gOuNvvsMI5VnmsYFXA9LuDYQErWBg0nKa8X397QritvQgRYxfzAM1SzV99r61cSFGXwaBCQZzALuQ_V-S8ZTA-kWYWCreo3aaVr2IapirqIp8LYMOuFHCt9UG3rIC56jnyDUmAAL2zF_kYz43jlN2etYDW6Iwqk9DYUJx7c9zwrYScRnbM8I5RxekBDB0sGA_lUadGny7olz-mMO5jtc5rHUM2cZSqFe385-N8Wn2XKcH3L3NywEFV4YoUC3GMWQN2fTCpashKEE0iFqq4_6W0XtaH45r87_GrjJOWM2xV-65HwZZt_dvky2d44AuESZLx6zWvGBWwN32PPrIrQx3bIoLO0QlBTxtuvTlOLCSjx2ReENnFnuVmPv5Z0fw1M7HpYCSadYuE5FgaU42o_nitTZTXpSnIvb6IYElRTg1lu72FDs8lo26T2C-Yl6lsBwgwAjAp_bFUEyG68b0r2M5r15IozHN3l2a-fAEkZaz5gz6ECv0APIKxlcyCmRfSUlruWNnjR22j5ObhaNsM3Ac4G0GSJaed7SYlTc8PbwykLQrtMZf8b1Z3yzDFgXpH7WFUvwK12SQZIXVOquhi1-EzqaBmeciTouaVOFxISutNW8tAfijotXKqkVRZI8p-s&cid=CAQSSwDUE5ymLc7m5eGsAI2QbKrYP7lewo1FNOxdCRQ-_GoBaGioSWEf3heOaA-ptDJO3eWqgPLIOaJOIw00jPnXhO2yuZ5RV5xa35mydBgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fkoraplus.com%2F&ds=l&xdt=1&iif=1&cor=5882576267676796000&adk=1761367587&idt=142&cac=0&dtd=7

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

33f49b689a021f6782e46a226c54759c119884f75702e459e6b3e00642071d9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39951
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame E3E1 640 B
420 B 59ms
57ms Document
text/html 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COzd5gEQkuXoARiSiNzeATAB&v=APEucNXWBpoAdtspwF5V4dpxVd09NFFVqG5UPxRIbqb7XFbFD-BuNrT8tWO7M2kl5fPLaDuUj-lNqeweDaNVe42u1_ZB6nBmh33PBC-ZK5_rDnXb11ykux3eQOsz7sOsZSYFigb19mIlcGc5ScTWCqNdQ-zUtrXTIilo6Bms2OKCXPFJ7e0nA3U

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:39 GMT
expires: Mon, 30 Jan 2023 08:29:39 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame D618 76 KB
27 KB 94ms
94ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc54379b6288f5970da471f0f64ca15f8c9e3a3819a0950608a45b7479d5a11f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27384
x-xss-protection: 0
server: cafe
etag: 10506132538256102613
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 30 Jan 2023 08:29:39 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/ Frame D618 3 KB
1 KB 22ms
20ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/window_focus_fy2021.js

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:55:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81265
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:55:14 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/ Frame D618 18 KB
7 KB 23ms
21ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90fef9d0acae0cc250d08d7b98da896c6c0dc6bb33999ffce7819fad76e5ff02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:55:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81265
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7523
x-xss-protection: 0
server: cafe
etag: 641023367890010850
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:55:14 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D618 156 KB
48 KB 122ms
121ms Script
text/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

948dfd7372d70c12a80472d86b4033d93adbb52d02d4585d519416c4f4b4be62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49065
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1674650782302584"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 30 Jan 2023 08:29:39 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame D618 42 B
63 B 54ms
52ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CdI-L_1NWY1-ZGzt2IjNY1Vt0rkE5L_XhZsPV0iWhyAz_13_8eYR4dhlDsUmT8FRBBUNc1bop3ibQYIUlG7KdcNZLYVY2Ar9jW0zhX0PJM8gEAZNw

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D618 0
20 B 54ms
53ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=14639601691310608623&x=1&ct=76

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 0889 16 KB
16 KB 83ms
20ms Font
font/woff2 2a00:1450:400d:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 23 Jan 2023 15:23:02 GMT
x-content-type-options: nosniff
age: 579997
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 23 Jan 2024 15:23:02 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 2DF8 13 KB
5 KB 20ms
20ms Document
text/html 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://koraplus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 257137
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 09:04:02 GMT
expires: Sat, 27 Jan 2024 09:04:02 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 2147 783 B
971 B 22ms
21ms Document
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bd954d2e5a86753af91258b8cf5e39cbae30241def15687ed2cf4942f3b7f42e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-A9qR90_iBDQSSXxvvuzrBg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://koraplus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-A9qR90_iBDQSSXxvvuzrBg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:39 GMT
expires: Mon, 30 Jan 2023 08:29:39 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1762 0
0 44ms
44ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv3DEFTfaEMAAdsKmknd_tuhLYP8uLtKSCQsOw_iU9fYO15T0bfW8Wr9R5FmbEqyrBHCzqvIpHSsgqnqP--LMoShAZEOIerKMAUmTifAfeaoHDM7J_6I_TpG2xgtUhHgpSz5PbOZOkMzolfRhprPpIdj6LkkVrqzzZAUjqXi-MSSCSVBfMJKQL-yBCkJQGYAombH-yP9Q8uhGal2IYmOOEZuqkjvyxsRMphvBCbpanyu0aBfJsiLSmy2d7j13tLQU93SP8HjZDUpDauerb9x5tl6tSsaibnLrl6XtFRp79uYF7-CAWnZYbyVj0mtjHvXvAosruZ&sai=AMfl-YQv0xrwCFoOJbUCXr1H9uQiojQa4j4d8YHq9mVIVX2lto9CF9ZV5-_he81ORIz1sXVZLwGnvGAlqDmr1xuVQ4q_mIPebhGadhJXtis_136Tu2qNOJLvAprd-OWtbwM6GzYhL2oSYMPT9brILXqcR78&sig=Cg0ArKJSzMCZUwzbi2SsEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 30 Jan 2023 08:29:39 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1762 15 KB
11 KB 65ms
63ms XHR
application/json 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023012501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012501.js?cb=31071971

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38c1430f98854ce2f91f8cdedac9d59a26a97c9350a235cfea678d27af78420e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11293
x-xss-protection: 0

GET
H3 200 pubads_impl_2023012501.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 29B6 386 KB
130 KB 12ms
8ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012501.js?cb=31071905

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f368aa8ed1ff20a7f45f67285eb393b6b164a71826955217eaac1aa54c31980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 07:17:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4345
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133524
x-xss-protection: 0
last-modified: Wed, 25 Jan 2023 09:36:27 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 30 Jan 2024 07:17:14 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ Frame 29B6 296 B
154 B 44ms
42ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=koraplus.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4914edf792cd8345c867600b764bac13f44022dd709aa02528a0c24405d6aa81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 129
x-xss-protection: 0
expires: Mon, 30 Jan 2023 08:29:39 GMT

GET
DATA 200
OK truncated
/ Frame 29B6 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b16a30a98167fc4a1dda480dd5e6f1c4875dda76053db2d662715e45793c1da4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 1762 63 KB
23 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6054746292d3567c660857d4e7ed6153dadda2b3d602245f4612deef4dba2bd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:14:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 927
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23828
x-xss-protection: 0
server: cafe
etag: 9010139400925747384
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Mon, 30 Jan 2023 09:14:12 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1762 0
20 B 54ms
54ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_stats&su=koraplus.com&doc=complete&pg_h=0&pg_w=728&pg_hs=90&c=0&aa_c=0&dt=d

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pubads_impl_2023011901.js Show response
securepubads.g.doubleclick.net/gpt/ Frame F260 385 KB
130 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011901.js?cb=31071977

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

506232725b472834278e60634b4137a0358256051a6fb7f6f03582964e756de9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 23:35:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32047
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133253
x-xss-protection: 0
last-modified: Thu, 19 Jan 2023 09:34:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 29 Jan 2024 23:35:32 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ Frame F260 296 B
154 B 47ms
46ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=koraplus.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4914edf792cd8345c867600b764bac13f44022dd709aa02528a0c24405d6aa81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:39 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 129
x-xss-protection: 0
expires: Mon, 30 Jan 2023 08:29:39 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame E3E1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENfW3nUmPB10qbq4xxbYLhw&google_cver=1

43 B
273 B

30ms
17ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENfW3nUmPB10qbq4xxbYLhw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COzd5gEQkuXoARiSiNzeATAB&v=APEucNXWBpoAdtspwF5V4dpxVd09NFFVqG5UPxRIbqb7XFbFD-BuNrT8tWO7M2kl5fPLaDuUj-lNqeweDaNVe42u1_ZB6nBmh33PBC-ZK5_rDnXb11ykux3eQOsz7sOsZSYFigb19mIlcGc5ScTWCqNdQ-zUtrXTIilo6Bms2OKCXPFJ7e0nA3U
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:39 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENfW3nUmPB10qbq4xxbYLhw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame E3E1 43 B
145 B 82ms
18ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COzd5gEQkuXoARiSiNzeATAB&v=APEucNXWBpoAdtspwF5V4dpxVd09NFFVqG5UPxRIbqb7XFbFD-BuNrT8tWO7M2kl5fPLaDuUj-lNqeweDaNVe42u1_ZB6nBmh33PBC-ZK5_rDnXb11ykux3eQOsz7sOsZSYFigb19mIlcGc5ScTWCqNdQ-zUtrXTIilo6Bms2OKCXPFJ7e0nA3U
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame E3E1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEJrD6X2Icas__SrNBPjpGbo&google_cver=1

23 B
172 B

160ms
80ms

Image
image/gif

104.96.128.226
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEJrD6X2Icas__SrNBPjpGbo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COzd5gEQkuXoARiSiNzeATAB&v=APEucNXWBpoAdtspwF5V4dpxVd09NFFVqG5UPxRIbqb7XFbFD-BuNrT8tWO7M2kl5fPLaDuUj-lNqeweDaNVe42u1_ZB6nBmh33PBC-ZK5_rDnXb11ykux3eQOsz7sOsZSYFigb19mIlcGc5ScTWCqNdQ-zUtrXTIilo6Bms2OKCXPFJ7e0nA3U
Protocol: H2
Server: 104.96.128.226 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-96-128-226.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

expires: Mon, 30 Jan 2023 08:29:40 GMT
pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:39 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEJrD6X2Icas__SrNBPjpGbo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame E3E1 23 B
172 B 189ms
68ms Image
image/gif 104.96.128.226
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COzd5gEQkuXoARiSiNzeATAB&v=APEucNXWBpoAdtspwF5V4dpxVd09NFFVqG5UPxRIbqb7XFbFD-BuNrT8tWO7M2kl5fPLaDuUj-lNqeweDaNVe42u1_ZB6nBmh33PBC-ZK5_rDnXb11ykux3eQOsz7sOsZSYFigb19mIlcGc5ScTWCqNdQ-zUtrXTIilo6Bms2OKCXPFJ7e0nA3U
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.96.128.226 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-96-128-226.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

expires: Mon, 30 Jan 2023 08:29:40 GMT
pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1319389/68771741/ Frame 217B 242 KB
73 KB 219ms
31ms Script
application/javascript 34.249.210.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1319389/68771741/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1010169620&ias_pubId=pub-2930805104418204&ias_chanId=1&ias_placementId=19517405192&bidurl=https://koraplus.com/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0ji2iKvuH54PZNnufY1kNje
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.210.67 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-210-67.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6fabf76746e0e6fe2e14da5f9d17d0c322eb78d5fb71592baa45208538fb4eee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 217B 106 KB
37 KB 96ms
20ms Script
text/javascript 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
Origin: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:35:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82444
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 30 Jan 2023 09:35:36 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230124/r20110914/elements/html/ Frame 217B 8 KB
3 KB 26ms
22ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230124/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ChkFcZ0BLuUHSOZYlnsHOhcvSWUrifzu0Fcxy7DuaT0nojMEFFM27WAX5hDFAxLuJRdgmNIyu6VV7NTVcOqtEd1_cPQFZU4wpoH9RVb-ofw6SO2kkAePQdSs7Vn9XwlTkTc-3OkHsVfDqD8XxXX-OGmBfcigjMkBoqsVQ8xqEZ11I_3QE&dbm_d=AKAmf-BbOxSSXyyP9BCYLuT2lXePqUF-TTOGe8cQWApv4KmWxs63-asEkW2TmDCCs-lwvJl_u8scbFFnebD2Uba8X4_FRwH1GA7BLnc840GRdynx3dt2qz-ApbXWrIaqs7iV4dZ0scL48tsbkhNlctIHogWuaNd8dz_5X1houPLKOe5S2R7NVFbSP1fgbWlrvhbsTQCf3DyH30iY0Q2TC7-YpN4VAk7MKpy-8VL7Woqyv0mVbuV2xkcOhm65Kica2HL_cAO6yTZjS1uLuooYyOH5DWTP1fGQfjILJoBd5a_B8_a8EOY50hqIJjTmAjlzKHvujNk43AQCGGcVK2Cw7gGbjfAQjxBZmIgVO2CeAbGUho4GCpFFRUR2JXU0joJsK4Le7ojyjyj8qO5kdmwvB3ezIjg8Fd-px0L93NF1gKk81dq8SyCPytD_r4Pm2zA7ZHeIKAtnKcO0S2mWMvNJ-PiCtSvsYOdjhD0P9e7H4it0T5QtCnWGRpR8iZhHqRQB-ddJZyHVTP30PQG5sB-cf8ftXsMlvru2kmslesdL322ZB-pcItSReejHC-uZzCNiYLF70T7GrqYTJ9xkhEE9An4-EWXvaCC3TVpn-R6ltb0LP9Pso2cdLcTBXAKmsDgm1wsfNZ00GIlqwATNy2Ag_5a1rPxka8k9_nMrKDtJ7agspoShzlyggXNo-Kwth3Vlx-gxqRkmypMHSLrpozvSAKqG0CdyTB5OtTN91jojL3_x9Uk8gjEzJim_zcTe22oeAdYpuTSU0hAWRHEQXmebUd3IoUJi9mpBximmHDytb4Am-z9v3V1Eg2g4MaMTzcTgq1iXgqWxt9mrSw7pnW_UpYxfUFADAKsW06oZXk9zEMQs502kxICZIyUisyJ0b7M4abZzI125D6BW7zb2_jW9uPkKGesw8wiKfIRaastLDl8nbuSTLuxF5NdxBXMDNKo5XtNInpTNeBWFYCHUE5z7YhPA6vZF24R0n6a3hrpqJnLrbnWtQJKwqkyCPyfhV-5qBOmBvfzcjdX4As-cPBoSTxdEilaBWrF1P1BMIhLX0CEJ2xPijpuHrnJpyhya6S4dAR53P3VxBf4PZhwMuhI-o6od-KLDATWQCgVKSs_p6p5lxBuZFLLnuWoLewsyc9hJC0_4Qhyl0zrcBMgaB6iUPROl-qWlJooKA_FzFbAj2dQidvtCt13lVaGZ4thCPWTnMWQu1g6IK-ubN3kK0FuBpdesafYBnKmGiEw8HIQK5CK0mzmUBd2IjCOu4NFp1Zwg_7h_RoWA0X_PJ0YzJPadI52u9KoKExkh5BWjZkL4wN-kSyhayfM_F7NE4IJAwWy_sFHN8FE-C1eBPsrhLVhAJQayCLmv1K3gFeJ0DiCP1gDE23opsfg1Y65DA8GI-vg8LzjW2K0z98yafXIzmOyxtIhTj5gxCQlr_MhkKJv2Y9ZyS2u6m6Zp2808m4-KXhRRNir1Hidmt9pfzCHSIOXbx2U9y-AZAUDjQ6MAZc1CE793scCIN_yCgntVDxRkAmBpaafeIbFU0cwHgz73aaxYjIBGXzoebKcjRI3jGDH4AnqWPrGq-EnMXQz9g4GO7WcuaqBk4vIdn816M8WrVNHgnk8B0roDN6F54hNLbYkk5x8RmI-91M-U6KvZDQfsfwC2LTD-nkkP5tjGPAbsu7Shrpm3c4BGF972EMA7siqpbWdJd9Jq7iAO-62l6-7gk57PcRfzNi4Hji2tx_QfMmOdbj0HjjOKcL95zrJA1wYqk1pqB8XqzW1SjlEm807Z_w3fmRraE3_JOd9pCtPhHne9sFIDpxoqYa-qFwaGVT3HyTbuFITBocAWrB1R0xtwfCR7phqEzCBeSz3IWSx6AHgxAP-b5PfLuS-sR-M9JKHS2vaaLTH2d220FUSOUraUJYxH3OOYezRMJ-7EA0Phw2754U8_46MiiIYzK33hhVVOxRel5WwMZFMbDzeWuxzUEYpaiTHLS-5v3yWv2BWHifrCgJm-qDDiqR6Yg948RnjsDnSTR3jeRvRoUb5MP1MKfAx5KXC8QeU7BY2e6h4iM6wqww3O8xt2iTplMtw-DdMtcB9Lw0fQjLJLRxp855PRWP_sMXaov-kz5U12DH3JbB4EWqAf__g3Y1cW58YFpn9dLIXvVr_65J-iLsgxQMD44TcUi_OICy-rCgzyyoSNAIkavdWSHkfh3rs0lKytEwPSedNZXyEM0epq7CHZOWY0yr8c8XRJcvbziJpL0eYOMUxrRXd8QXmLrWO6_9uwfGkGHLyKZxQV_rK5lpnLd_ONxeCCdz2UcQ6burqFKQm_WEGVZgTylM8XJIC7i2daDXnJ_LrQxMXl5jKUBzQmHw-F4nSDbWo116EKxGpZxo_6CoJl1_1qDhwqDU1TbY-t-E8cYSTgH3-_gnOGZU06ZoKEWfQiuJSOnp1YkLVBs1std-Uaoh6GnMR-fMkoGhl0b0HaTPZrwgRv-PtstKMLTeNeWSXdPFwN3yh_ndI_3ljJHb0QZJaWzkULSS2s_B6RL_8fxQLZP-Y8Fd2pS3Szo1MIRYz1cf__h-EwjwX8iWgiAt-WYob_rF-wviY2G_eMkN-jRwAGu6_B66TalxzHecuFlg8O-Rt1wL038ikPxsizib0naCUg5_a9mMMbKxFEqGPMCQhG-y4ZkdyY9yJmwLijcmuzK-eTNX4s-BiDcjAvwsFKzHsCHVz_o4KUNwSOVAR3p3fPOdU3t8kA9Ez6ntw5JvVM8882jnNt38jpN7UkwjXZay1Kn5i5wwTk4HI8S3EnmFrAGoK6-gFIcmYVzOY1TAul4knIYD-0XVUvX-YXWsVlmp7zGR8UHhTWMKgBbm73osEfwHKqjDC4WKDuD4dChM59lx2JpKDum77p9gOuNvvsMI5VnmsYFXA9LuDYQErWBg0nKa8X397QritvQgRYxfzAM1SzV99r61cSFGXwaBCQZzALuQ_V-S8ZTA-kWYWCreo3aaVr2IapirqIp8LYMOuFHCt9UG3rIC56jnyDUmAAL2zF_kYz43jlN2etYDW6Iwqk9DYUJx7c9zwrYScRnbM8I5RxekBDB0sGA_lUadGny7olz-mMO5jtc5rHUM2cZSqFe385-N8Wn2XKcH3L3NywEFV4YoUC3GMWQN2fTCpashKEE0iFqq4_6W0XtaH45r87_GrjJOWM2xV-65HwZZt_dvky2d44AuESZLx6zWvGBWwN32PPrIrQx3bIoLO0QlBTxtuvTlOLCSjx2ReENnFnuVmPv5Z0fw1M7HpYCSadYuE5FgaU42o_nitTZTXpSnIvb6IYElRTg1lu72FDs8lo26T2C-Yl6lsBwgwAjAp_bFUEyG68b0r2M5r15IozHN3l2a-fAEkZaz5gz6ECv0APIKxlcyCmRfSUlruWNnjR22j5ObhaNsM3Ac4G0GSJaed7SYlTc8PbwykLQrtMZf8b1Z3yzDFgXpH7WFUvwK12SQZIXVOquhi1-EzqaBmeciTouaVOFxISutNW8tAfijotXKqkVRZI8p-s&cid=CAQSSwDUE5ymLc7m5eGsAI2QbKrYP7lewo1FNOxdCRQ-_GoBaGioSWEf3heOaA-ptDJO3eWqgPLIOaJOIw00jPnXhO2yuZ5RV5xa35mydBgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fkoraplus.com%2F&ds=l&xdt=1&iif=1&cor=5882576267676796000&adk=1761367587&idt=142&cac=0&dtd=7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81570
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:50:09 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230124/r20110914/ Frame 217B 28 KB
11 KB 26ms
22ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230124/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3f9909775d48d612aae837f0153817e8addbfa082f901254471bced4d8c72691

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81570
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10810
x-xss-protection: 0
server: cafe
etag: 8766511519597269738
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:50:09 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1762 17 KB
6 KB 165ms
165ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012501.js?cb=31071971

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 30 Jan 2023 08:29:40 GMT

GET
H3 200 Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js Show response
pagead2.googlesyndication.com/bg/ Frame 0ABC 36 KB
14 KB 22ms
20ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35da5c6b61db6ad2f028dc52eddbe524529ee5f74cf6b1eda074131d2b64bb61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81520
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14214
x-xss-protection: 0
last-modified: Thu, 19 Jan 2023 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 29 Jan 2024 09:50:59 GMT

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 0889 63 KB
23 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6054746292d3567c660857d4e7ed6153dadda2b3d602245f4612deef4dba2bd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:14:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 927
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23828
x-xss-protection: 0
server: cafe
etag: 9010139400925747384
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Mon, 30 Jan 2023 09:14:12 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D618 0
20 B 52ms
52ms Ping
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9032617158028&version=m202209210101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D618 0
20 B 52ms
52ms Ping
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9032617158028&version=m202209210101&ct=76&x=1&cor=14639601691310608000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame D618 81 KB
34 KB 79ms
75ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D_rM9_rgclQos6icbhF-3zVf6JVhkGn-hPa7xOUyglLspDHO3eptpGXUok1aBBRYeT74jir_7EyKFaAqdsagtoHr9Iog&cry=1&dbm_d=AKAmf-Ai8BhaOuBeX2PtVO5cx9hmQD_U7bhiQMin6Thx_zrx6L3LSiT0X4Hv7rQlYhl4QGAsBHDRfVlin4BfINrO6heNXPWhJi5yIGZj5Dv9pldvSt7rDtQ4IFIvAKl26l76qneXZxg1TGPslMicZy1cixPig1IJVBoUFg8ZMT3dqvwRiYVxcOXyXjGEyk4xyYszxOC0yq9OiaouFKvpIaPebZC62eNnnBAR8V1n2vSlTOBh9eagQACbxuGPaZSeKmYH-4WmmykY5eK-yvL7n3toZq71oGiK8hfU8zGrUltIM3lslK08fHHsyBlzQG4VrWz1-KfAB8kC4ydnUOrbWkJuAumdK6rCsTZTiObu_SvfAnMgzBlQpmPoJcPJYFLxwnHhiV4cBmYgqJu-v_p7SUaVJEW4FrRiHmV3nW_mGhq-CZ7C8z-YL52hrx0DIDgwEHxdozh1pmUomNmQsfh1ldkaCYbN-28iL11vzszekaZFZ0Xxmo2g7mk5bSycc-blsN5m8kvZ7QkvKy_Pi2MgJwP5mvFM7SE08NWpXddRGLH73sLrbrm3YitoZ3hIQ8jgJaP-xEhPcx32o4jDxCEMjJaQpwzhyg1RSBJCGrwOYSOop_VLv6OC5T8HnT8uT4DyxqZ5TRHHj0K9sn5MNMcJzI1Jr3F3fbnll2UTOaftomoTs7Uz7iZxFY04Ou-zY0DguIruhGzBdcaw6TrkKMj5rF3cCc8SYvXJXfjvVNzNTt81_1315ov3pdCJmwquVKzKKCgA8ahccmkFmVXgrJd_ZGC_VLBDJHigfaEyd-TsCdsL8ekPjz-yLaCJpXZY66Avgh0odnvBSUDrA3VhAuWct1yNPbGPC3nsDABnn3Xn11HqIe5NPhyYGlMFqR3gT5cOGXNEYQ1vYm2eUStdux_cjt2_gfUpiBNU5eO6VbSggoIKywqyIckdFbpIWRw39y6Gz1DfX6D0H2rFMX7lYj4Q5ANqDy9tpVhlSc-TWNKff8NWiahYlIPRxPcV0mU_AiUWb_rxeX7Mmf2KgVnbWXUQDMmejzdxuFONBgPIbF59gNp7SIVu5If4Gdsm4ELpf7GNWvQ0Mii46xon676jecV-DspuHd3Pwd4B-uj1sGhcbb3NxCpUTj3MZpH1LmZnhT_12nR9yiYitkGqYt2ZqJPhbWEaC5EuivUoe9qLa2btdgDFFnJh0yRRyTn17p4Nu5YCnRNVWCKnO2rFNpiwTncuZwea16lUi-5M8KymuKoaMo8oTw3A4mPcmLkqEEOxZVW_4cgc_O1SLN_e-Y309Q4kt1YL34UUKeuoBY2EZsiIy-3e-q8cRT9u1WBwiIXeZrxaKQ0OmQtMO9AW85KbKfbAKpqFV9ifFEypA1XEAS6i72CnI5AgOEXmC7_5yIc5cU7L56ruxf4J1vrhrYoy_TJFCwsawWoSCYpkk2zKfntkkyP_samPOSHYBLLtc3U79mDR1XYmi05jfYWISDflzuxQYs64nYqiHPlhxmM-l2U52XFVOazI8uxK4t9KgT0GJL4dd7PdokDu-TtXtsByVnIWMQwIKamkWBNnGI0Xwc5KiiyxSveVNjaaXQfWuImZib5_xQN4kAyWFnLPI0vcjtQOX303yvaoaxH2SxeMJBSYl7ZhgeHbirbBjjtxG2qB_s7_wtwWG3CDmutlRLPnloAmyXwXrLMWVV0YgIXcQZ1uSGYuuEAtvoOKXob1_9RJZ3P0weLVrvwBD6Ey4iUVsTBAqHOgDb0SfNRCSs-UhlqOaRcYYHJp_Lg5XfvTpxk6LBV25G2zryLTL80dZI-vE-kT0OrLPMXJjkx-TreS4rSX2ngjt-e-bAofG97kCULr_AWpg4Zdmu-Z6vvyDlswV6FlTd3z2kuhEmzBxh4A5vcC_NuZrmVUq0sWAsuaI-jBPEsWP6CajWdeoKV9rpHI09-5Zx7vslR6a6F_q8Xu3LAIntxVdB5Vxbo5fGlwWJeWwnIWtkRoGHXY_Fd-PT_cvZsqTkU5JFpc75gz-p-48WckEFNudmkJOfuJHHyDjQUhC9CVRgXU1IBaKLFbgmrR9mKOpIDyLN5AoXNuzD7JRysFWa0jF6v8JYssPDi_oeYuQQD_iu5jASvIkgwxfMRMO9Nl150J00BbXfguuSuOul6Iofa4fQYoPLN4l28bCvMFHBvutiPCdFuhum38dl0-LEZJ-0K5wlT2Wr93lfnzq9OUTlFPW1UGLa6GgWCDr2ZIIFBovDI6RCG7kndEERxd9qSli3xQKXYqLX5JIKA8x7pEIFwZIkHeAFGNLccmwPnH8mxqqT6Sm3SeK8Baf3TNO-h1h1rpiJBEWxN12wkULPvJZkjBAvI8gSJ4wznDgTfLbwBbtODlQ-L1xdwAQ2zKrSFxEInDSPm_cnfNPotiNWpjR8WPNdceryDPwaUX67xbqMCmb217EwkZGjmY1DYOuGJDTuz8isYiJLFglAExT6fOJ_dsL44TD5we05DmnwK-MrezwSF7bCu7vAK1PgACde4a2CV_ly0mW0zpu0khdGeOaJWftlBKWYG6Pu7nmBZqduny4n9lHRo5wisRYtFRXWE2yZcXqtp8cglETLf851kHcpgbW2DZS0YzmZoFH9qf5EnSB0-LD4QU7Nogu3HWeQEanhx-El4YKlRRbISzemByCwu2Dn8PinMJhhFVghETqt1SMV24RSbnoiK3g2zk6X53Rv6rko-qYnvxT2m5B6TzzhEcolwHzlpysdIsZAqQs-Qm8mH29Pyd-5bs-xA5L_YGJXblG5WzhfwV7vZywXAxowlCBamPRK1VFADyvUtoaqKS5DGDEMFLEZg-dcakSfjAr9cDqkckwu-qKKJ-MbsGr9Fl5Maj8PohvVd8d5LSfi6rKb7MuvnaEa4G9InbhCqLE4sKbHAmq6K9goso83bT7NTqrPOvfZNBL7yLIoYMQfPYrpaEbBGn2sMU8r_TMEVJN1q1f5D4IUBuWteNbL6CK5AtFbLIHOKjfyM5R0QkQpL0tq3boZXETQGo8p66JaFN7REhqNOh2e0SJM1a5a-1TgBSXyYG2Un2AlvYFUxKz-uFa1Lkkt8-scMeX_sAvcy3N7focnhtUdomlRuyZSPDCudt5cPFZgytEsxMykbuDN422ktcTPioVDbtUOvUmsk2mEayVVyo-PiNcnwNAhns3wf1KaAhoHpGgou8_tHDV3HGJOnmZSKDAEaqs9GnHRwZ6otbgG-gsvWI22Nx_wIpHHSsK2dLALA6mGf9vYMBtFYvNYNOjDllOtretFQqH72Df59Qrr2MKvHC5_PU297DV5yGahW6y8s1UtvdaTvUGDTC7BXLoDzo5072WjNw-h2Bd2vKjY6k6-fimX7i2rh3rHqU525sligF-CTdsOh1Ehd-eUlODMLHc-4IbbS3dmpddMgnQViiY7drRqsOFYaRn4yF4Ab9NuISk8Y&cid=CAQSSwDUE5ymoSgBv5PG8T951DgIk32-BL0iboTY8h55Bc71pAsPrkDKtejnVGrHiqzYvgBXUUipNX4bgtLrEbQataqpq58dwG9syig7_xgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fkoraplus.com%2F&ds=l&xdt=1&iif=1&cor=14639601691310608000&adk=521587874&idt=105&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ad2d64b487aa8224a5d6b987709758d109703ad3f550f53533475aefee5920ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35072
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2147 0
0 53ms
51ms Image
text/html 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2023012301&jk=1101900434958132&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

GET
H3 200 container.html Show response
7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1FB5 6 KB
3 KB 11ms
11ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012501.js?cb=31071971

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://koraplus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:39 GMT
expires: Tue, 30 Jan 2024 08:29:39 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame F260 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 16ec8f36df26aeb2ba6324272d56729483881cc087fbc4359ea02d4b9eaa0c05

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 29B6 63 KB
23 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012501.js?cb=31071905

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6054746292d3567c660857d4e7ed6153dadda2b3d602245f4612deef4dba2bd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:14:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 928
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23828
x-xss-protection: 0
server: cafe
etag: 9010139400925747384
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Mon, 30 Jan 2023 09:14:12 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 29B6 107 B
122 B 43ms
42ms Script
application/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=koraplus.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012501.js?cb=31071905

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 29B6 107 B
122 B 23ms
23ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=koraplus.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012501.js?cb=31071905

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 29B6 17 KB
8 KB 480ms
479ms XHR
text/plain 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1091092376693124&correlator=3023148037491581&eid=31071678%2C31071905%2C31071578&output=ldjh&gdfp_req=1&vrg=2023012501&ptt=17&impl=fif&iu_parts=21939239661%3A21823462148%2Capl%2Cpod%2Cdisplaybackfill&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x250&ifi=1&adks=3757239826&sfv=1-0-40&sc=1&cookie=ID%3D1914e9122b5d389d%3AT%3D1675067379%3AS%3DALNI_MbgIJ_0rsD_oQSt-zkUTp2Szs05Ww&gpic=UID%3D00000bcedd043a25%3AT%3D1675067379%3ART%3D1675067379%3AS%3DALNI_MYW5lupZymOQped4v4RcRiAtTGw0w&abxe=1&dt=1675067380075&lmt=1675067380&dlt=1675067379699&idt=354&adxs=209&adys=5932&biw=1600&bih=1200&isw=300&ish=250&scr_x=0&scr_y=0&btvi=1&ucis=o7jqkzksf5cs&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=1&url=https%3A%2F%2Fkoraplus.com%2F&ref=https%3A%2F%2Fkoraplus.com%2F&top=https%3A%2F%2Fkoraplus.com%2F&rumc=1091092376693124&frm=23&vis=1&psz=0x0&msz=300x0&fws=256&ohw=0&ea=0&ga_vid=998354678.1675067379&ga_sid=1675067380&ga_hid=760862513&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012501.js?cb=31071905

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a20d8bedb6e500ed592c818c928337990bb6fc4754e900977a044d5362c681a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8144
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://koraplus.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 703D 6 KB
3 KB 66ms
16ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012501.js?cb=31071905

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://koraplus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:40 GMT
expires: Tue, 30 Jan 2024 08:29:40 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame AC90 6 KB
3 KB 9ms
8ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://koraplus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:39 GMT
expires: Tue, 30 Jan 2024 08:29:39 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame CC07 0
0 45ms
45ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsscN0Den3zzu8BVljKCZmsDV17XvaNWn9pWPM7lFnjy9wS2nQQEwTBJSLssz_yq3PoOEYbFFtNBR6N2lrQMYN-DfhNJQ6bqChoyznNsUoaLxDCbNRSDeDLUN0Z-lTtc3p9nQIZpulpqXzRCnYAb_Bed3CbmPzYOVpRkzlzzruJJT-mjYxtJ52ugVRSfm6O6gRwizdkoDHNM8SOXXWBYy4dGRfBgjQhjBTVR2z2VG5FU5WgEdVU9r9-M-wpjuPVCtxG5oJGyTs-BdoxzgAHRky-3KiFr4IywjEM-ut5ZFZEFkePiBVYx7DgS6ajPWJA053r18-A&sai=AMfl-YRW5B66zR_Dv51YpzkfQaZAwCkpNYCJvkW9pfAuWAo_HTj7Dl1OMvua8Qy8g8at0WYJy5Z9HFOUDbK1z1OfJ-YQXntmOGHfI6rl48xSzuyrOsP5LT-1mL5rAVrh8FwoMXO4wlSWQm_N4ScAm3kOa4c&sig=Cg0ArKJSzBx2kbVjwIF4EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame CC07 80 KB
27 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f98d93d382c543d6d3e782beb52be88829024419686e852be68626ca9f8b148

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27567
x-xss-protection: 0
server: sffe
etag: "1467 / 748 of 1000 / last-modified: 1674860937"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 30 Jan 2023 08:29:40 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CC07 156 KB
48 KB 67ms
67ms Script
text/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

948dfd7372d70c12a80472d86b4033d93adbb52d02d4585d519416c4f4b4be62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49065
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1674650782302584"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 30 Jan 2023 08:29:40 GMT

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame F260 63 KB
23 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011901.js?cb=31071977

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6054746292d3567c660857d4e7ed6153dadda2b3d602245f4612deef4dba2bd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:14:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 928
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23828
x-xss-protection: 0
server: cafe
etag: 9010139400925747384
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Mon, 30 Jan 2023 09:14:12 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame F260 107 B
122 B 42ms
42ms Script
application/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=koraplus.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011901.js?cb=31071977

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame F260 107 B
122 B 18ms
17ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=koraplus.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011901.js?cb=31071977

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame F260 20 KB
8 KB 295ms
295ms Fetch
text/plain 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4363826726186569&correlator=3080571422986177&eid=31071362%2C31071945%2C31071977%2C31071578&output=ldjh&gdfp_req=1&vrg=2023011901&ptt=17&impl=fif&iu_parts=21939239661%3A21823462148%2Capl%2Cpod%2Cdisplaybackfill&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=970x250&ifi=1&adks=172270240&sfv=1-0-40&sc=1&cookie=ID%3D90ae5177862ea6de%3AT%3D1675067379%3AS%3DALNI_Mbt9OXzPjg4xLVfY2--FS8GBduAiw&gpic=UID%3D00000bcedd1c7bd7%3AT%3D1675067379%3ART%3D1675067379%3AS%3DALNI_MbTFe39uMOx3_cgcpTrxvnr23FoOg&abxe=1&dt=1675067380162&lmt=1675067380&dlt=1675067379741&idt=397&adxs=315&adys=2341&biw=1600&bih=1200&isw=970&ish=250&scr_x=0&scr_y=0&btvi=1&ucis=7lbgz3vmywfa&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=1&url=https%3A%2F%2Fkoraplus.com%2F&ref=https%3A%2F%2Fkoraplus.com%2F&top=https%3A%2F%2Fkoraplus.com%2F&rumc=4363826726186569&frm=23&vis=1&psz=0x0&msz=970x0&fws=256&ohw=0&ea=0&ga_vid=998354678.1675067379&ga_sid=1675067380&ga_hid=2035241642&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011901.js?cb=31071977

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6de741cb338be473e912b88bc0671ceacbd1c7f23dbb7c447620e5d44c7b2d59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8472
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://koraplus.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0953 6 KB
3 KB 58ms
16ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011901.js?cb=31071977

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://koraplus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:40 GMT
expires: Tue, 30 Jan 2024 08:29:40 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js Show response
pagead2.googlesyndication.com/bg/ Frame 2DF8 36 KB
14 KB 22ms
20ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35da5c6b61db6ad2f028dc52eddbe524529ee5f74cf6b1eda074131d2b64bb61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81521
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14214
x-xss-protection: 0
last-modified: Thu, 19 Jan 2023 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 29 Jan 2024 09:50:59 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 217B 41 KB
15 KB 26ms
24ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81570
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 29 Jan 2024 09:50:10 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 1762 0
234 B 352ms
115ms Ping
image/gif 2607:f8b0:4009:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~ldijvafh&ctx=0&met.3=113.hc~112.hb&qqid.1=CI7XkqHw7vwCFZeQ1Qodpo8LVA
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4009:81a::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame E3F2 466 B
238 B 56ms
54ms Document
text/html 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COed9gIQ96fYjQIYn-X73gEwAQ&v=APEucNU9QzBnXodX1P_wr4YFakVFyWX5_F_37rNoU0NINJrFQKu5HcjuQFQTHgJzc5qWbFx-YcTgAYJS4KkQtgVaywqZUA0KMOMvGTRuGzPdqQUp8XkwUt8YjUHn4eKcXyOgyCbfsiF7APT21ge4Rn84dZhZ-u8wK9rW0x3b1gkuw0ExKOg9C4Q

Requested by

Host: 7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com
URL: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 215
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:40 GMT
expires: Mon, 30 Jan 2023 08:29:40 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 1FB5 76 KB
27 KB 98ms
97ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com
URL: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc54379b6288f5970da471f0f64ca15f8c9e3a3819a0950608a45b7479d5a11f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27384
x-xss-protection: 0
server: cafe
etag: 10506132538256102613
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 30 Jan 2023 08:29:40 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1FB5 42 B
63 B 54ms
52ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D9K5pSo1Y3x2mEyubMKuQPrXgEHGsiaDpHn0i5vgZvLeqrb33vySD_8CTzwHXjwf0OeHsyLkYzzyM-LxvwbxtHQI9NcxCPJIY2rGerfnKq4yX_C04

Requested by

Host: 7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com
URL: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1FB5 0
20 B 53ms
52ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=1763716832606824577&x=1&ct=76

Requested by

Host: 7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com
URL: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/ Frame 1FB5 3 KB
1 KB 21ms
19ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/window_focus_fy2021.js

Requested by

Host: 7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com
URL: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:55:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81266
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:55:14 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/ Frame 1FB5 18 KB
7 KB 22ms
21ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com
URL: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90fef9d0acae0cc250d08d7b98da896c6c0dc6bb33999ffce7819fad76e5ff02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:55:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81266
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7523
x-xss-protection: 0
server: cafe
etag: 641023367890010850
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:55:14 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 1FB5 0
0 17ms
16ms Image
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ3bT_54sb5-cqQlW3A5FACG-QmJIeyAwm3zE-XInSJ47oFdw9hZnDQ3kEwEZij3D6TVnbNuovx9sl8v0qxgf9PwOB4bw
Requested by: Host: 7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com
URL: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1FB5 156 KB
48 KB 96ms
94ms Script
text/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com
URL: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

948dfd7372d70c12a80472d86b4033d93adbb52d02d4585d519416c4f4b4be62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49065
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1674650782302584"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 30 Jan 2023 08:29:40 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame D618 106 KB
37 KB 23ms
22ms Script
text/javascript 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
Origin: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:35:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82444
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 30 Jan 2023 09:35:36 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230124/r20110914/elements/html/ Frame D618 8 KB
3 KB 21ms
20ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230124/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D_rM9_rgclQos6icbhF-3zVf6JVhkGn-hPa7xOUyglLspDHO3eptpGXUok1aBBRYeT74jir_7EyKFaAqdsagtoHr9Iog&cry=1&dbm_d=AKAmf-Ai8BhaOuBeX2PtVO5cx9hmQD_U7bhiQMin6Thx_zrx6L3LSiT0X4Hv7rQlYhl4QGAsBHDRfVlin4BfINrO6heNXPWhJi5yIGZj5Dv9pldvSt7rDtQ4IFIvAKl26l76qneXZxg1TGPslMicZy1cixPig1IJVBoUFg8ZMT3dqvwRiYVxcOXyXjGEyk4xyYszxOC0yq9OiaouFKvpIaPebZC62eNnnBAR8V1n2vSlTOBh9eagQACbxuGPaZSeKmYH-4WmmykY5eK-yvL7n3toZq71oGiK8hfU8zGrUltIM3lslK08fHHsyBlzQG4VrWz1-KfAB8kC4ydnUOrbWkJuAumdK6rCsTZTiObu_SvfAnMgzBlQpmPoJcPJYFLxwnHhiV4cBmYgqJu-v_p7SUaVJEW4FrRiHmV3nW_mGhq-CZ7C8z-YL52hrx0DIDgwEHxdozh1pmUomNmQsfh1ldkaCYbN-28iL11vzszekaZFZ0Xxmo2g7mk5bSycc-blsN5m8kvZ7QkvKy_Pi2MgJwP5mvFM7SE08NWpXddRGLH73sLrbrm3YitoZ3hIQ8jgJaP-xEhPcx32o4jDxCEMjJaQpwzhyg1RSBJCGrwOYSOop_VLv6OC5T8HnT8uT4DyxqZ5TRHHj0K9sn5MNMcJzI1Jr3F3fbnll2UTOaftomoTs7Uz7iZxFY04Ou-zY0DguIruhGzBdcaw6TrkKMj5rF3cCc8SYvXJXfjvVNzNTt81_1315ov3pdCJmwquVKzKKCgA8ahccmkFmVXgrJd_ZGC_VLBDJHigfaEyd-TsCdsL8ekPjz-yLaCJpXZY66Avgh0odnvBSUDrA3VhAuWct1yNPbGPC3nsDABnn3Xn11HqIe5NPhyYGlMFqR3gT5cOGXNEYQ1vYm2eUStdux_cjt2_gfUpiBNU5eO6VbSggoIKywqyIckdFbpIWRw39y6Gz1DfX6D0H2rFMX7lYj4Q5ANqDy9tpVhlSc-TWNKff8NWiahYlIPRxPcV0mU_AiUWb_rxeX7Mmf2KgVnbWXUQDMmejzdxuFONBgPIbF59gNp7SIVu5If4Gdsm4ELpf7GNWvQ0Mii46xon676jecV-DspuHd3Pwd4B-uj1sGhcbb3NxCpUTj3MZpH1LmZnhT_12nR9yiYitkGqYt2ZqJPhbWEaC5EuivUoe9qLa2btdgDFFnJh0yRRyTn17p4Nu5YCnRNVWCKnO2rFNpiwTncuZwea16lUi-5M8KymuKoaMo8oTw3A4mPcmLkqEEOxZVW_4cgc_O1SLN_e-Y309Q4kt1YL34UUKeuoBY2EZsiIy-3e-q8cRT9u1WBwiIXeZrxaKQ0OmQtMO9AW85KbKfbAKpqFV9ifFEypA1XEAS6i72CnI5AgOEXmC7_5yIc5cU7L56ruxf4J1vrhrYoy_TJFCwsawWoSCYpkk2zKfntkkyP_samPOSHYBLLtc3U79mDR1XYmi05jfYWISDflzuxQYs64nYqiHPlhxmM-l2U52XFVOazI8uxK4t9KgT0GJL4dd7PdokDu-TtXtsByVnIWMQwIKamkWBNnGI0Xwc5KiiyxSveVNjaaXQfWuImZib5_xQN4kAyWFnLPI0vcjtQOX303yvaoaxH2SxeMJBSYl7ZhgeHbirbBjjtxG2qB_s7_wtwWG3CDmutlRLPnloAmyXwXrLMWVV0YgIXcQZ1uSGYuuEAtvoOKXob1_9RJZ3P0weLVrvwBD6Ey4iUVsTBAqHOgDb0SfNRCSs-UhlqOaRcYYHJp_Lg5XfvTpxk6LBV25G2zryLTL80dZI-vE-kT0OrLPMXJjkx-TreS4rSX2ngjt-e-bAofG97kCULr_AWpg4Zdmu-Z6vvyDlswV6FlTd3z2kuhEmzBxh4A5vcC_NuZrmVUq0sWAsuaI-jBPEsWP6CajWdeoKV9rpHI09-5Zx7vslR6a6F_q8Xu3LAIntxVdB5Vxbo5fGlwWJeWwnIWtkRoGHXY_Fd-PT_cvZsqTkU5JFpc75gz-p-48WckEFNudmkJOfuJHHyDjQUhC9CVRgXU1IBaKLFbgmrR9mKOpIDyLN5AoXNuzD7JRysFWa0jF6v8JYssPDi_oeYuQQD_iu5jASvIkgwxfMRMO9Nl150J00BbXfguuSuOul6Iofa4fQYoPLN4l28bCvMFHBvutiPCdFuhum38dl0-LEZJ-0K5wlT2Wr93lfnzq9OUTlFPW1UGLa6GgWCDr2ZIIFBovDI6RCG7kndEERxd9qSli3xQKXYqLX5JIKA8x7pEIFwZIkHeAFGNLccmwPnH8mxqqT6Sm3SeK8Baf3TNO-h1h1rpiJBEWxN12wkULPvJZkjBAvI8gSJ4wznDgTfLbwBbtODlQ-L1xdwAQ2zKrSFxEInDSPm_cnfNPotiNWpjR8WPNdceryDPwaUX67xbqMCmb217EwkZGjmY1DYOuGJDTuz8isYiJLFglAExT6fOJ_dsL44TD5we05DmnwK-MrezwSF7bCu7vAK1PgACde4a2CV_ly0mW0zpu0khdGeOaJWftlBKWYG6Pu7nmBZqduny4n9lHRo5wisRYtFRXWE2yZcXqtp8cglETLf851kHcpgbW2DZS0YzmZoFH9qf5EnSB0-LD4QU7Nogu3HWeQEanhx-El4YKlRRbISzemByCwu2Dn8PinMJhhFVghETqt1SMV24RSbnoiK3g2zk6X53Rv6rko-qYnvxT2m5B6TzzhEcolwHzlpysdIsZAqQs-Qm8mH29Pyd-5bs-xA5L_YGJXblG5WzhfwV7vZywXAxowlCBamPRK1VFADyvUtoaqKS5DGDEMFLEZg-dcakSfjAr9cDqkckwu-qKKJ-MbsGr9Fl5Maj8PohvVd8d5LSfi6rKb7MuvnaEa4G9InbhCqLE4sKbHAmq6K9goso83bT7NTqrPOvfZNBL7yLIoYMQfPYrpaEbBGn2sMU8r_TMEVJN1q1f5D4IUBuWteNbL6CK5AtFbLIHOKjfyM5R0QkQpL0tq3boZXETQGo8p66JaFN7REhqNOh2e0SJM1a5a-1TgBSXyYG2Un2AlvYFUxKz-uFa1Lkkt8-scMeX_sAvcy3N7focnhtUdomlRuyZSPDCudt5cPFZgytEsxMykbuDN422ktcTPioVDbtUOvUmsk2mEayVVyo-PiNcnwNAhns3wf1KaAhoHpGgou8_tHDV3HGJOnmZSKDAEaqs9GnHRwZ6otbgG-gsvWI22Nx_wIpHHSsK2dLALA6mGf9vYMBtFYvNYNOjDllOtretFQqH72Df59Qrr2MKvHC5_PU297DV5yGahW6y8s1UtvdaTvUGDTC7BXLoDzo5072WjNw-h2Bd2vKjY6k6-fimX7i2rh3rHqU525sligF-CTdsOh1Ehd-eUlODMLHc-4IbbS3dmpddMgnQViiY7drRqsOFYaRn4yF4Ab9NuISk8Y&cid=CAQSSwDUE5ymoSgBv5PG8T951DgIk32-BL0iboTY8h55Bc71pAsPrkDKtejnVGrHiqzYvgBXUUipNX4bgtLrEbQataqpq58dwG9syig7_xgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fkoraplus.com%2F&ds=l&xdt=1&iif=1&cor=14639601691310608000&adk=521587874&idt=105&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81571
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:50:09 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230124/r20110914/ Frame D618 28 KB
11 KB 22ms
22ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230124/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3f9909775d48d612aae837f0153817e8addbfa082f901254471bced4d8c72691

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81571
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10810
x-xss-protection: 0
server: cafe
etag: 8766511519597269738
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:50:09 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame AC90 4 KB
717 B 47ms
46ms Stylesheet
text/css 2a00:1450:400d:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 30 Jan 2023 08:00:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 30 Jan 2023 08:29:40 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/ Frame AC90 2 KB
765 B 33ms
20ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:35:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82445
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:35:35 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame AC90 0
0 69ms
57ms Fetch
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CzC0a83_XY5SFK9SMmLAPiMqssATXmsCgbsfMr6y_Dv_Ror3AARABIN6drHVglfrwgYwHoAGwuqHXA8gBCakC2FH_lG07sj7gAgCoAwHIA8sEqgTfAU_QaiT9ZSKrpCtqnxTHH2bSWVO0XYKu50089OSE1MYAHsMKT50EjI8cbuRVrF717qR7m2D5-Eim5vhttr5AZMOlcehF-1aDdFDE2xGcyvv0KtFDu-D_eM2jIuwo0yQhM1Vcb6ZX4xbJFz9MryCYvLVgx-SUY3n7_6IxgTqRh6o2XU9-Te4asy-XlGtEyTtwNPswRwPfI4jt54OQRSuHP2v1BtDHK6Q5OnWFNQErD7Kf1HEV5cs3rghbYQ-m8Z61Hv6Ayq9AkxWoF1ORQTmFptKOjoJK-O71zjQHNmS9XivABNGcqargA-AEAZIFBAgEGAGSBQQIBRgEoAYugAfF960-qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgHpr4b2AcA8gcEEL-FDdIIEQiA4YAQEAEYHTICqgI6AoBAgAoDyAsB2BMMiBQC0BUBgBcBshceChwIABIUcHViLTcyMDk4MDgyNDI3MTQxODQY7OBw&sigh=CINBFRTcs4I&uach_m=[UACH]&cid=CAQSSwDUE5ymQBWbWRTfylHAAYdcn08Dj5hx5BwC-FCPrmzqYmLxDfa0J_azWsISuSUghNXIxm_qTOWNuATWyJcjJ77fqofOB_EWr2tXoBgBIBM&template_id=494
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/ Frame AC90 22 KB
9 KB 31ms
21ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230124/r20110914/abg_lite_fy2021.js

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

682b9a643ebc5c5b7f54f802fe82d4d9117b6cdff3479110b81afdccfd6148c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 10:14:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80120
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8871
x-xss-protection: 0
server: cafe
etag: 9510037503091481574
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 10:14:20 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/ Frame AC90 3 KB
1 KB 38ms
29ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/window_focus_fy2021.js

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:55:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81266
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:55:14 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/ Frame AC90 18 KB
7 KB 32ms
22ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90fef9d0acae0cc250d08d7b98da896c6c0dc6bb33999ffce7819fad76e5ff02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:55:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81266
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7523
x-xss-protection: 0
server: cafe
etag: 641023367890010850
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:55:14 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame AC90 156 KB
48 KB 228ms
221ms Script
text/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

948dfd7372d70c12a80472d86b4033d93adbb52d02d4585d519416c4f4b4be62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49065
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1674650782302584"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 30 Jan 2023 08:29:40 GMT

GET
H3 200 8aec859a266e19fb42fee7f82edeac28.js Show response
www.gstatic.com/mysidia/ Frame AC90 33 KB
14 KB 29ms
22ms Script
text/javascript 2a00:1450:400d:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/8aec859a266e19fb42fee7f82edeac28.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:802::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07970172ef078d9a58aa9ed9e9b54dd1cfbfec021be21b0d0fc7484c5fd5a58a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:35:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82445
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14079
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 00:31:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sat, 29 Apr 2023 09:35:35 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 0889 0
54 B 251ms
115ms Ping
image/gif 2607:f8b0:4009:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~ldijvaim&chm=1&c=1101900434958132&ctx=2&qqid=CObg7aDw7vwCFYf8UQods7MCBg&met.4=fb.2i~lb.8e~ol.dt~idt.3j~dt.-av&met.3=733.8h~748.8t~742.8h_d~555.9y~739.9y~556.9y_2~738.dq~749.dq_3~736.eh~735.f7_1~740.f8_1~113.lb_4~112.lb_4&met.1=1.ldijv9xb~6.0~7.0~8.0~9.0~10.0~12.1~13.9~14.a~15.1x~16.9x~17.9x~18.a0~19.dj~20.dj~21.dt~22.35~23.35&met.7=CBsQCBgBMAo48QNoAnAKeIkXgAHdFIgBkjCwAQG4AQM~CBIQBxgBIFsoWzDFAThqQFtIW1BbWJkBYG5omQFwxAF4_QaAAdEEiAGwH6oBEAoOUm9ib3RvOjQwMCw1MDCwAQG4AQM~CBwQChgBIF4oXjDYATh5aKwBcNcBeI4IgAHiBYgBkQywAQG4AQM~CCEQBBgBIF8oXzCVATg2~CAkQChgBIGAoYDDFAThlQGBIbFBsWKoBYIABaKwBcMEBeNNHgAGnRYgBhLABsAEBuAED~CB4QChgBIGEoYTDYATh3aKwBcNgBeIAMgAHUCYgBgRWwAQG4AQM~CBwQChgBIGEoYTDHAThmaKwBcMUBeI89gAHjOogB0o0BsAEBuAED~CCoQChgBIGEoYTDdATh8~CBsQChgBIGEoYTB_OB4~CAQQAhgBIGQo_QEwkwI4rwFo_QFwkQJ44kSAAbZCiAG2QpABZJgB2QGwAQG4AQM~CCgQChgBIJIEKJIEMJ8EOA1olARwmwR4wLwBgAGUugGIAeD3A7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4009:81a::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 hrb_ct_expat_filetoday_html_145_300x250_v1_na_y.html Show response
s0.2mdn.net/sadbundle/17559642657045610496/hrb_ct_expat_filetoday_html_145_300x250_v1_na_y/ Frame 7D49 39 KB
10 KB 75ms
25ms Document
text/html 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17559642657045610496/hrb_ct_expat_filetoday_html_145_300x250_v1_na_y/hrb_ct_expat_filetoday_html_145_300x250_v1_na_y.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

99a4048a29462dc43fc205f41fb3b3d57c4ea2725bd0b25af5e9004e02c8e74f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 359815
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 10011
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 26 Jan 2023 04:32:45 GMT
expires: Fri, 26 Jan 2024 04:32:45 GMT
last-modified: Wed, 11 Jan 2023 07:06:51 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame AC90 287 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 605b14697226eeb0be6b2c11db8206b70f4c8681c3f921e4ceca4793ce1a95ce

Request headers

Referer
Origin: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3

200

624907996767536446
tpc.googlesyndication.com/simgad/ Frame AC90
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDr3ZqF_gEQgAgYgAgyCFFyRh2Ouq9r
https://tpc.googlesyndication.com/simgad/624907996767536446

8 KB
8 KB

21ms
20ms

Image
image/png

2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/624907996767536446

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

484ec1c347c17d7d3b98d5058aa5d90bb5c7315f3a67f44611e902de4be50831

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 07:53:01 GMT
x-content-type-options: nosniff
age: 88599
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8502
x-xss-protection: 0
last-modified: Tue, 09 Apr 2019 09:00:52 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 07:53:01 GMT

Redirect headers

date: Sun, 29 Jan 2023 17:08:53 GMT
x-content-type-options: nosniff
server: cafe
age: 55247
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/624907996767536446
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 28 Feb 2023 17:08:53 GMT

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame E3F2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEFORHU0mJz98G0owLu92yT4&google_cver=1
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEFORHU0mJz98G0owLu92yT4&google_cver=1&__user_check__=1&sync_id=3d6727b4-a078-11ed-b9e5-1a3cf9d10306

43 B
549 B

15ms
15ms

Image
image/gif

185.94.180.125
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEFORHU0mJz98G0owLu92yT4&google_cver=1&__user_check__=1&sync_id=3d6727b4-a078-11ed-b9e5-1a3cf9d10306
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COed9gIQ96fYjQIYn-X73gEwAQ&v=APEucNU9QzBnXodX1P_wr4YFakVFyWX5_F_37rNoU0NINJrFQKu5HcjuQFQTHgJzc5qWbFx-YcTgAYJS4KkQtgVaywqZUA0KMOMvGTRuGzPdqQUp8XkwUt8YjUHn4eKcXyOgyCbfsiF7APT21ge4Rn84dZhZ-u8wK9rW0x3b1gkuw0ExKOg9C4Q
Protocol: HTTP/1.1
Server: 185.94.180.125 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 30 Jan 2023 08:29:40 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 109
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Mon, 30 Jan 2023 08:29:40 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: /partner?adv_id=7025&uid=CAESEFORHU0mJz98G0owLu92yT4&google_cver=1&__user_check__=1&sync_id=3d6727b4-a078-11ed-b9e5-1a3cf9d10306
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 55
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E3F2
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=M2Q2NzI3NGMtYTA3OC0xMWVkLWI5ZTUtMWEzY2Y5ZDEwMzA2

170 B
188 B

19ms
19ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=M2Q2NzI3NGMtYTA3OC0xMWVkLWI5ZTUtMWEzY2Y5ZDEwMzA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COed9gIQ96fYjQIYn-X73gEwAQ&v=APEucNU9QzBnXodX1P_wr4YFakVFyWX5_F_37rNoU0NINJrFQKu5HcjuQFQTHgJzc5qWbFx-YcTgAYJS4KkQtgVaywqZUA0KMOMvGTRuGzPdqQUp8XkwUt8YjUHn4eKcXyOgyCbfsiF7APT21ge4Rn84dZhZ-u8wK9rW0x3b1gkuw0ExKOg9C4Q

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 30 Jan 2023 08:29:40 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=M2Q2NzI3NGMtYTA3OC0xMWVkLWI5ZTUtMWEzY2Y5ZDEwMzA2
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 121
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E3F2
Redirect Chain

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS0udEc2VFdWRTJ1SEQ3ZnNjTzBSa1hlUGZMRkJ4R1NIQX5B

170 B
188 B

18ms
18ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS0udEc2VFdWRTJ1SEQ3ZnNjTzBSa1hlUGZMRkJ4R1NIQX5B

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS0udEc2VFdWRTJ1SEQ3ZnNjTzBSa1hlUGZMRkJ4R1NIQX5B
date: Mon, 30 Jan 2023 08:29:40 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 39D8 13 KB
5 KB 27ms
25ms Document
text/html 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://koraplus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 257138
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 09:04:02 GMT
expires: Sat, 27 Jan 2024 09:04:02 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0825 783 B
533 B 23ms
23ms Document
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

90cc8579d328b1937bb9cd2ff41057b7ea03db5adfa87ca1380503f1032944f1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-v1sTbCOuJVShpnGP-HsNNA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://koraplus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 511
content-security-policy: script-src 'report-sample' 'nonce-v1sTbCOuJVShpnGP-HsNNA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:40 GMT
expires: Mon, 30 Jan 2023 08:29:40 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 pubads_impl_2023012401.js Show response
securepubads.g.doubleclick.net/gpt/ Frame CC07 385 KB
130 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012401.js?cb=31071904

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1529002ff0f1d31928a5090c1f28de571b19464dcd04540a5dcff9be9277dffe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 07:37:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3142
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133217
x-xss-protection: 0
last-modified: Tue, 24 Jan 2023 09:35:15 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 30 Jan 2024 07:37:18 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ Frame CC07 307 B
159 B 44ms
44ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=koraplus.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

097844493adb2afc10cbac7aba243fb74c30a98828d9f7129c0a882352921194

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 134
x-xss-protection: 0
expires: Mon, 30 Jan 2023 08:29:40 GMT

GET
H2

200

4a.js Show response
static.adsafeprotected.com/ Frame 217B
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1319389/68771741/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1010169620&ias_pubId=pub-2930805104418204&ias_chanId=1&ias_placementId=19517405192&bidurl=ht...
https://static.adsafeprotected.com/4a.js

2 KB
2 KB

8ms
7ms

Script
application/javascript

2600:9000:214f:4200:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4a.js
Requested by: Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 2600:9000:214f:4200:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bbead98319b2bee5757af35b4eacf615df3e45da2f69cb999cd4694a26bfb90f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: Sq70PJFqww3tsUXKcixeKHqIxZk4FXUN
content-encoding: gzip
via: 1.1 a3c2566f9e36ad3cdf79fc6307fcf566.cloudfront.net (CloudFront)
date: Wed, 25 Jan 2023 19:44:37 GMT
x-amz-cf-pop: FRA53-C1
age: 391504
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Wed, 18 Jan 2023 19:44:29 GMT
server: AmazonS3
etag: W/"589d8955c4906ab1b8e63a2f92d932d3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: -W3IVvpDYrMinCn8PUSSjESin9mt_hYkQZxbpAzfRdW8VNSRwPy0gA==

Redirect headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
server: nginx
x-server-name: app02.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4a.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 8E8F 91 KB
23 KB 55ms
8ms Script
application/javascript 2600:9000:214f:4200:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:4200:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 a3c2566f9e36ad3cdf79fc6307fcf566.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 11292804
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: zoq-tO390GdSRH6WA9qs93SOTY_DQxdbkiIH2iYRNWYPvtr4PH4IuQ==

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 731C 22 KB
8 KB 20ms
20ms Document
text/html 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 81570
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 29 Jan 2023 09:50:10 GMT
expires: Mon, 29 Jan 2024 09:50:10 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame CC07 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6b66b48ce554fd29476b7d420d191826cfe13b84834c66a338de278d8658bcaa

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1FB5 0
20 B 52ms
52ms Ping
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8731378165337&version=m202209210101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1FB5 0
20 B 52ms
52ms Ping
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8731378165337&version=m202209210101&ct=76&x=1&cor=1763716832606824700

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 1FB5 81 KB
34 KB 76ms
75ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AFzT7PtoeUkZGrLKlBiyD2N7J3dpMp5JqjYoyj3QHjBgYCWrEUa34zzZDuOi8xkBrNp9jF5DrW05upsPe1KeclKrE5lw&cry=1&dbm_d=AKAmf-DR7pfDMMe8jnvNcGCBN0pUEciVvq0ayiVvFJmz8zp0aQTl0m4qr4Kg4CKsBfZkRK3QOI6gbkhUPGaTBMkaj53CXUclFqolYyvPAdXXlFYSRyPpw8aMm3B1_s2daILqhVfxniYWFEiDlSF-bN63kFQPRGKBa5obxN29IEsnL1leHeecwAhdQU7pfMR7eyzq1qyO7FFDyv01fk4_G6FxB70AjHa-zdbq0vjiB7lbev_Y39HmQONqDXiJ7Z_m1bi8PpvQQ2SL8F2mAc24B7K8FyWyvw6uoD6j1vau2DpF30tOJyXyCLFCt7c-qeZwlsngb0kiCjbjrNoPAa-__bRtNlo8XTmCSHJg9Ol6oVZ1fGkD01p0HnpCarF3EJO-yLwpitThjMA2V1FekETRXlC821sfYNjXyhwzZ9i-bg5Cul29HDBDLuwvCS9eCex_8-WCSIgKgyQG2ayq1UPe2QJkpMNNPczfi_Ex_Y20EfN76cM3dNG4JPpsu6BUoH9UN_Yf9XUQBPuxxtSCSCNLnRBSF6EiAeYHQ9r_hk5_EYqE4AftAEkcGdXsCc1piM9hm4BomDXLtzsJv95evwfvBf8i9OiTffDdz7r3Kk3uqMglyLF2oueEubcX6lGAkD4SJAV5lgkqAQfDmwcQuLHARzdspH6gAI4-yRdBfygv7N_KzAGwjowGa5uBW4-3r7DVXXmMd49Mld9HbLx6UqZLBoT406ouu6ANLqPZGPGXNg85Ye5Mj_ckufhcKOMdaAQp2LlgWBVQ6TtQCh9mhzpZ7y4sBjVmIR5ZbFwRKLJz784JjMwlGnWDNw2X88e9wTk2Wq_pRghS1azRPwLTMUGfvwGYPEFgbeZoR_SlhAS7STS5oez6gyZFnXlkoQQbW2QUH5oxCn4JwCy9hqo6k9sHzfOs8vsAXdn_sUH3snGKH4479d1STXnQ_76QrDgW3z78jshgn1kIm61zkHMo4OjMRYXbd-Y7wlpYoVsoLV3fGP2xJejnQ-KDO7lRXKk0dSrh8XZER6S1eNHEDr2N7pWTKkuNmut1V-YNoplHCx22Y1ckMKzEb40cgA-dFYiHI6FAYYQJ2gBNjfNPdlXDxCMnx_WS4LaAcCZn7BShACiNNa4ABoi5UPf857sjqT8HFMygwH-oHjaBYrXD61dJpSuQjLMIEb5IAX_xpC5_qdg_oRhZzbNGqdFfREAgeHLDox7KcQZUaVRd2ZhxsPSYFL0ZvHr7NWfnKxvokrwtv3Ch-giP2qUd1QMtZJsiBSAcPTgbhlQ5s7OHzc_EG1854q4NyOSxSr5vMw7bnTr8ba253Crm9uYGr4U49digr50EdS37ved6SvzQSceBEly1a0rUfWmMs7yTat9-dM-hjaCVyU60g9_rQYWGJKjBEYk6Ew2A0XHSLxNyqUaN1eR_BRMI3bHfqwp5EELBtuj7cJL8Z4w-XaBp9nNMM0_JR1eGWNMrXBv2wQBa4uTckGN7V4uJ-RM4H13bQZz9bLuQVKNts7kRTNZdLbEfUuQG8ReDUKNnYpEv9jgiRjJkIvPqb4uL9TfbR0Ob9hfjSH32b5sJDNt9WNywftes9kFOUsCSXYq1WsPXoNIGwhTWQiAZLFCcmoCDjGUnOJJJNTojuC_BgElphQ0QKWF9lm2rcmu97X2RW7YuHL5Ey3yWsVWsPzDrVh8blqIeXEhMSVbv4XscOQUHhvLf7uREe8170D9-xROqwMI6Kvt8dJnEpB7v8vd_knYzKHIn7NK5HHmfnV_Q5QGhQ5FjKRXr4rVMh82fkUuLVmiG3m6VuKJlpe8KZ9RZWtwP_g8NRrdC3__cTzN47Mewwahf6Lll5Yov-MjFw2J-2Dsw9H3al6ygwf7tHr768xfdQ6Sex2wFkLP_iNxm2XVM4GOwcIgv6Bbf3jpjSs4Ep4-9V7qYkelksOUKDwVwZq5p9h_nsT_KVi_L1q0TkpUG37PHgHOGvLgbaOc8dOMu9iBCcw6SnmNJ3bYvaPFecMRTbD30s4xZeC0hFemSOadVg723BEC-_SV06YFxvF_Je3Hg3UPJQjrCZyQ3_SasJzHSV7cno8jRdan6om-JwJKBl7eCCweNnrfgjQid6-DzmchTvMf_1tG7fVjwhK0aj7SzmSebGFRIO7VUz-IHI0K78jHv8RhfW7tluCXxEn03dOLo0fFzCWfxNmDxTYSY8YRQzRZHwKpxKc5JSc-dd1wn_tncHLiXxkLZ5FR-NbR0vT8x86OPTMjIC3esWgVVKA45P1VWFVylOCUqNAEr41tvypo-0xMeJLvBq22LAmj9TVIgoe0_60-vjyJ6sonh7C1EJCoYMx03h5mo34BjKiJTBxj9usV3uj4Huzf6MA8E48d0RBRTLT4ShEMHgoB0zLruhkzIrGT61RbvkRqShhU3W2rvl9SjyOgPAnJJ2kd269Fxq5nF-cJ8HbA1TGZrVIbkqIS6dwvlxlDw-8J6lflWatTPnmhM1eQ10LKJZpr57mYxqJgF7nxDh1CxD88jpNgeomfKKG_pR85LoukGYxQY4Wdtu6x37sdPXjhJVaP-asABVOjPnzzB0uVHwOIFbJJrxFOCwvpfhVPtDed8osuiXYMweS1c2tmVryTR7hnWy1_igRgYSCbC33o7i51Vgb3OUb7cAlLzz79SvhFffQkUK5RBsEbeSXmLPw5jc8Cb8DVqifeDBfplCCzmn53M02QglMmdnpQDV_HshrRCkfXai706uaRe3O5v3Es4iiM3X5zMaH4S-1WTMVVNg6bs-bVM8xj3IsTuXDSxdCQFLhJiT5R2nBfjcJ4dLYgv1xTZIPizTBhJ_EguAtCZvoAy9HIgy1uXbFJ6QMW9Qega8GKd_YQzgHB5fWw-aZOoHYlomKRj0NQ883Ve90Oao1fr86FskuO0hmkaxKvRtTAD304QGNgNDdeQ2-5zQuoxN_g540Ob4McLxl4-A1c7LSAaRXTnrTIvHTtrUcVVDFs7e6Mt8Xr1EnPWHkJNZGJIBd0YKV6ENR_2ESoL307BGAjLN4gKU-ByuA1NqJNFDZezytQXvO2YjUVXmgGf-snWLpYsXoqDV2ceXuxhes9Kc60jyH-vb_8DmPX8FfPvu4mRuPEIk0Nohqbauk40PlD5SarXPEr1k74dpAEN7hpW0cME6QvGrdCWIedrV0Yxwb2be7fufdigzR8c12VFJoXWuPrpz9mnf0uDf7fnYc7cg64JCaUGALkKbSw2RrdYI4ysiwHslmb2t39WzUkmGtDvkUvMf469A3VDg0hxEvPbXwKNHSQ7Og2r32R_fw&cid=CAQSOwDUE5ymaKRC1Mhjs9xkJU8H5SDCTvUyr-3IW19QhQDk3GJwPHWG4dK6iL5k8REnCut6co0_FowqjlA9GAEgEw&dv3_ver=m202209210101&rfl=https%3A%2F%2Fkoraplus.com&ds=l&xdt=1&iif=1&cor=1763716832606824700&adk=676413724&idt=101&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f8af5357000fb0af2769cc91287035fd0e49efaad6c7b0881196873062c63b5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34786
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 217B 43 B
215 B 450ms
92ms Image
image/gif 2600:1f18:1aca:4280:ecee:c915:72bb:546
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1319389&asId=164fd682-7869-3958-f88a-39a775192d20&tv=%7Bc:2LDyoH,pingTime:-3,time:112,type:v,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:21%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:113,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B108~0%5D,as:%5B108~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tupu1mj+11%7C121%7C13%7C141%7C1421%7C143%7C144%7C151*.1319389-68771741%7C1511%7C1512%7C161%7C1711%7C181%7C19%7C1a%7C1b%7C1c,idMap:151*,rmeas:1,rend:0,renddet:IMG.us,siq:23%7D&br=c
Requested by: Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:ecee:c915:72bb:546 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
server: nginx
x-server-name: dt04.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 217B 43 B
216 B 446ms
91ms Image
image/gif 2600:1f18:1aca:4280:ecee:c915:72bb:546
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1319389&asId=164fd682-7869-3958-f88a-39a775192d20&tv=%7Bc:2LDyoJ,pingTime:-6,time:114,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:114,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B109~0%5D,as:%5B109~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tupu1mj+11%7C121%7C13%7C141%7C1421%7C143%7C144%7C151*.1319389-68771741%7C1511%7C1512%7C161%7C1711%7C181%7C19%7C1a%7C1b%7C1c,idMap:151*,rmeas:1,rend:0,renddet:IMG.us,siq:23%7D&tpiLookup=ao:koraplus.com*%2C29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com*&br=c
Requested by: Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:ecee:c915:72bb:546 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
server: nginx
x-server-name: dt12.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 728x90_de_DE_2023_01_DE_Tactical_January_LH_2023-1-638095618950877025-ae68c46f-934f-4625-9b1a-44d4c4c982fa.html Show response
s0.2mdn.net/sadbundle/4900554790666240000/ Frame F92C 4 KB
1 KB 22ms
21ms Document
text/html 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4900554790666240000/728x90_de_DE_2023_01_DE_Tactical_January_LH_2023-1-638095618950877025-ae68c46f-934f-4625-9b1a-44d4c4c982fa.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

10040ab6ed5d99a8f9912b23d8d21d368e9e285365d5f35999d7acace6abf94e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 585094
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1417
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 23 Jan 2023 13:58:06 GMT
expires: Tue, 23 Jan 2024 13:58:06 GMT
last-modified: Wed, 18 Jan 2023 06:12:06 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame D618 0
0 92ms
55ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssJQmex58pYh5plrDmvWeS2Md67aupZ_e6Mk18rhKVDwXe7G35B4ah9MTJlJTq-0b-0IAUqEv-7K7YJ5KrECK3ksX-HKPOMpAESAG1ZdTND5LAco_xM4uPyZLvxt2bUIpydOw41A4IsIiTAD7MNmuZk9VenOENQe-uT-X0WbLgP9RhTWz5d0SMDL2HCp6hWDrI0q9JK5WYqaPHAh1SaH340Hf1mi3GT7WpY68XyEox-iOvLGkFXfDnrgs4gJ-OLxLXP9cqPZdzRR9Ha5pMN0qetAAayYyMYfL4wyaSpqlaQxMRMtt1xlMNECOQVC5iYJLwL-LUJGLRgXMpQ-fz0wOxIBjfl4BRb_qaC78VsH8nBuyaZqZTlfLABlY1QYtFML7SVrJSO8jZBhSmiYtArLYtdp0q0tEwVRFuT-p_bYNJgppzX_xOZ3QDREwpgiR1ppMNK0q_073OqlX5b0_tK_9ax72LN95qVLZrnJlV184gPHoDxJt3m3VuGmlO9YhN5D9Mfw3DxtVCL2sp6m7GF3-bRVTJhVQv25B01dsV_vhFn_SJwRzOdKJ4ONatq_l9bW_rvkAiRUpkciAcbR7-HylrPVi25MeHEGjHrHWk35XjADGS2O8uRDI1BSUG-09-yShbHM-EBe4QSEFB5pArRtrt7Qk4HMJN3WaEulUmPtvophIux-gYpO9BRpTDDMiuY2LQAxUxoW0FFhoyGIzBNTvsVgFobXE4-7UfTgoDZNn71cELwPbzO6NGUT55M0PuyR96Cd4KPoFSZ8yz-Z-enTjSnlonugTM2AwRizl29YkFNgTyRXqmlAV6v2eCNJIoiFqR1eXF6WtSNkyWXz4qfFeOsXGZJ-QDHXorCp0USVsXVc5NYf9ckyhE4IOK7NDH3vdQ3IYI_otzeg9CKXEkW-HJyafyhurOgxpX8GkBWXR5lRkqrcEswvoBpZ87tGqycM3ihDRxNyKFk3jt7bvJF_wYLPGYSMm34vBUVr3_UvIoAJaceVOVLqXccsQhJr6hFXt46EFhjNCAPYTxQDMf0RXbOWNgrUQx77M329KZUola_MVPAoRSRt9CroI-L_W73G_CUKjaE-uKQSUPra7aOXBCGs6OnHeGeNoVK2LbBIWxW7Gake-CQOtTYwSkCP2TcOpKjPKS6GTqmcJvRKq4_9jbIPQjUM6AfSAWTW5wXuTpWscAuo64I1QsZNQyqUKb9ZbQLjvpT-1Txvj6m1Sc_Ita9P22eNWjAaXTB7PmBNy_7CxtKqTxo-2Szr-2sHGFlNklZa5VAdr8TLMpJfZo&sai=AMfl-YQRi3rdZ0C_TnpFmMfvxR2UBxZ7dfFu-5NM66tD3kZYfpWJT2ai-A0qeZ-lVSugVU3j1UOk20DmBym6kVLfecZKhcB-FEDpGk5mT40R6OzGnMMHWQhlDAMY0V5xen0qCbjHsQXf6zgvyyHMDv6nhXgiPWCniaLxhZmxmKB1kh1EVrkRgGsnmqHSILtSTI16kUppXjbxMyajgp0JIDLvf5KwCC8lSSuhiASIv-KvX8CuNpoQse_fA-L0R-jNVeycslxK_wI4OaI2-HJA85oapu4ZqCp-AwoF8i1mEks&sig=Cg0ArKJSzONcFGJFkDVeEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=263&cbvp=1&cstd=260&cisv=r20230124.02027&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 30 Jan 2023 08:29:40 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 30 Jan 2023 08:29:40 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 29B6 0
0 44ms
44ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstGUVk5vNnt6haKhRY8L0Uxz_vLGKdUv6erj87hJbw6QN5YYDSCq8SsuTPdQw_C-kKLgqVYmGqnKt54t7X6aemKzU7Drre2-IfmLAIY0plXDdvlbweVOjXVVZLqQoO6UCtL4sPD-HIlHEBCy_KjYjFjYHQRLWQi8u0goX0A-fP9RVbtuEj7qmun0j0VrtcQrUZLHevbPt02UD0X0R38WYNy7-ZmBREl9PS3NrG8rFaoyDtayAU36poYNpmeXYIQi4gjIpUc_kQvoZjbJoRXd5Gprbd5Ro63qiWjayhCOZ4JPBkaf3seiejZDzdsrb6MbmlOMHvRWQE&sai=AMfl-YS9pR8Mw-s35ZRs4rsnJwkD_3UfIC0OiNe0khpFeHzFv6769BEossJxiGQGPhZp-3mY3s8buL50dszlbDaOjq5AR8DGROf6WkJrNEnsv-Hk40HEWebWLyZ6YIn3O-GoTZQY6_hbK9UL74S4_0hv2Q&sig=Cg0ArKJSzMYZz-SVfy9gEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 30 Jan 2023 08:29:40 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 29B6 14 KB
11 KB 68ms
68ms XHR
application/json 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023012501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012501.js?cb=31071905

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

be0e19a5e393ce1ab70dd927ea2740f84f2e929bfbd16d808ed2efe6c49f9449

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11189
x-xss-protection: 0

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame D618 41 KB
15 KB 22ms
21ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81570
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 29 Jan 2024 09:50:10 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 217B 43 B
215 B 373ms
95ms Image
image/gif 2600:1f18:1aca:4280:ecee:c915:72bb:546
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1319389&asId=164fd682-7869-3958-f88a-39a775192d20&tv=%7Bc:2LDypZ,pingTime:-2,time:192,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:796,beZ:797,mfA:798,cmA:799,inA:800,inZ:803,prA:803,prZ:811,si:818,poA:819,poZ:839,cmZ:839,mfZ:839,loA:910,loZ:912,ltA:988,ltZ:988%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.250,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:21%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:193,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B188~0%5D,as:%5B188~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tupu1mj+11%7C121%7C13%7C141%7C1421%7C143%7C144%7C151*.1319389-68771741%7C1511%7C1512%7C161%7C1711%7C181%7C19%7C1a%7C1b%7C1c,idMap:151*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:IMG.us,siq:23,sinceFw:168,readyFired:true%7D&br=c
Requested by: Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:ecee:c915:72bb:546 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
server: nginx
x-server-name: dt13.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F260 0
0 45ms
44ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsslUcRoDqct8uQ3jwafggPP8JZBZVK_cOB62U98FB1uV4RKWYCH9cts4Xd1uKynaU_Hc8HWPI0yIsHzxLmH9fsUWNjm1x3n6srxC5mwST2NByXfFz8OpsX6gU9UJrfwwxRQCg4AtuMuV6iQodgnquzQD218owsx4pQA9ts24pe19i5XZnpEVt3fLYJ8HA5MIIe__xrGcLSlYU64y4aVwHxB4sT_7V18E3--x5u7JXIl2bR2jyElzIUgSDJV0aK4H10yY4sRSjbI5aFXgaUoOxmFDGKMmt-QPxcqxhY3ZaDL_BQN0VViyR9Hg6OP_wo450UL&sai=AMfl-YSe3MrBvTzkKKSNZE-R5B66TwpiTRS96atsgMnlXU6ifyLqL_-6yZfqa2a0yR2lFJOaYC5imMZcaHu7hCCOx2MsF8v4yj9o5DSysIwB0ZAtiHKG98d64_JL-R32ZuffAiR1EvCkHZ5dqJ4VNXSodg&sig=Cg0ArKJSzPVXg7PqykGDEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 30 Jan 2023 08:29:40 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame F260 15 KB
11 KB 64ms
64ms XHR
application/json 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023011901&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011901.js?cb=31071977

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8312c8587febfbe160bc6d63995216a8c04609c32d62bf89dff1b2a20c82af42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11267
x-xss-protection: 0

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 29B6 63 KB
23 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6054746292d3567c660857d4e7ed6153dadda2b3d602245f4612deef4dba2bd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:14:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 928
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23828
x-xss-protection: 0
server: cafe
etag: 9010139400925747384
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Mon, 30 Jan 2023 09:14:12 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 29B6 0
20 B 52ms
52ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_stats&su=koraplus.com&doc=complete&pg_h=0&pg_w=300&pg_hs=250&c=0&aa_c=0&dt=d

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ 0
45 B 115ms
115ms Ping
image/gif 2607:f8b0:4009:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=1~ldijv9oh&c=1101900434958132&e=31071821%2C31071978%2C31071579%2C31061691%2C31061692&ctx=1&met.9=1.1n0~13.1rb~2.1s0~9.0~9.0~9.0~9.0~9.0~9.0~9.0~9.0~3_1.1tx~3_2.1tx~3_4.1tx~3_7.1tx~3_11.1tx~3_16.1tx~3_22.1tx~3_29.1tx~7_1.0~7_2.0~7_4.0~7_7.0~7_11.0~7_16.0~7_22.0~7_29.0~4_4.23z~5_4.247~4_1.24q~5_1.258~6_1.25g~4_22.25n~5_22.25w~4_16.2b0~5_16.2b5~6_16.2bb~4_29.2bg~5_29.2bl~4_11.2c9~5_11.2cb~6_11.2ch~6_4.2i7~4_2.2m4~5_2.2m8~4_7.2ms~5_7.2mu~6_7.2n0&met.10=1_7.IOESEPjJBAj4yQQYgJh1KAE~1_11.IOESEAAIxOYOGICYdSgA~1_1.IOESEPD_Awjw_wMYgJh1KAE~1_4.IOESEIDuBQiA7gUYgJh1KAE~1_16.IOESEAAI-MkEGICYdSgA~1_2.IOESEIDuBQiA7gUYgJh1KAE&met.3=112.1vk_1~113.23c_5~415.2i7&met.1=1.ldijv7sx~6.1u~7.1u~8.1v~9.1v~10.5e~11.22~12.5f~13.1dh~14.1eg~15.1dl~16.1ob~17.1ob~18.1ob~19.239~20.239~21.23b~22.1g0~23.1g0&qqid.4=CObg7aDw7vwCFYf8UQods7MCBg&qqid.1=CJLN7KDw7vwCFYmWUQodwXwKIg&qqid.22=CIeC7qDw7vwCFZX01QodKYgN8Q&qqid.16=CODV7KDw7vwCFXQXBgAd_zMClQ&qqid.29=CMTDgaHw7vwCFWSgUQodLAAO4Q&qqid.11=CJHe7KDw7vwCFYSv1Qoduf0CxQ&qqid.2=CNTKkaHw7vwCFVQGBgAdCCULRg&qqid.7=CLPR7KDw7vwCFcAgBgAdD-4Eog
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4009:81a::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 321A 6 KB
3 KB 9ms
8ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011901.js?cb=31071977

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://koraplus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:40 GMT
expires: Tue, 30 Jan 2024 08:29:40 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame CC07 63 KB
23 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012401.js?cb=31071904

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6054746292d3567c660857d4e7ed6153dadda2b3d602245f4612deef4dba2bd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:14:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 928
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23828
x-xss-protection: 0
server: cafe
etag: 9010139400925747384
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Mon, 30 Jan 2023 09:14:12 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame CC07 107 B
122 B 45ms
45ms Script
application/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=koraplus.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012401.js?cb=31071904

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame CC07 107 B
122 B 18ms
18ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=koraplus.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012401.js?cb=31071904

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame CC07 23 KB
10 KB 399ms
399ms XHR
text/plain 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2041286406762589&correlator=2209932050953186&eid=31071904%2C31071602&output=ldjh&gdfp_req=1&vrg=2023012401&ptt=17&impl=fif&iu_parts=21939239661%3A21823462148%2Capl%2Cpod%2Cdisplaybackfill&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x250&ifi=1&adks=3757239826&sfv=1-0-40&sc=1&cookie=ID%3D90ae5177862ea6de%3AT%3D1675067379%3AS%3DALNI_Mbt9OXzPjg4xLVfY2--FS8GBduAiw&gpic=UID%3D00000bcedd1c7bd7%3AT%3D1675067379%3ART%3D1675067379%3AS%3DALNI_MbTFe39uMOx3_cgcpTrxvnr23FoOg&abxe=1&dt=1675067380626&lmt=1675067380&dlt=1675067380120&idt=482&adxs=170&adys=546&biw=1600&bih=1200&isw=300&ish=250&scr_x=0&scr_y=0&btvi=0&ucis=tvqtyemk6i8a&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=1&url=https%3A%2F%2Fkoraplus.com%2F&ref=https%3A%2F%2Fkoraplus.com%2F&top=https%3A%2F%2Fkoraplus.com%2F&rumc=2041286406762589&frm=23&vis=1&psz=0x0&msz=300x0&fws=256&ohw=0&ea=0&ga_vid=998354678.1675067379&ga_sid=1675067381&ga_hid=1838373257&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012401.js?cb=31071904

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f2e942751c41dc0755bc5f381f8d3181ac7f7b805f140fe2afddd16b3b60d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:41 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9734
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://koraplus.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame C071 6 KB
3 KB 73ms
15ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012401.js?cb=31071904

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://koraplus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:40 GMT
expires: Tue, 30 Jan 2024 08:29:40 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 762D 6 KB
3 KB 11ms
10ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012501.js?cb=31071905

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://koraplus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:40 GMT
expires: Tue, 30 Jan 2024 08:29:40 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame F260 63 KB
23 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6054746292d3567c660857d4e7ed6153dadda2b3d602245f4612deef4dba2bd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:14:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 928
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23828
x-xss-protection: 0
server: cafe
etag: 9010139400925747384
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Mon, 30 Jan 2023 09:14:12 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F260 0
20 B 52ms
52ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_stats&su=koraplus.com&doc=complete&pg_h=250&pg_w=970&pg_hs=250&c=1&aa_c=0&av_h=250&av_w=970&av_a=242500&b=0&all_b=0&d=1&all_d=1&ard=1&all_ard=1&dt=d

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 1FB5 106 KB
37 KB 21ms
20ms Script
text/javascript 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/
Origin: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:35:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82444
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 30 Jan 2023 09:35:36 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230124/r20110914/elements/html/ Frame 1FB5 8 KB
3 KB 21ms
21ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230124/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AFzT7PtoeUkZGrLKlBiyD2N7J3dpMp5JqjYoyj3QHjBgYCWrEUa34zzZDuOi8xkBrNp9jF5DrW05upsPe1KeclKrE5lw&cry=1&dbm_d=AKAmf-DR7pfDMMe8jnvNcGCBN0pUEciVvq0ayiVvFJmz8zp0aQTl0m4qr4Kg4CKsBfZkRK3QOI6gbkhUPGaTBMkaj53CXUclFqolYyvPAdXXlFYSRyPpw8aMm3B1_s2daILqhVfxniYWFEiDlSF-bN63kFQPRGKBa5obxN29IEsnL1leHeecwAhdQU7pfMR7eyzq1qyO7FFDyv01fk4_G6FxB70AjHa-zdbq0vjiB7lbev_Y39HmQONqDXiJ7Z_m1bi8PpvQQ2SL8F2mAc24B7K8FyWyvw6uoD6j1vau2DpF30tOJyXyCLFCt7c-qeZwlsngb0kiCjbjrNoPAa-__bRtNlo8XTmCSHJg9Ol6oVZ1fGkD01p0HnpCarF3EJO-yLwpitThjMA2V1FekETRXlC821sfYNjXyhwzZ9i-bg5Cul29HDBDLuwvCS9eCex_8-WCSIgKgyQG2ayq1UPe2QJkpMNNPczfi_Ex_Y20EfN76cM3dNG4JPpsu6BUoH9UN_Yf9XUQBPuxxtSCSCNLnRBSF6EiAeYHQ9r_hk5_EYqE4AftAEkcGdXsCc1piM9hm4BomDXLtzsJv95evwfvBf8i9OiTffDdz7r3Kk3uqMglyLF2oueEubcX6lGAkD4SJAV5lgkqAQfDmwcQuLHARzdspH6gAI4-yRdBfygv7N_KzAGwjowGa5uBW4-3r7DVXXmMd49Mld9HbLx6UqZLBoT406ouu6ANLqPZGPGXNg85Ye5Mj_ckufhcKOMdaAQp2LlgWBVQ6TtQCh9mhzpZ7y4sBjVmIR5ZbFwRKLJz784JjMwlGnWDNw2X88e9wTk2Wq_pRghS1azRPwLTMUGfvwGYPEFgbeZoR_SlhAS7STS5oez6gyZFnXlkoQQbW2QUH5oxCn4JwCy9hqo6k9sHzfOs8vsAXdn_sUH3snGKH4479d1STXnQ_76QrDgW3z78jshgn1kIm61zkHMo4OjMRYXbd-Y7wlpYoVsoLV3fGP2xJejnQ-KDO7lRXKk0dSrh8XZER6S1eNHEDr2N7pWTKkuNmut1V-YNoplHCx22Y1ckMKzEb40cgA-dFYiHI6FAYYQJ2gBNjfNPdlXDxCMnx_WS4LaAcCZn7BShACiNNa4ABoi5UPf857sjqT8HFMygwH-oHjaBYrXD61dJpSuQjLMIEb5IAX_xpC5_qdg_oRhZzbNGqdFfREAgeHLDox7KcQZUaVRd2ZhxsPSYFL0ZvHr7NWfnKxvokrwtv3Ch-giP2qUd1QMtZJsiBSAcPTgbhlQ5s7OHzc_EG1854q4NyOSxSr5vMw7bnTr8ba253Crm9uYGr4U49digr50EdS37ved6SvzQSceBEly1a0rUfWmMs7yTat9-dM-hjaCVyU60g9_rQYWGJKjBEYk6Ew2A0XHSLxNyqUaN1eR_BRMI3bHfqwp5EELBtuj7cJL8Z4w-XaBp9nNMM0_JR1eGWNMrXBv2wQBa4uTckGN7V4uJ-RM4H13bQZz9bLuQVKNts7kRTNZdLbEfUuQG8ReDUKNnYpEv9jgiRjJkIvPqb4uL9TfbR0Ob9hfjSH32b5sJDNt9WNywftes9kFOUsCSXYq1WsPXoNIGwhTWQiAZLFCcmoCDjGUnOJJJNTojuC_BgElphQ0QKWF9lm2rcmu97X2RW7YuHL5Ey3yWsVWsPzDrVh8blqIeXEhMSVbv4XscOQUHhvLf7uREe8170D9-xROqwMI6Kvt8dJnEpB7v8vd_knYzKHIn7NK5HHmfnV_Q5QGhQ5FjKRXr4rVMh82fkUuLVmiG3m6VuKJlpe8KZ9RZWtwP_g8NRrdC3__cTzN47Mewwahf6Lll5Yov-MjFw2J-2Dsw9H3al6ygwf7tHr768xfdQ6Sex2wFkLP_iNxm2XVM4GOwcIgv6Bbf3jpjSs4Ep4-9V7qYkelksOUKDwVwZq5p9h_nsT_KVi_L1q0TkpUG37PHgHOGvLgbaOc8dOMu9iBCcw6SnmNJ3bYvaPFecMRTbD30s4xZeC0hFemSOadVg723BEC-_SV06YFxvF_Je3Hg3UPJQjrCZyQ3_SasJzHSV7cno8jRdan6om-JwJKBl7eCCweNnrfgjQid6-DzmchTvMf_1tG7fVjwhK0aj7SzmSebGFRIO7VUz-IHI0K78jHv8RhfW7tluCXxEn03dOLo0fFzCWfxNmDxTYSY8YRQzRZHwKpxKc5JSc-dd1wn_tncHLiXxkLZ5FR-NbR0vT8x86OPTMjIC3esWgVVKA45P1VWFVylOCUqNAEr41tvypo-0xMeJLvBq22LAmj9TVIgoe0_60-vjyJ6sonh7C1EJCoYMx03h5mo34BjKiJTBxj9usV3uj4Huzf6MA8E48d0RBRTLT4ShEMHgoB0zLruhkzIrGT61RbvkRqShhU3W2rvl9SjyOgPAnJJ2kd269Fxq5nF-cJ8HbA1TGZrVIbkqIS6dwvlxlDw-8J6lflWatTPnmhM1eQ10LKJZpr57mYxqJgF7nxDh1CxD88jpNgeomfKKG_pR85LoukGYxQY4Wdtu6x37sdPXjhJVaP-asABVOjPnzzB0uVHwOIFbJJrxFOCwvpfhVPtDed8osuiXYMweS1c2tmVryTR7hnWy1_igRgYSCbC33o7i51Vgb3OUb7cAlLzz79SvhFffQkUK5RBsEbeSXmLPw5jc8Cb8DVqifeDBfplCCzmn53M02QglMmdnpQDV_HshrRCkfXai706uaRe3O5v3Es4iiM3X5zMaH4S-1WTMVVNg6bs-bVM8xj3IsTuXDSxdCQFLhJiT5R2nBfjcJ4dLYgv1xTZIPizTBhJ_EguAtCZvoAy9HIgy1uXbFJ6QMW9Qega8GKd_YQzgHB5fWw-aZOoHYlomKRj0NQ883Ve90Oao1fr86FskuO0hmkaxKvRtTAD304QGNgNDdeQ2-5zQuoxN_g540Ob4McLxl4-A1c7LSAaRXTnrTIvHTtrUcVVDFs7e6Mt8Xr1EnPWHkJNZGJIBd0YKV6ENR_2ESoL307BGAjLN4gKU-ByuA1NqJNFDZezytQXvO2YjUVXmgGf-snWLpYsXoqDV2ceXuxhes9Kc60jyH-vb_8DmPX8FfPvu4mRuPEIk0Nohqbauk40PlD5SarXPEr1k74dpAEN7hpW0cME6QvGrdCWIedrV0Yxwb2be7fufdigzR8c12VFJoXWuPrpz9mnf0uDf7fnYc7cg64JCaUGALkKbSw2RrdYI4ysiwHslmb2t39WzUkmGtDvkUvMf469A3VDg0hxEvPbXwKNHSQ7Og2r32R_fw&cid=CAQSOwDUE5ymaKRC1Mhjs9xkJU8H5SDCTvUyr-3IW19QhQDk3GJwPHWG4dK6iL5k8REnCut6co0_FowqjlA9GAEgEw&dv3_ver=m202209210101&rfl=https%3A%2F%2Fkoraplus.com&ds=l&xdt=1&iif=1&cor=1763716832606824700&adk=676413724&idt=101&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81571
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:50:09 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230124/r20110914/ Frame 1FB5 28 KB
11 KB 20ms
19ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230124/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3f9909775d48d612aae837f0153817e8addbfa082f901254471bced4d8c72691

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81571
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10810
x-xss-protection: 0
server: cafe
etag: 8766511519597269738
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:50:09 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 29B6 17 KB
6 KB 82ms
81ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012501.js?cb=31071905

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 30 Jan 2023 08:29:40 GMT

GET
DATA 200
OK truncated
/ Frame AC90 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfdc8cdbfb6ef2c348991664c9cb8d718fe775d9399b14c31dddc8b32cd84536

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0825 0
0 57ms
57ms Image
text/html 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2023012501&jk=1104399846271448&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame F260 17 KB
6 KB 138ms
138ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011901.js?cb=31071977

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 30 Jan 2023 08:29:40 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame D618 0
0 48ms
47ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssJQmex58pYh5plrDmvWeS2Md67aupZ_e6Mk18rhKVDwXe7G35B4ah9MTJlJTq-0b-0IAUqEv-7K7YJ5KrECK3ksX-HKPOMpAESAG1ZdTND5LAco_xM4uPyZLvxt2bUIpydOw41A4IsIiTAD7MNmuZk9VenOENQe-uT-X0WbLgP9RhTWz5d0SMDL2HCp6hWDrI0q9JK5WYqaPHAh1SaH340Hf1mi3GT7WpY68XyEox-iOvLGkFXfDnrgs4gJ-OLxLXP9cqPZdzRR9Ha5pMN0qetAAayYyMYfL4wyaSpqlaQxMRMtt1xlMNECOQVC5iYJLwL-LUJGLRgXMpQ-fz0wOxIBjfl4BRb_qaC78VsH8nBuyaZqZTlfLABlY1QYtFML7SVrJSO8jZBhSmiYtArLYtdp0q0tEwVRFuT-p_bYNJgppzX_xOZ3QDREwpgiR1ppMNK0q_073OqlX5b0_tK_9ax72LN95qVLZrnJlV184gPHoDxJt3m3VuGmlO9YhN5D9Mfw3DxtVCL2sp6m7GF3-bRVTJhVQv25B01dsV_vhFn_SJwRzOdKJ4ONatq_l9bW_rvkAiRUpkciAcbR7-HylrPVi25MeHEGjHrHWk35XjADGS2O8uRDI1BSUG-09-yShbHM-EBe4QSEFB5pArRtrt7Qk4HMJN3WaEulUmPtvophIux-gYpO9BRpTDDMiuY2LQAxUxoW0FFhoyGIzBNTvsVgFobXE4-7UfTgoDZNn71cELwPbzO6NGUT55M0PuyR96Cd4KPoFSZ8yz-Z-enTjSnlonugTM2AwRizl29YkFNgTyRXqmlAV6v2eCNJIoiFqR1eXF6WtSNkyWXz4qfFeOsXGZJ-QDHXorCp0USVsXVc5NYf9ckyhE4IOK7NDH3vdQ3IYI_otzeg9CKXEkW-HJyafyhurOgxpX8GkBWXR5lRkqrcEswvoBpZ87tGqycM3ihDRxNyKFk3jt7bvJF_wYLPGYSMm34vBUVr3_UvIoAJaceVOVLqXccsQhJr6hFXt46EFhjNCAPYTxQDMf0RXbOWNgrUQx77M329KZUola_MVPAoRSRt9CroI-L_W73G_CUKjaE-uKQSUPra7aOXBCGs6OnHeGeNoVK2LbBIWxW7Gake-CQOtTYwSkCP2TcOpKjPKS6GTqmcJvRKq4_9jbIPQjUM6AfSAWTW5wXuTpWscAuo64I1QsZNQyqUKb9ZbQLjvpT-1Txvj6m1Sc_Ita9P22eNWjAaXTB7PmBNy_7CxtKqTxo-2Szr-2sHGFlNklZa5VAdr8TLMpJfZo&sai=AMfl-YQRi3rdZ0C_TnpFmMfvxR2UBxZ7dfFu-5NM66tD3kZYfpWJT2ai-A0qeZ-lVSugVU3j1UOk20DmBym6kVLfecZKhcB-FEDpGk5mT40R6OzGnMMHWQhlDAMY0V5xen0qCbjHsQXf6zgvyyHMDv6nhXgiPWCniaLxhZmxmKB1kh1EVrkRgGsnmqHSILtSTI16kUppXjbxMyajgp0JIDLvf5KwCC8lSSuhiASIv-KvX8CuNpoQse_fA-L0R-jNVeycslxK_wI4OaI2-HJA85oapu4ZqCp-AwoF8i1mEks&sig=Cg0ArKJSzONcFGJFkDVeEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=466&vt=11&dtpt=203&dett=3&cstd=260&cisv=r20230124.02027&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 30 Jan 2023 08:29:40 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C31D 22 KB
8 KB 21ms
20ms Document
text/html 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 81570
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 29 Jan 2023 09:50:10 GMT
expires: Mon, 29 Jan 2024 09:50:10 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js Show response
pagead2.googlesyndication.com/bg/ Frame 731C 36 KB
14 KB 23ms
22ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35da5c6b61db6ad2f028dc52eddbe524529ee5f74cf6b1eda074131d2b64bb61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81521
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14214
x-xss-protection: 0
last-modified: Thu, 19 Jan 2023 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 29 Jan 2024 09:50:59 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 217B 0
26 B 69ms
46ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss_JnZGex3ynTOGyqTfCgUtB2OtzQmombPz8vZX3MhjkPG6vXJPWtGBwHBAnRAthegOiBkpJ7RWyqCxXJm6MdYePutkD7AjYPKrRcYLQspnAiHUCPKryM2ZKuTxgQyYczYU6etirJI-wW619TuMUAeqC8KAW4wMnEbndK2IJ-EcNvE80vu30EkdOOXQaY0r_SLv-JN3zJg&sai=AMfl-YR7JoWwW7srGWLc0XV_mSkAV_HMFyclXo8F6ZV9PYTB46_84gwo6c5DqNJLisNiVqXiQD2kHKjXm2UxFmEcDMvukU9EmzeLKEiikfkQTDT7TOVIyOsukzZwrFbCR5QgzHHr1RA5A7bkgKSi-K8J1LgXUYtjQQ&sig=Cg0ArKJSzKgJLmXXapkrEAE&uach_m=[UACH]&urlfix=1&vt=13&adurl=

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame AC90 16 KB
16 KB 27ms
26ms Font
font/woff2 2a00:1450:400d:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 23 Jan 2023 15:23:02 GMT
x-content-type-options: nosniff
age: 579998
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 23 Jan 2024 15:23:02 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 70D1 398 B
222 B 60ms
53ms Document
text/html 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhiqnKp5MAE&v=APEucNVakwlhYKSFsYX91nTeuam_S7IiVHaysbuJLieh_Ppx-OOO8Lyfx1plXP7BBPO7DWqU2ysjGkck7D9mYcM9hD3_2C6QRWZHxa2E7ZGNPC4qcKf4CU7lF1RTkui-PuERqsMEe7AyUikAzYvGA2W0v6QBr534s6BKCK42fOtBxvctM7rDeHo

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dc00d2dc19a9dd32d5f89ec3d68bfed90dd775a5fa638855b7fe00d6415f379b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 202
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:40 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 8426 76 KB
27 KB 89ms
88ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc54379b6288f5970da471f0f64ca15f8c9e3a3819a0950608a45b7479d5a11f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27384
x-xss-protection: 0
server: cafe
etag: 10506132538256102613
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 30 Jan 2023 08:29:40 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/ Frame 8426 3 KB
1 KB 22ms
20ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/window_focus_fy2021.js

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:55:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81266
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:55:14 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/ Frame 8426 18 KB
7 KB 22ms
21ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90fef9d0acae0cc250d08d7b98da896c6c0dc6bb33999ffce7819fad76e5ff02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:55:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81266
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7523
x-xss-protection: 0
server: cafe
etag: 641023367890010850
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:55:14 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 8426 0
0 18ms
17ms Image
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSBO-mNLfnKQ_r4zUCb02iOfODG18jJTl3xbVSdMtmtHpGqZX9pTs-5fia4g7GFhw77tlg6VndwSGxWXKefloqdooX38w
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8426 156 KB
48 KB 89ms
88ms Script
text/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

948dfd7372d70c12a80472d86b4033d93adbb52d02d4585d519416c4f4b4be62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49065
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1674650782302584"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 30 Jan 2023 08:29:40 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8426 42 B
63 B 57ms
56ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CeX3kmG195-1v32x0HxRb0unfXk-OW4M3QmTrP6ew2yq_3zYkQZ0r2Bc4sSC1yPEn1cOg_4zmY-gCTmnBBAFvuWhIZ1dzQZ4tyUQgrnBzIpB1F3us

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8426 0
20 B 58ms
56ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=1309542659004332472&x=1&ct=76

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 63c6ae0e7c127b7a6179dca6 Show response
c.bannerflow.net/a/ Frame F92C 67 KB
23 KB 68ms
35ms Script
application/javascript 2606:4700::6810:c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/a/63c6ae0e7c127b7a6179dca6?did=5ced17d285b1c200019c3fe1&&redirecturl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjstMMCFYE5vDAvV_3cSyysdoZ-sAH9pllZAgAQ1-kcf9D2xxMBvhNK40vMbpqtD6F88S8leYsGmBXZgWSFbyss90BVq5p9PrETj9k2pb0IFgoP8ftLC7XR-0Ah-HPBm5_u6BN0izRuACEOlJQr-PDKh_6PH8W-LZIR4NVv35wyACjLxLjuG27QULr6e1v4_bsdWL0ifry5JvroRBB753oDVgC7BkTo1Mzze2JLMGCj3gqceGN2V3y0yhGjLOvCDhSdxkfY1cq_3OtiMVkLC5R3T34JEXttT-wnnnP3f04vXJwGCds-V_fVlDqXMTg8sKP_TPI_e2MnxKPdtZrbzxw4XwFc29mfx8cbjFJdKtiTgoQc06iKnGGbovuYemex1Ig9sUy4KepOU6GZFDvgeO-D1ogCXRLqQJCeZ2LvGtGXFeo5ZwhSmDl7jzo_YzMPkaEA1o3vfHj23fHM7a8_6ey4PINuiqaszGspfBCZyPr7Y9hP84J8qm6lDo7nCb6CZ20kCO6V0IWcoLio6IXHWwXu1OgYIwCRIt3TaxpxfxraavNAjFsBY-pegUhx2bfvdfqxFCinY6qp5_PNTszOY0sRFIs1xFETnUupiI3VJgrT3uWf6ex4F1CC-MEKyHOe2EMOA9nNcGBsdZCPyWC69r92DxtwT4fdtljlDUh3bB6uqg_ZobTiCHGO8GbRrFE-S3bd6rdlpaqyoC4XSeHkGSymdY-gKKqxO5HThxON7GYINriTmV7CKt-gJmqu6oGdqoEJWyDb4oMm2o7W5Aj0gOJ3ingV4O1KQ_tDghhzuw-0HqZfcHReWdcbgz__BEDBq65RLsPT-00TngI6LBwTsCd5nGRdRxCrlSMe5NYsPT5jDos4QgfQoQjovR4pzDPF1qTiZmcyXlwxwaNVs4VuInI2qvk1Q3lk6WJ4BJuuhe-Pe0zUJQwYeNaMJcilQmiS1sOR1stfJY5S4AQhqJ9Hwcbfv7dWGa_5kFPbaY7ZP8XIKJKnMSXgRxVcJbRJc7LYLZRXQov9bHEuwf0yb_2XyiLgvlBTTevn3Y3Ns8aIpJMPyEW4OItN_j8qsB0Aor1C58XXB89Bskn6jVO8dPFavArm3A4YZ6cn_bwLnSq8NL17t2SzyjFt_hKcNRo5UTgapOmyB5X0LSJsl-OszR8d5-BTsAGnjT0k9VwCGtoFq8dhKFGNlFo8yvtwK9yN3W9OZWz4gELsCqkIl_-ybw1BpVvGWENBy3WmGrSMtllIij4eEghr5Eq9U%26sai%3DAMfl-YT64ur-n1AoMfOO1uQkklsCXgoBtJmrMo3F7-nTLDEr4ULrDggWcTLw1CATCvfYdw7TmF4IMGEr2PhiPIUlBzId4AZpujnGIDW5ELbpDsqszy9acpbbP28-jHfxQN7uPP7O6TH7x9PSEl2z_n5Prub_7uQrHdd6I-7VfVPiYtays-ad_2A17wmXRuiGYCI3ycVGNeCgBLYB0MQaS3oIhyIVTdgEx7az1tdE7NH_KBLygKiIAwstdD-kxFcEr1M8N2AWUKsIZIMf4U098xJ-vgZiN7PkKVl2yy8D-6-v5utLQoQDlxA%26sig%3DCg0ArKJSzOUHdJOmkFhoEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26rm_eid%3D8149908%26adurl%3Dhttps%253A%252F%252Fwww.finnair.com%252Fde-de%252Faktionsangebote%253Fdclid%253D%2525edclid!%2526utm_source%253Dprogrammatic%2526utm_medium%253Ddisplay_campaign%2526utm_campaign%253D20230119_de_tactical_jan
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4900554790666240000/728x90_de_DE_2023_01_DE_Tactical_January_LH_2023-1-638095618950877025-ae68c46f-934f-4625-9b1a-44d4c4c982fa.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dc5e7c26722069a2248d1ffd8529b9c6ff6275f1fb7bcf5ee8661f0c1afb120b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

request-context: appId=cid-v1:1a5f66bd-0229-467a-a946-b3753e659ecb
date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7918d759eca92c18-FRA
content-type: application/javascript

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 67A4 0
16 B 58ms
56ms Document
text/html 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhj73NDBATAB&v=APEucNXklVzecQ3hpoZ0h8u1VmuoPKO5-sYb72gBdk8mmY90ZCjeNkGUlKms4PalkNvOrWnZxbmK3NrVuyGPdDcMSvcrFFcVpCtcI-uWbjOdJ3CbqlsV1tshJWGmvYgFn7rhXJit6vNp0KWXm4wiDmD8g5EInhG6XT0oV5CV3XaIA8c7SQx5wgw

Requested by

Host: 96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com
URL: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:40 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 762D 76 KB
27 KB 123ms
123ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com
URL: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc54379b6288f5970da471f0f64ca15f8c9e3a3819a0950608a45b7479d5a11f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27384
x-xss-protection: 0
server: cafe
etag: 10506132538256102613
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 30 Jan 2023 08:29:40 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 762D 42 B
63 B 53ms
51ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AJEvxB-Pa3VAiRnzhMgAq6fReNu23XYChnvWJFHmqu5_FicPzqIhIlUFQoDf_CZKgB7HN6rJvF7IMslD6Ynsv6_w7pHfvZ1S8x8xunP5dV8sUGNbA

Requested by

Host: 96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com
URL: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 762D 0
20 B 53ms
52ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=14193382253363542857&x=1&ct=76

Requested by

Host: 96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com
URL: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/ Frame 762D 3 KB
1 KB 22ms
21ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/window_focus_fy2021.js

Requested by

Host: 96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com
URL: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:55:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81266
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:55:14 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/ Frame 762D 18 KB
7 KB 23ms
22ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com
URL: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90fef9d0acae0cc250d08d7b98da896c6c0dc6bb33999ffce7819fad76e5ff02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:55:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81266
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7523
x-xss-protection: 0
server: cafe
etag: 641023367890010850
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:55:14 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 762D 0
0 17ms
16ms Image
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRQKQ6BkFFj3fYTbb5WE6f84f_jwkxIrH7_578G52cjLZR-9MeM1RGPeOfHE900CXcIorSgSnpJ9mmU_IfSOsIo7zOiPw
Requested by: Host: 96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com
URL: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 762D 156 KB
48 KB 144ms
143ms Script
text/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com
URL: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

948dfd7372d70c12a80472d86b4033d93adbb52d02d4585d519416c4f4b4be62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49065
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1674650782302584"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 30 Jan 2023 08:29:40 GMT

GET
H2 200 passback_300x250.js Show response
static.adsafeprotected.com/ Frame 24F6 3 KB
2 KB 11ms
10ms Script
application/javascript 2600:9000:214f:4200:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/passback_300x250.js
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:4200:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6005e56ab3043d83726d25b0d17458e35b72355a81ca3230cc9de9058ee8b1f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 26 Jan 2023 05:01:24 GMT
x-amz-version-id: vr1Fa3eAVtG7AGe6kPa1Y0WAZAHvQkII
content-encoding: gzip
via: 1.1 a3c2566f9e36ad3cdf79fc6307fcf566.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 358097
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Fri, 18 Feb 2022 23:29:42 GMT
server: AmazonS3
etag: W/"44f0ac540dc9c11f94344414c879b658"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: GxsgNc2WEWdsBjT4X-LVKv1dKWXcjKmEY6HJf9Y7LCQI6tZXFdVvdQ==

GET
H3 200 Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js Show response
pagead2.googlesyndication.com/bg/ Frame 39D8 36 KB
14 KB 21ms
20ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35da5c6b61db6ad2f028dc52eddbe524529ee5f74cf6b1eda074131d2b64bb61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81521
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14214
x-xss-protection: 0
last-modified: Thu, 19 Jan 2023 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 29 Jan 2024 09:50:59 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 29B6 0
17 B 117ms
116ms Ping
image/gif 2607:f8b0:4009:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~ldijvay1&ctx=0&met.3=113.tz~112.tz&qqid.1=CMOrq6Hw7vwCFYMcBgAdUiYIoA
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:81a::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 2DF8 0
10 B 20ms
19ms Image
text/plain 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?VHrROg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/498083831003229311/ Frame 79FD 8 KB
2 KB 20ms
20ms Document
text/html 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/498083831003229311/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aee6ddb41d43502414b750d682c6c02cfb5ced519af4d9d3aa5bce26b38563dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 537447
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2464
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 24 Jan 2023 03:12:13 GMT
expires: Wed, 24 Jan 2024 03:12:13 GMT
last-modified: Thu, 19 Jan 2023 09:40:05 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1FB5 0
0 51ms
51ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvPUPRRvMr8PX6XBxDDWOnN5WvV-bPcF1HZ7rk6DCRWdl_sx0dVl9YqIJNo3R79NRUMMdDBdf2MMebBeayG_vaX25SxY5am5m6F3MRH-L_hDkh4t0KYjqeLwmt_bN15uojUOd1jOE5QWvXd-APDvtC2ai9UWv0Vz87SrT7p1JshFHB52-o1DM_DdsHjaS6Mgw85bB5oQpskxksh8dt6FeHlanWcxUN5YNiVYUbCiktkTefS7m9qEPxw08TB4LK2IKPFr9LdXkTvgh1fbPGabuyT25cSkJCOPU6AOGAjyA_iJ9-iNHWWdq1CF2oT49VLbIjTADKkWAQGARlCHnS-LVMqN3GT6UqYmltmzcORY82XLqL-pNanKolg24tnb7K9nT1dpytz3aR8jetdrtILzqRyq-leclWDzwsbIDuIGniRjR-m41AWA1UjNTAWwjnrmGCJ61l6LP8OGrAoaFreVGJb7Ff8V2b9sPZnEcW09D5MTL1MzR1VYa4kap479wx_7tuNyFeGs2hn7-EhFYT81-9LeSRiM3fTAz43u0w5ifEl1Ym6YgDk-SqEyxdanqtG7J7yYyXXmIQt1Auih0bdEsrlK26Uby8ckQw1NdBabDPYn2C96fQqTZHI-1YmL-i2BKWgRBwyFPwI-eK7fxSss4hgQNz7sdvyde5OPcFAsg7Q19FvDk08Yr8OUOWV42YtdTB9bUV1okk6-JWWGGLGzWygLnSyvi1iyPO444vLczJ3l7RrQ12mkw7-IugYFMJoeYZmy0JvtW6NKgVwk3wfAgxJVq8bsH043-lh4p1sDoUjfoUyZKkNEvOo8v78RUfGhbANlRyTtbLieD1Q8A8PX6kspw0WXBrWgL0eueDl_Wn2gYlKCXB2xY3_cM5yNAvOYoL6xgVg5yDI3CwJGiBTfIIZMAndeHDjp8-JD9VYbCtj2E4xhETwJkywLQGrFfMsJwgvpn-qV1fh2cH4J9YVFsABwMJMhY49RRhGP848PCXkkI9s-JBQ9lkv0syS9EVUpRMLptn4zJbgdHp8RQvoTMhnImpPlxeYpYRTRpBSX4-dwceRnecKPvD_mc-QHFD4uxU77QkNeUi-KGL4A3jQqxqjHdnvSovxhFo_4QUT69PChOh6UUTP-giIKZujY9NqOcEJQ4-iLpIhBEg-IK_DZVADtfwZjZh2l_vZCcY71PBJJNZQZTMRIOEsYJ-pJ0SAJcYCdEvs0ohN9BEfFpm0AuhCqtrcsTFpxCycRa_rWtiEp3Wb7cn2BhrNxaE&sai=AMfl-YTdrL_R8CsoH_T6YBgMJvUT_62Slgsu19cp1hlzM2FkKYxlZzP811acreVsahPawnkbmtCLvmzb51uHllyWzjJ85MLxBd_6FuHZTb3QSdGFDvLXHLP39aS_BZJE8-peSq5Oyfac8114rH7wDk-cLZZLWG2xHi0LZADXxVjj2e6faWc1ePOVT8AvR9MN-k9TyWSJMWARkG87DNzg-QuOlzKjOcnbJcUUx-8ooRAOIWI79R3lPJ3YeEzU1Ehs67lwwL7Xc1q8llg&sig=Cg0ArKJSzJKO-Ot0TO6uEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=165&cbvp=1&cstd=163&cisv=r20230124.19744&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 30 Jan 2023 08:29:40 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 30 Jan 2023 08:29:40 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame F260 0
17 B 115ms
114ms Ping
image/gif 2607:f8b0:4009:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~ldijvayi&ctx=0&met.3=113.ta~112.t9&qqid.1=CJemsKHw7vwCFc_n1QodPf0Gbg
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:81a::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js Show response
pagead2.googlesyndication.com/bg/ Frame C9EE 36 KB
14 KB 21ms
20ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35da5c6b61db6ad2f028dc52eddbe524529ee5f74cf6b1eda074131d2b64bb61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81521
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14214
x-xss-protection: 0
last-modified: Thu, 19 Jan 2023 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 29 Jan 2024 09:50:59 GMT

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame AC90 63 KB
23 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6054746292d3567c660857d4e7ed6153dadda2b3d602245f4612deef4dba2bd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:14:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 928
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23828
x-xss-protection: 0
server: cafe
etag: 9010139400925747384
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Mon, 30 Jan 2023 09:14:12 GMT

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame 70D1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_dbm
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEIlk-T7HU_1VPLH11b8l5rk&google_cver=1

43 B
163 B

60ms
21ms

Image
image/gif

185.86.137.132
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEIlk-T7HU_1VPLH11b8l5rk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhiqnKp5MAE&v=APEucNVakwlhYKSFsYX91nTeuam_S7IiVHaysbuJLieh_Ppx-OOO8Lyfx1plXP7BBPO7DWqU2ysjGkck7D9mYcM9hD3_2C6QRWZHxa2E7ZGNPC4qcKf4CU7lF1RTkui-PuERqsMEe7AyUikAzYvGA2W0v6QBr534s6BKCK42fOtBxvctM7rDeHo
Protocol: HTTP/1.1
Server: 185.86.137.132 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
transfer-encoding: chunked
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:40 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEIlk-T7HU_1VPLH11b8l5rk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 316
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame 70D1 43 B
163 B 136ms
20ms Image
image/gif 185.86.137.132
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=GOOGLE_HOSTED_PI&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmartrtb_dbm%26google_cm%26google_hm%3DSMART_USER_ID_B64
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhiqnKp5MAE&v=APEucNVakwlhYKSFsYX91nTeuam_S7IiVHaysbuJLieh_Ppx-OOO8Lyfx1plXP7BBPO7DWqU2ysjGkck7D9mYcM9hD3_2C6QRWZHxa2E7ZGNPC4qcKf4CU7lF1RTkui-PuERqsMEe7AyUikAzYvGA2W0v6QBr534s6BKCK42fOtBxvctM7rDeHo
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.132 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
transfer-encoding: chunked
content-type: image/gif

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 7D96 13 KB
5 KB 23ms
21ms Document
text/html 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://koraplus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 257138
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 09:04:02 GMT
expires: Sat, 27 Jan 2024 09:04:02 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 64D7 783 B
536 B 22ms
20ms Document
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c9407306c99aa592d3941041ee0a44d11e0aacc83ded152d46032753ea6ff71c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Wk067j7GoFrfy2SrBe1hjw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://koraplus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-Wk067j7GoFrfy2SrBe1hjw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:40 GMT
expires: Mon, 30 Jan 2023 08:29:40 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 IAS_PassbackAds_300x250.png
static.adsafeprotected.com/ Frame 24F6 14 KB
14 KB 8ms
8ms Image
image/png 2600:9000:214f:4200:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/IAS_PassbackAds_300x250.png
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:4200:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f6adb794eda0e31a163ed517d8e63d388dbb762031a189349c72af2bc37bb4f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: 5gVOAFoF.BCvnrybv6D.a4lGJXzJNSyO
date: Thu, 26 Jan 2023 00:58:59 GMT
via: 1.1 a3c2566f9e36ad3cdf79fc6307fcf566.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 372645
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 14233
last-modified: Fri, 18 Feb 2022 23:28:59 GMT
server: AmazonS3
etag: "65a8b98b798ce416d94c2847aca40c71"
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
x-amz-cf-id: GhCzLm9EcT8rtyXw6zjr9aBpo_X_-dvcF-PELHLXlHZS4R5z2vyBLA==

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 1FB5 41 KB
15 KB 24ms
23ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com
URL: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81570
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 29 Jan 2024 09:50:10 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 0420 1 KB
643 B 23ms
22ms Document
text/html 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com
URL: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 72030
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 29 Jan 2023 12:29:10 GMT
etag: 48472445140208031
expires: Mon, 30 Jan 2023 12:29:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 1FB5 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 113e8ff3de67c853715c37158babb828a9d8317a448694a1fb17cb94502e27e2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 tweenmax_2.1.2_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 79FD 113 KB
39 KB 74ms
73ms Script
text/javascript 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.1.2_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/498083831003229311/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a863a77e9ee263a0ec9c1e792bb33ed0f663582b7369f472261df7b6040990c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/498083831003229311/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39910
x-xss-protection: 0
last-modified: Mon, 11 Mar 2019 14:29:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 30 Jan 2023 08:29:40 GMT

GET
H3 200 main.js Show response
s0.2mdn.net/sadbundle/498083831003229311/ Frame 79FD 6 KB
3 KB 21ms
20ms Script
application/x-javascript 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/498083831003229311/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/498083831003229311/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d083967126ab505435dc2d296e5887257c0b0025dd318f16e27f94c9d9df82bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/498083831003229311/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 23 Jan 2023 23:09:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 552022
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2610
x-xss-protection: 0
last-modified: Thu, 19 Jan 2023 09:40:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 23 Jan 2024 23:09:18 GMT

GET
H3 200 Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js Show response
pagead2.googlesyndication.com/bg/ Frame C31D 36 KB
14 KB 21ms
20ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35da5c6b61db6ad2f028dc52eddbe524529ee5f74cf6b1eda074131d2b64bb61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81521
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14214
x-xss-protection: 0
last-modified: Thu, 19 Jan 2023 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 29 Jan 2024 09:50:59 GMT

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame D618 63 KB
23 KB 12ms
10ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6054746292d3567c660857d4e7ed6153dadda2b3d602245f4612deef4dba2bd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:14:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 928
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23828
x-xss-protection: 0
server: cafe
etag: 9010139400925747384
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Mon, 30 Jan 2023 09:14:12 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 43ms
43ms Script
application/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=koraplus.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 17ms
16ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=koraplus.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 85 KB
29 KB 335ms
334ms XHR
text/plain 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1101900434958132&correlator=719633923412348&eid=31071821%2C31071978%2C31071579%2C31061691%2C31061692&output=ldjh&gdfp_req=1&vrg=2023012301&ptt=17&impl=fifs&iu_parts=21939239661%3A21823462148%2Capl%2Cdynamicpod&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&ifi=9&adks=3102769304&didk=2067475911&sfv=1-0-40&prev_scp=refresh%3Dtrue%26test%3Devent&eri=1&sc=1&cookie=ID%3D90ae5177862ea6de%3AT%3D1675067379%3AS%3DALNI_Mbt9OXzPjg4xLVfY2--FS8GBduAiw&gpic=UID%3D00000bcedd1c7bd7%3AT%3D1675067379%3ART%3D1675067379%3AS%3DALNI_MbTFe39uMOx3_cgcpTrxvnr23FoOg&abxe=1&dt=1675067380988&lmt=1675067380&dlt=1675067378490&idt=518&adxs=436&adys=1220&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=3&ucis=9&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fkoraplus.com%2F&rumc=1101900434958132&rume=1&frm=20&vis=1&psz=728x-1&msz=728x-1&fws=516&ohw=728&ga_vid=998354678.1675067379&ga_sid=1675067379&ga_hid=308029290&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c2d5e84e2f7f0cce7e319db08ce4cbd3686efbebcfb96bf442b678809a983fd8

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNzW4qHw7vwCFQH4UQod-OYIdw&gqi=&layout=/sadbundle/%24csp%253Der3%24/9419780827614543872/Netto_GDA_SdW_KW05_R/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNzW4qHw7vwCFQH4UQod-OYIdw&gqi=&layout=/sadbundle/%24csp%253Der3%24/9419780827614543872/Netto_GDA_SdW_KW05_R/index.html
date: Mon, 30 Jan 2023 08:29:41 GMT
x-content-type-options: nosniff
content-encoding: br
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29188
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://koraplus.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame CC07 0
0 43ms
43ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu2Pa93x1kXqu4WDLITF-bKNkzhVDAci7jQ1XuTh51x7IQYFcp4r10RRSCOqCUWWVR0sGxvtvhWSIN9n8q8GfzHs7aS3-kyufG0Tet5QEokpkRHBcj6JiMdOGnuxL1eYb1Pvm1g7gjEckxp_gzFgvYYmkM3yLof4HuooIxvLtl6CpTpcn1-se53bP9K1iSwDtiyp-S1wyeX_fwnDAa2Bb34sk-9M-rDmq3W00rCL1ajCb19cGFfVnZ2ltWqZK8hWudik4cb7HCmj5HuRO6HwAwROWEhR0kPQkdwdY3E3TkRehJTzBNJfm73OWt7tObnsijKm8Fmxg&sai=AMfl-YRqtZKEkynXSUtfG287-FukaHW5ckn102DXQBp8-s48_e9G6b1bSZKQC9pcl9zk8-jV_vrb9LDgHyFkWl9CzQHDDHi79fp8u_LaOI1rFMHB8joUf-blBHyw2Y-jOxv90DMQUuNP53N28DiFuMnG_mI&sig=Cg0ArKJSzA8UjGVKzxphEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:41 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 30 Jan 2023 08:29:41 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame CC07 14 KB
11 KB 69ms
69ms XHR
application/json 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023012401&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012401.js?cb=31071904

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d756e23034e801ff1251e5c699ccea3c48c3682ca1dd34f347940e8321756552

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:41 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11069
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1762 42 B
64 B 52ms
52ms Fetch
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst5ZFlZwrJz8IFqLOdxLLtKeO8bN-1PouNl8MXTw8Y2lM2_x7wemPn0qaaKrCaDKesqcFX9N8WmI-cpuK5FxQ_e7vg7acuQpZ3_CJiSCNRSHy_IhIpq&sig=Cg0ArKJSzNQLp2MQZjB3EAE&id=lidar2&mcvt=1108&p=130,436,220,1164&mtos=1108,1108,1108,1108,1108&tos=1108,0,0,0,0&v=20230125&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=347419830&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1675067379486&rpt=387&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8426 0
20 B 52ms
52ms Ping
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5315136651076&version=m202209210101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8426 0
20 B 52ms
52ms Ping
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5315136651076&version=m202209210101&ct=76&x=1&cor=1309542659004332500

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 8426 83 KB
35 KB 101ms
100ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DX-EDpPuOUSQCSsG0isw-lm3L1hWeJU8v5H5Bd3d_0M2yBX2JKR4Im-XdZz2Pi9QiWUYqAOpXJbb-51erHDetSYToRFljU5qFJNH8JWvJPZOvvfqxHBhF0LybF4a1Xj2AmcuwkmEhMeXrAXl-PnvwWapsH1uy_tXiC9L53QDD0_U-M_S4&dbm_d=AKAmf-Bp5zx9JhzZ2sEHt74Oefkz8yuSbTe0N-iXci2DjSbQkijiZEM_LVcsU2ben8-9N9_MfUbJBpt5u6ev7vO34mqH0NU4JEyPnYIX8u0rXryeBfAqLmh4nZo2ViOUN6OPbLDntA6FSWbvnIrbwHD4eabg7zYUewr2UlX3CX7pcX-MzwdmLKFXaEFXIPVS_8VSZ4-XZ8apxbNunHTscrvUelAOgZQ7KYC3lD8I42zdLtqES3_EUSIIDXJdhJkRNEnbQMlwsfLFt1iDUIUpfD-s-6DTXCgWgFwTIDQK_8ThYl-3NW6JhgKOBIhYRobA40r5hLLSEha-H_bV8VOFgXQi8iAgAfKexsxBiNURQMCfJSOXiZvrZSheq3A4smclKQsti1wWiVeWQxRSTqH2ZTR4wymyvKl6kEp15oGzr-ambVJ_51w02PiRBvJA4JFNNdrPhwVVMAE3uKesWcdvwoemjm9X_hmUKl8gdYR9fasbiNn5oY1Jf-8rg8hLPq7x3Cqn-O-K5cj3SnWUIU0jZAUY9qCO6fl_XDMf_RwQ74mYDlKo0F_70KcM-WkkNf8DUgtkra40PGzL-bRjDuPqzfr4xcvRlAJO6VkdI5efl1ETDCD0vamsyzV_rBn7RujEIO4JrrAzEHjYjA66i9c1aF9Dkvae-gfuhCFAN9w-n7raiMIwbST6qcceMeVecRLu08ZxvLrG_a92ZmzVxEVPh7rh6MoB7jfmwpMQ3wmxN7qNNW-7Bgrx5OYmauGXmVVAELZ2_gabSEcOFkCZzdYQhUn2F76WhdEUIdszYig0JGv1CIy--QdfuYtfV85AZG8-lDnjcW9PMCGsDJ_AWqvV0IW3tf0_W1xoWzpOsgcKU6iW4v7tN4jIfr-eTVwm_RLg2AUD4H-qKHfIsMOAcWz6gqJZz7JzhwfR6xD9SiGMHDtoVfvg_ymzgLfplz8-17zKskt2Y88Lj452VYO5FPPhz6pevYg60SBxmzZjyOLuGN0NueIVRANpJa89Sp2DPHqih4gtOS8SicNOeVFMHkcEVSwKJ41acBpgHVTCAuxf8EAx-yzXae10IUAauq8zII4Zk77x7fJDUCc1TdJzFSBHjRi_SbuWCMuhrFt72tVViK6dkb5w7yzSMJpQWpNzu65G5RFq49yERiX6E_p5nbNKFvH7w-Z183x_EGgEp9tUKQ583yKuTzIp0keQXspHKANfkZm0y-bIkfRziWAfKGKlhR9hcFr5tazDcDiVCU3eURzz0XzeWCfrBuzvMxvWo7h0Ol2lDZ07bQ5D3_e6ZwrbJBwXdhR58sbWI0y2Btxdkt1quGYCYFFjmSA5--g1XXg2LzQFmmNF7aDC_Gl_puLc5NFaU1098k6yc1c42YFAHedUeUlGx2CFQHLzOlx7EcWEpcVYMIUlJVKD4hfWH5TW5tEgzUGRM4aeulkkG7o5hAx0n5L5U_GfoJeoSlscDi0E_-H2Q0GIMZ31Qg6dmsf5lyEre0gtXYcbzhMhXADeUBbPI51wnPyTZ2Ra5ipoUaq1Ym692d1647UTc_oxXhR8hDymW6B4Gt0l0uDdZFFMlRh32qgFEXvdlwcQkSpvvoIhKb8fEzMuh-bOhSHvqTbu0n9oH8Si1DfgCF-Wvls3WR0KvsSDGs1bY1dFWchJ77_JKJdTEFXNEDp389WRIFLkeEUgjEoGvNRg2ZLlluoHcGmKq330l8yyIciXzmFUiMPmN9oIMbuk5RCidQr4F-qRR5VOvnBTcDXX-Xen50K8hSd2kfn21kOUwH0sbsJ2Orjm1hPHzntmWULtX37DLfL1GU9epI58qt26Or-t1m9Oa6FhlhIW1icgNGkdJ97qdTXm4J7CRE8PdMLCvkq1uNmo2qisN--DY2ZXjHq_V_K95KbboJCXafplGz8ntLHpkrs_kLrkOj7_zMSojNiDrGbYCBqZwzOZewJue8VNgGceQ1qW-hvA6-bQMS3IhDdZAmNADGl-b4DkaCqYohe9aRtvYv7cs8mrmOrWOK3AsSyPVHPUDSBv9Of6trNByP-HKRbz4r5cjhbWJjH8oQg5nF0pc7Lj-7pnBdYRPMF8WPs2tieFVdKaLAEfiSp4-UPQjsQ3cqeDiFdd0qAj12TrsonlNfvGzv97qIm-1peTGBrmxC-teXCbKZV8B9zq5DQ975BOBkAiHrhWKX24OFA8gBwRE0olsKHDEh6_k5IOElyw-ziuID69DKzmx6AuAcx1fybiQ-4zLf_O0w59BLZ0hzNQpk0P7AhEELtnkUtOUK9-GeS4D9lfs9gULlU9Vtleo8GXz0fH42rtKZQzS8qTXPasvOQ2EqWxCXKfEcYsLj6nk-uSXr-Q8dE52puK1KM1LElOpfzDqaQhzQyKYbS0xN4D-0ZMqsXUpPUzV8g4QCv5a3x1iu6Nw1snb7oEzpHYnU2_KLLP4DOQzv_puP3b3p2JDEJwwJVS4fgClXL1ba-6Mwe8phejcU9p5KqZNezQms3x6htjQspNYX-us7AD4mgk4V7-CLxay5982ljOvqARItglBe1WIjRaN7UZVC8egKpoxtESEWKnU5jcZvGt0XWDB3zB4gct-ZYh8_CNql044O5wriba5wwKrqcuInj8hkZrExFV5R-y3RE5i0d-4oISFeHd_dL1JKWRDYaGf_ALPWF3fwsf1En0OabWmNaMe0nzpbcuPtg71JFjmnmpb3WzOjD9XxSEfickKJjmGxeo8zxDyivrsLyx2ycpPU7GOcseRBkKRWF9EYNbgDN8KZxtVKFa00yZGaREwCo1b9XjHgI6-RJgAqG2qcSPbUPOuFhT9tNNS28kFKpZLGjbsKQ41lIKHviBV7tlcA613ZknvL5KcUKWHSjxLuiHcHydvIUc1anTL2B4nQaGo-u555i7n5vJwigvOaFF49w4twtN_141J4Yt5rWu74jjs-KG-ZUzPSrV7Vu2sWJI_BGFi2oL9NaaFSAti3cvOYDUHiY662ryeMyNF3rvRadzviO76LrA28Oj_BhzuntC3eoyhrSsJI79jQfjIIVrOP4Ro2-g3en7L76LClDhyxkEQudAGB13tHSqrBBgMkc-oJJ7LZ0xg39IfptlNxOWIOLv9E--nayJkL6ks2kdR_Ub8mpPK07mwwtnu0w7sWG7ph0SB8Ye1h-2E1-e-z80Ax5zw42LC755zV-y9TIsZ8PBRvMjkafmhtWZTFdWRmtm4tQSBzWcHiSFX4eZpI3xBJVLbVEo0yH2yJ3AJOETT1A_O1aS5LbROxAg0SjxZQf0d7N2cLSeya7ZctNdErxXZAO7fHMQOw5VHG-lFUatp7c&cid=CAQSPADUE5ymC3o_KfMZwF01xBEqI9x1QMV7iwz1MsX9J34toyzfVmFkSQ5jD2bdF79UqvrlXK7QKRK6qxsZwhgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fkoraplus.com&ds=l&xdt=1&iif=1&cor=1309542659004332500&adk=2297716817&idt=95&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c62d3365b732e66b5b762c79e52e447a10de456d36c9313880b874f8fe828541

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35518
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0889 42 B
64 B 57ms
57ms Fetch
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstq0GrxLUbJQ6aqChmINFupkxeNqlCex1iHnWsK57YsbkVSCwoSUAOQxkrpkCSF4de9-OpsguirmbzZRMMmCwdHIn181SHaUIvYZgGDBPDRooonnxhpOvnRkTAvK4VMVkyZGBnDxw&sai=AMfl-YQLRI-ltZDJO-yFtg782A4-AbLsYpcadMRAYHSxYEzzTvm8gKnb5qCmWz-eHiJT3WgRzNapKjlN04iAeZg2madIQsxR227TTpj02RZsaxv_6pVKoWoooKk3Rh8IoTgb3iif0EttKv83HCxTPLk&sig=Cg0ArKJSzM3fbLiFRBOXEAE&cid=CAQSSwDUE5ymMM5tStGOyrMVmMpR-PRiiGsQuTdbaU6giGx5u37v8iqoC20dY4p0wWRF7PILmHah7mzwGMd4ZlepCuUHMj2YJPMYoWV7IhgBIBM&id=lidar2&mcvt=1082&p=520,0,1120,160&mtos=1082,1082,1082,1082,1082&tos=1082,0,0,0,0&v=20230125&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=3107741676&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1675067379455&rpt=494&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 1762 0
17 B 115ms
114ms Ping
image/gif 2607:f8b0:4009:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~ldijva6h&c=1104399846271448&e=31071830%2C31071971&ctx=1&met.4=fb.8~lb.3r~ol.ax~idt.2b~dt.-c3&met.9=1.2z~13.4e~2.4l~9.0~3_1.5g~7_1.0~4_1.ef~5_1.en&met.3=739.3r~112.8b~738.ar~749.ar_5~736.bj~113.c1_1~735.cl_1~740.cn_1&met.1=1.ldijv9y6~14.6~15.0~16.6~17.6~18.6~19.6~20.6~21.6~22.3w~23.3w
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:81a::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame CC07 63 KB
23 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6054746292d3567c660857d4e7ed6153dadda2b3d602245f4612deef4dba2bd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:14:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 929
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23828
x-xss-protection: 0
server: cafe
etag: 9010139400925747384
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Mon, 30 Jan 2023 09:14:12 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CC07 0
20 B 52ms
51ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_stats&su=koraplus.com&doc=complete&pg_h=0&pg_w=300&pg_hs=250&c=0&aa_c=0&dt=d

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 762D 0
20 B 53ms
52ms Ping
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6787306333064&version=m202209210101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 762D 0
20 B 53ms
53ms Ping
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6787306333064&version=m202209210101&ct=76&x=1&cor=14193382253363542000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 762D 83 KB
35 KB 101ms
100ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DUzD-Z3BhF8say3zb18MnEHS0eMBGKhwJK7vqcpU9AqStxqs_Wh8vrvYZkutCJxyQR6ZW1OvDervgGuLsAryr5JLFpT19TF2x6cNwgKOfy18-276GVKa-hziY_3aTpXeAi6r8YJWWZgPt1kbJXES3pRqFfeAC8A3B4uBbrEtl6T0-I6Xw&dbm_d=AKAmf-C5_fG_VI5xtOKHOLWW7GyCksqdvuyPQwxQg_nL2aincQn_D_7tPb7nvBOS7AKch6tm7CqvaLXw_aklPVXg180vKjkHizxySFwI2H779Axzkq71dxt7Vhit3ZJEbeyVsfv1l_9biz9QF9iVrpnjIAPKxoy9YNmjDaeh0xaWIJQFKSQAn4ASvbAZ9fNjao-DysfAg2izbaVgj2h85P9ZPne3YiCsLesaRIB_hffSI8QNSyZKBUsM7SnOK6bD2I7sNwXlmW4usFlZMFyvdENKXqvDLq4cOOe3JByNsGy4wXe5Ufa803PkgbI3s9mCyXlT60yEkrNUGCdbtGZy3iMWLNS1s4fzx0Hnzv3DnpkUJKZGsGN_C74sborHSsG-DdjKVzh88scSopMrJ6OkTvkrkrSNpr29vuIY04fLtK1fcZfx4nMXwNxbLECtnhxYLXvkJFAir-wwmI3mEhFHyjrlyjZj1fOJeGX-tmHRQvQfSSqscbQP0TNCzxF61KyVGT5cpqjaectv6CM2W7kn9CccEBH2orJPcqdCXYjYXq3HRML76JmQ6Wp4R-aiqLUDsQJBJGm4B_UvhLRf2BKGFbKQD7qYbpM5x1XN8y7sGiHLLxcrTddyoQ0pnpPlGRYZTeQLMaZUzT8VBBjgEpJnPqbHl3YiQvhFpWD3TO52u79kVCQnHhUZtznjKrrtUKlMdCu9zRcnu5_wukA3y-yMEB_YCscLFs286GTqiUqe_EbK6XWG8cTzgjMfd3nsGKUjJBrZxcOVlCvrvzP-BoebHofKuCAq-TxTVlR9jShPL5NNuP6a20C7PrMLf3AYxIbFZeRzJrkXhA1EZsWpa8irVHEm0ar2y_QcNi5lpzBZKae5i31I_LnmFG8Ci0blBwSdN6YRixqU8OyHQ1rUcEQ5I3M7Nm2lQmv1mSvARzw0xuWgtnl2JqHeN1JDJ9R_7nmJyJ5G6kQ_mHojX8XRHn9Yi2NpQxRvOSXbOa-_jEtgtYsIZfEN6JH33_CfLsfqsHmkZyJ83wpNaTmRDRywoUO2P7ejQYno7nh8cCxuDn_NfvmMiqw3Kgl3gNYCeqhYR5RbcOIRavH5Q3gHVQnRn3BApu0__kttD3THd4a3YE4wwzbOdZZEmefX66kP5dhXJ63R-qdRpxb6W1b6mheWOqtRsZ7XhDt2mK69VMtqWkJRGaU3VnrNMkN-0mrFwApuLtM0LF3r-TVUMM_0q3GMz9YPAVcDryxHf-bSkeRM6FcG-O5971JXvNYbwc5NnXBqWR1nYVJDKnCy1_Prl51xr-StLnOZpR0uX2Zds50ROtDjUv8ipQiSJmps8mX5Jdjyrv3kqqa9qbe4UVPBQQ9vd_INT8XoD5nQV7UUnMcDOBO_YVeepr38Y8L1VrMjLBdirUoDMY7a-bFd25YhoyEOXCI-rwMYCk88BxqoKARZO_Km18VmSzFq9wtRjeOgAzKbYZZqnH3fDqO2Du7HO90bmJ6sXUVcErcXrhDxjAHSe0gHyL8SR5I2yIYDabrSQxXaf0375K8yP0BrTfdRR0k0OF1NuVwzQgqEzGUKu3dzaN8-R9h4mXXFjSZawbcKwgqL2tOSawGlVDaqj3lO4yfYxWM1EbpMSA5XW0xX7yYzJkdnC07Y4IxaCJsWzK4K5unC2Ur9OVtOSFtbfUbluzrsL3tXhdmx4UjQUfHW5R49wUntmXIF9nHT81mDBpZnx7gfDy3qZlX86EpUxsOeuxIUh6Tq630bLcHRPy2GLeys1Me5wl_VEnWF8NW6Iq0CFpp_myxOe8SgmzG_appEz9N3HnWoE5U7vog26VF95Rec_S0hVYVfvKZe1smPNtdpmw-EziJ0vaL8bm9aSNiGubVmqhhHktonT2DB0ug8JiX1qCGcoSgeRODrhOP15gXTMAM-XOY1_ZlL0KC7aHkqjapHxRpmS7GUvg1cxm1eLVD-KkR_eO3ObM9CJgHkDLBmqka7Vap1m6M36FmZileaQOhPUbDA-zQt1-KlSO1odlyIOtnq6syVU2t3wHktve8QtvYcu8kt6erhKLwCYueIxHgzkCYZcHHfpj3HIFpqApir4bf0gKX6bgMSqPEECKIFVe_n9BE7Xh_gSxz4r6pT5EGTa-b2aM9jYTb3gsO7TroS3403c1wjRYj1BBG6pXViE6kHo6krfY-ZXMAQjYt8d3LpysjHVqdlPrwDrVCNVRqEJHEA1ARjqTQBu9B1mVS5GBL8k7YZ84dhFsWq1yPYmwMysSIJuWyL1jS3jYUyEJ3ZP_WyBEUa9SxYfcEQ_DrF8Uv01G1ErMpXr6Z25aBbQr1At6Ne90FJTqrdgaAk5wU38i4bzY4INE7rpljPPDYKkTk0agRXpyaWYbHHB_RG9_K9dfce9FRWjrkaZCFPWalHb-X3axmhRLE94ZjqracU3CERKLbSQZ54EJEDcNNVLRwsMqiI1SOkq4oQ_AD3sqVGC1Mkgg_cC3zWWGgaGZfGn_e2UOsZSwXEzIorQe1Y_Nh0GV8pN_QE3IuzJb_Wv2it4KndwpomapkefjF6Li1h5Ub48dEsaKQAFJxTmUDtS3Q6c-a14i6WXCRWQ8PuXzkwHkZFq5ek_wSq5c9XVJN0wvvZveNjS4TVtNdHvZuKRMZkX0r0DTrzwGy_RC16y5AVY3-dj7wdt2YQ75MP9bMvem8_eb00MouME0LV1NAmI5MJzN3CD0JTbkYH8tvNrlAzkZPestbW-qjHFg_vnWcYCKpCS2nn7-nuHIW9qwKMCw0PYlzCZ4m_cCahj8DwOeGKNKdFTy20Rk84xUBROpLaJBQyqqiNhISJgTtb2DsckqGiXUjaBzjV3i6_H6IAqJsOyznv5MpDNF-6NZEYdNkt4PB5v-ATY_zRJJicCa8gEDnkihzTaxOFgC8XJ3lQYSv-bPX6ZSc1y75M2EnyUNXqmmBNq2a9nzhM3nzj9tdd3XW_bVXXfmHgtNuvG5vKCE6z5nsbd_u_uztZxP8XJdSYMcbqrKUOKrZen2qyVF16iwGscxC0iAHMkclU-IkztwCww6yzBrvOoI_8p08ncAa5AXv9DmomYQSGGOfbSpincCvtBExSHn54F8urww37sOjy6jdWdbGO6T_lwYXAvsfPYAOkXEcGllJlcGfpBr_2rw7FV5ovV1mkPdZSkL7j3FGr8Dc7pG0dpCtcmptP0XVQMWlbTDFQZJw_j_gKaxkmDBJbwklUUQz0F3jpwaJmlJC8wX0UfbB1AUpLFlAyQhnxOd7dUukdLfcM-TIVSWwYYwEOZmwWOc-G3hHnQ_yWGKwAw5qA-VoEwvSHNmZEPB4-Qh2odkAbkr2YnmjfTAge&cid=CAQSOwDUE5ymAGNJGbzoAjZ5xHxhaKOVv_0c32VN6oGKep2U_hQc2aGmgxdxzoC2qHOE5dB986rnYtY5EenEGAEgEw&dv3_ver=m202209210101&rfl=https%3A%2F%2Fkoraplus.com&ds=l&xdt=1&iif=1&cor=14193382253363542000&adk=945720016&idt=129&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

96c293e6618c3f300e4f39859c6d5cad961fc68874597365cddcb8fddc1f05d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35578
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame DB43 13 KB
5 KB 23ms
22ms Document
text/html 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://koraplus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 257139
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 09:04:02 GMT
expires: Sat, 27 Jan 2024 09:04:02 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 1B6F 783 B
534 B 18ms
18ms Document
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

49adcab3b220824cc857be3a9db5c3365bf4cbff941153f338f95130ee98f688

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-BeLEo_oIGJ_7zxa2yT3msw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://koraplus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-BeLEo_oIGJ_7zxa2yT3msw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:41 GMT
expires: Mon, 30 Jan 2023 08:29:41 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 document.795992545.js Show response
c.bannerflow.net/accounts/finnair/6140ae64cb78547990abe56c/published/3917667/4296747/ Frame F92C 43 KB
7 KB 18ms
17ms Script
application/javascript 2606:4700::6810:c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/accounts/finnair/6140ae64cb78547990abe56c/published/3917667/4296747/document.795992545.js
Requested by: Host: c.bannerflow.net
URL: https://c.bannerflow.net/a/63c6ae0e7c127b7a6179dca6?did=5ced17d285b1c200019c3fe1&&redirecturl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjstMMCFYE5vDAvV_3cSyysdoZ-sAH9pllZAgAQ1-kcf9D2xxMBvhNK40vMbpqtD6F88S8leYsGmBXZgWSFbyss90BVq5p9PrETj9k2pb0IFgoP8ftLC7XR-0Ah-HPBm5_u6BN0izRuACEOlJQr-PDKh_6PH8W-LZIR4NVv35wyACjLxLjuG27QULr6e1v4_bsdWL0ifry5JvroRBB753oDVgC7BkTo1Mzze2JLMGCj3gqceGN2V3y0yhGjLOvCDhSdxkfY1cq_3OtiMVkLC5R3T34JEXttT-wnnnP3f04vXJwGCds-V_fVlDqXMTg8sKP_TPI_e2MnxKPdtZrbzxw4XwFc29mfx8cbjFJdKtiTgoQc06iKnGGbovuYemex1Ig9sUy4KepOU6GZFDvgeO-D1ogCXRLqQJCeZ2LvGtGXFeo5ZwhSmDl7jzo_YzMPkaEA1o3vfHj23fHM7a8_6ey4PINuiqaszGspfBCZyPr7Y9hP84J8qm6lDo7nCb6CZ20kCO6V0IWcoLio6IXHWwXu1OgYIwCRIt3TaxpxfxraavNAjFsBY-pegUhx2bfvdfqxFCinY6qp5_PNTszOY0sRFIs1xFETnUupiI3VJgrT3uWf6ex4F1CC-MEKyHOe2EMOA9nNcGBsdZCPyWC69r92DxtwT4fdtljlDUh3bB6uqg_ZobTiCHGO8GbRrFE-S3bd6rdlpaqyoC4XSeHkGSymdY-gKKqxO5HThxON7GYINriTmV7CKt-gJmqu6oGdqoEJWyDb4oMm2o7W5Aj0gOJ3ingV4O1KQ_tDghhzuw-0HqZfcHReWdcbgz__BEDBq65RLsPT-00TngI6LBwTsCd5nGRdRxCrlSMe5NYsPT5jDos4QgfQoQjovR4pzDPF1qTiZmcyXlwxwaNVs4VuInI2qvk1Q3lk6WJ4BJuuhe-Pe0zUJQwYeNaMJcilQmiS1sOR1stfJY5S4AQhqJ9Hwcbfv7dWGa_5kFPbaY7ZP8XIKJKnMSXgRxVcJbRJc7LYLZRXQov9bHEuwf0yb_2XyiLgvlBTTevn3Y3Ns8aIpJMPyEW4OItN_j8qsB0Aor1C58XXB89Bskn6jVO8dPFavArm3A4YZ6cn_bwLnSq8NL17t2SzyjFt_hKcNRo5UTgapOmyB5X0LSJsl-OszR8d5-BTsAGnjT0k9VwCGtoFq8dhKFGNlFo8yvtwK9yN3W9OZWz4gELsCqkIl_-ybw1BpVvGWENBy3WmGrSMtllIij4eEghr5Eq9U%26sai%3DAMfl-YT64ur-n1AoMfOO1uQkklsCXgoBtJmrMo3F7-nTLDEr4ULrDggWcTLw1CATCvfYdw7TmF4IMGEr2PhiPIUlBzId4AZpujnGIDW5ELbpDsqszy9acpbbP28-jHfxQN7uPP7O6TH7x9PSEl2z_n5Prub_7uQrHdd6I-7VfVPiYtays-ad_2A17wmXRuiGYCI3ycVGNeCgBLYB0MQaS3oIhyIVTdgEx7az1tdE7NH_KBLygKiIAwstdD-kxFcEr1M8N2AWUKsIZIMf4U098xJ-vgZiN7PkKVl2yy8D-6-v5utLQoQDlxA%26sig%3DCg0ArKJSzOUHdJOmkFhoEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26rm_eid%3D8149908%26adurl%3Dhttps%253A%252F%252Fwww.finnair.com%252Fde-de%252Faktionsangebote%253Fdclid%253D%2525edclid!%2526utm_source%253Dprogrammatic%2526utm_medium%253Ddisplay_campaign%2526utm_campaign%253D20230119_de_tactical_jan
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ea3bda0286cf13ceda6fa3ab9a91d3d3910cff105b0092c818080cef4dbfa524

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 30 Jan 2023 08:29:41 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: qNZ2UE8BENWGGKBrXRhw6Q==
age: 937750
cf-polished: origSize=48905
x-ms-lease-status: unlocked
cf-bgj: minify
last-modified: Tue, 17 Jan 2023 14:18:00 GMT
server: cloudflare
etag: W/"0x8DAF895A39FEF56"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 00eb4140-b01e-0093-0ffd-2b362c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: public,max-age=31536000,immutable
x-ms-version: 2011-08-18
cf-ray: 7918d75bbfd02c18-FRA

GET
H2 200 animated-creative.dccf9a0435c1047d859e.js Show response
c.bannerflow.net/scripts/ Frame F92C 152 KB
52 KB 19ms
19ms Script
application/javascript 2606:4700::6810:c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/scripts/animated-creative.dccf9a0435c1047d859e.js
Requested by: Host: c.bannerflow.net
URL: https://c.bannerflow.net/a/63c6ae0e7c127b7a6179dca6?did=5ced17d285b1c200019c3fe1&&redirecturl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjstMMCFYE5vDAvV_3cSyysdoZ-sAH9pllZAgAQ1-kcf9D2xxMBvhNK40vMbpqtD6F88S8leYsGmBXZgWSFbyss90BVq5p9PrETj9k2pb0IFgoP8ftLC7XR-0Ah-HPBm5_u6BN0izRuACEOlJQr-PDKh_6PH8W-LZIR4NVv35wyACjLxLjuG27QULr6e1v4_bsdWL0ifry5JvroRBB753oDVgC7BkTo1Mzze2JLMGCj3gqceGN2V3y0yhGjLOvCDhSdxkfY1cq_3OtiMVkLC5R3T34JEXttT-wnnnP3f04vXJwGCds-V_fVlDqXMTg8sKP_TPI_e2MnxKPdtZrbzxw4XwFc29mfx8cbjFJdKtiTgoQc06iKnGGbovuYemex1Ig9sUy4KepOU6GZFDvgeO-D1ogCXRLqQJCeZ2LvGtGXFeo5ZwhSmDl7jzo_YzMPkaEA1o3vfHj23fHM7a8_6ey4PINuiqaszGspfBCZyPr7Y9hP84J8qm6lDo7nCb6CZ20kCO6V0IWcoLio6IXHWwXu1OgYIwCRIt3TaxpxfxraavNAjFsBY-pegUhx2bfvdfqxFCinY6qp5_PNTszOY0sRFIs1xFETnUupiI3VJgrT3uWf6ex4F1CC-MEKyHOe2EMOA9nNcGBsdZCPyWC69r92DxtwT4fdtljlDUh3bB6uqg_ZobTiCHGO8GbRrFE-S3bd6rdlpaqyoC4XSeHkGSymdY-gKKqxO5HThxON7GYINriTmV7CKt-gJmqu6oGdqoEJWyDb4oMm2o7W5Aj0gOJ3ingV4O1KQ_tDghhzuw-0HqZfcHReWdcbgz__BEDBq65RLsPT-00TngI6LBwTsCd5nGRdRxCrlSMe5NYsPT5jDos4QgfQoQjovR4pzDPF1qTiZmcyXlwxwaNVs4VuInI2qvk1Q3lk6WJ4BJuuhe-Pe0zUJQwYeNaMJcilQmiS1sOR1stfJY5S4AQhqJ9Hwcbfv7dWGa_5kFPbaY7ZP8XIKJKnMSXgRxVcJbRJc7LYLZRXQov9bHEuwf0yb_2XyiLgvlBTTevn3Y3Ns8aIpJMPyEW4OItN_j8qsB0Aor1C58XXB89Bskn6jVO8dPFavArm3A4YZ6cn_bwLnSq8NL17t2SzyjFt_hKcNRo5UTgapOmyB5X0LSJsl-OszR8d5-BTsAGnjT0k9VwCGtoFq8dhKFGNlFo8yvtwK9yN3W9OZWz4gELsCqkIl_-ybw1BpVvGWENBy3WmGrSMtllIij4eEghr5Eq9U%26sai%3DAMfl-YT64ur-n1AoMfOO1uQkklsCXgoBtJmrMo3F7-nTLDEr4ULrDggWcTLw1CATCvfYdw7TmF4IMGEr2PhiPIUlBzId4AZpujnGIDW5ELbpDsqszy9acpbbP28-jHfxQN7uPP7O6TH7x9PSEl2z_n5Prub_7uQrHdd6I-7VfVPiYtays-ad_2A17wmXRuiGYCI3ycVGNeCgBLYB0MQaS3oIhyIVTdgEx7az1tdE7NH_KBLygKiIAwstdD-kxFcEr1M8N2AWUKsIZIMf4U098xJ-vgZiN7PkKVl2yy8D-6-v5utLQoQDlxA%26sig%3DCg0ArKJSzOUHdJOmkFhoEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26rm_eid%3D8149908%26adurl%3Dhttps%253A%252F%252Fwww.finnair.com%252Fde-de%252Faktionsangebote%253Fdclid%253D%2525edclid!%2526utm_source%253Dprogrammatic%2526utm_medium%253Ddisplay_campaign%2526utm_campaign%253D20230119_de_tactical_jan
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d6b6b8c1eca0c4b1dc7bd41b30df4237ebe7dbcf91e2f884b0ca4953c6aafaa6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 30 Jan 2023 08:29:41 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: hD4ay7WsWpRRvml9SIVNgA==
age: 1526119
cf-polished: origSize=155846
x-ms-lease-status: unlocked
cf-bgj: minify
last-modified: Thu, 12 Jan 2023 16:17:38 GMT
server: cloudflare
etag: W/"0x8DAF4B8863BEB02"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 3a83f420-101e-006e-60a3-26b809000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: public,max-age=31536000,immutable
x-ms-version: 2011-08-18
cf-ray: 7918d75bbfd22c18-FRA

GET
H3 200 container.html Show response
c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D8AE 6 KB
3 KB 10ms
9ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012401.js?cb=31071904

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://koraplus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:40 GMT
expires: Tue, 30 Jan 2024 08:29:40 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame CC07 17 KB
6 KB 137ms
137ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012401.js?cb=31071904

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 30 Jan 2023 08:29:41 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame AC90 0
17 B 115ms
115ms Ping
image/gif 2607:f8b0:4009:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~ldijvb74&chm=1&c=1101900434958132&ctx=2&qqid=CNTKkaHw7vwCFVQGBgAdCCULRg&met.4=fb.5b~lb.f6~ol.jn~idt.-ek~dt.-sy&met.3=733.fj~748.ft~742.fj_b~739.gi~555.i6~556.i6_1~738.jk~749.jk_2~736.k0~735.kw_1~740.mb_1~113.rv_1~112.rv_1&met.1=1.ldijvafa~6.0~7.0~8.0~9.0~10.0~12.1~13.a~14.a~15.2u~16.gh~17.gh~18.gi~19.j9~20.j9~21.jm~22.6h~23.6h&met.7=CBsQCBgBKAEwCzjDBWgCcAp4iReAAd0UiAGSMLABAbgBAw~CBIQBxgBIL8BKL8BMO8BODBowAFw7gF4_QaAAdEEiAGwH6oBEAoOUm9ib3RvOjQwMCw1MDCwAQG4AQM~CBwQChgBIMEBKMEBMOgBOCdo0gFw5wF4jgiAAeIFiAGRDLABAbgBAw~CCEQBBgBIMEBKMEBMIwCOEs~CAkQChgBIMIBKMIBMOkBOCdo0gFw5wF400eAAadFiAGEsAGwAQG4AQM~CB4QChgBIMMBKMMBMPEBOC1o0wFw7wF4gAyAAdQJiAGBFbABAbgBAw~CBwQChgBIMMBKMMBMO0BOCpo0wFw6QF4jz2AAeM6iAHSjQGwAQG4AQM~CBsQChgBIMMBKMMBMOoBOCc~CCoQChgBIMMBKMMBML0DOPkB~CAQQAhgBIOABKN0CMPYCOJYBaN4CcPICeOJEgAG2QogBtkKQAeABmAH2AbABAbgBAw~CCgQChgBINYFKNYFMOAFOApo2AVw3wV4wLwBgAGUugGIAeD3A7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:81a::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame BA7D 22 KB
8 KB 30ms
24ms Document
text/html 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 81571
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 29 Jan 2023 09:50:10 GMT
expires: Mon, 29 Jan 2024 09:50:10 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 0420 0
104 B 132ms
29ms Image
text/plain 2a02:fa8:8806:13::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESECxOmAkTivqEP13K3JfFS0I&google_cver=1&google_push=Aa02lx_YMWPxAHcSbsas8_zGgFRpcjaRw0cuvK4XpgI8V8l5yhA6_MJ4AmSBWG8TpD2Ty7GjIwYlBLf7NSD9-1ubHnWKzzICIyXsC8LiByCtR1P4JnrQgnXK1g6eJ5RkdvzLtOkQI8O3r9J7
Requested by: Host: 7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com
URL: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0420
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEIS508NW50CsGa9zvmkRP8c&google_cver=1&google_push=Aa02lx_ay_42rh2Lb1SgUBj_Z5Tnn1TpkANHxEwhutTHzr7Pz16KoPur_ZRzO_BcYjh3Ngwzp3Xj9MJTqiLh1FBi...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aa02lx_ay_42rh2Lb1SgUBj_Z5Tnn1TpkANHxEwhutTHzr7Pz16KoPur_ZRzO_BcYjh3Ngwzp3Xj9MJTqiLh1FBiqL9BY1gp6k5PuLnB6mBkylThUW5r6A...

170 B
188 B

18ms
18ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aa02lx_ay_42rh2Lb1SgUBj_Z5Tnn1TpkANHxEwhutTHzr7Pz16KoPur_ZRzO_BcYjh3Ngwzp3Xj9MJTqiLh1FBiqL9BY1gp6k5PuLnB6mBkylThUW5r6AdhYm7WlhC4RCNA_jZsFqMbfHxo

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 30 Jan 2023 08:29:41 GMT
Server: MT3 404 ce67235 master cdg-pixel-x34 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aa02lx_ay_42rh2Lb1SgUBj_Z5Tnn1TpkANHxEwhutTHzr7Pz16KoPur_ZRzO_BcYjh3Ngwzp3Xj9MJTqiLh1FBiqL9BY1gp6k5PuLnB6mBkylThUW5r6AdhYm7WlhC4RCNA_jZsFqMbfHxo
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 30 Jan 2023 08:29:40 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 0420
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEO35KmfsCo78G1gNAAAkWKk&google_cver=1&google_push=Aa02lx9OoS1IllBnO6E4oioW3Viz90vqiP_rAnWfEkBlCbG5YJlsGCAKDrkLjFSxsLRUKo-0eyLRZyE-P188Gfl5mvXSUspPhmAbn...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEO35KmfsCo78G1gNAAAkWKk&google_cver=1&google_push=Aa02lx9OoS1IllBnO6E4oioW3Viz90vqiP_rAnWfEkBlCbG5YJlsGCAKDrkLjFSxsLRUKo-0eyLRZyE-P188Gfl5mvXSUspPhmA...

43 B
437 B

198ms
182ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEO35KmfsCo78G1gNAAAkWKk&google_cver=1&google_push=Aa02lx9OoS1IllBnO6E4oioW3Viz90vqiP_rAnWfEkBlCbG5YJlsGCAKDrkLjFSxsLRUKo-0eyLRZyE-P188Gfl5mvXSUspPhmAbnYJYRbSkzAcAvjV_IQGTJVn5-zHScQ8TOLCpZZclKP0&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAa02lx9OoS1IllBnO6E4oioW3Viz90vqiP_rAnWfEkBlCbG5YJlsGCAKDrkLjFSxsLRUKo-0eyLRZyE-P188Gfl5mvXSUspPhmAbnYJYRbSkzAcAvjV_IQGTJVn5-zHScQ8TOLCpZZclKP0%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7918d7606daf2bc9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 83
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEO35KmfsCo78G1gNAAAkWKk&google_cver=1&google_push=Aa02lx9OoS1IllBnO6E4oioW3Viz90vqiP_rAnWfEkBlCbG5YJlsGCAKDrkLjFSxsLRUKo-0eyLRZyE-P188Gfl5mvXSUspPhmAbnYJYRbSkzAcAvjV_IQGTJVn5-zHScQ8TOLCpZZclKP0&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAa02lx9OoS1IllBnO6E4oioW3Viz90vqiP_rAnWfEkBlCbG5YJlsGCAKDrkLjFSxsLRUKo-0eyLRZyE-P188Gfl5mvXSUspPhmAbnYJYRbSkzAcAvjV_IQGTJVn5-zHScQ8TOLCpZZclKP0%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7918d75e5add2bc9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0420
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEI2z__mc-QcunGoBchOHE6I&google_push=Aa02lx9ts0cE-JrpdWltQx-eJSIUN3m_Dk16K6KYp4h0ubLZQbkG5yfa8Y...

170 B
188 B

20ms
19ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEI2z__mc-QcunGoBchOHE6I&google_push=Aa02lx9ts0cE-JrpdWltQx-eJSIUN3m_Dk16K6KYp4h0ubLZQbkG5yfa8YPZeJGjWkNrC1OPZO6HSXwvu7B6jfu3CTbWMc7h1UKCgsqBBNaV1AqlOf3yPf-8DudTalmLcs7NLdLQhJEfjGM

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-hhn-etou8220030-HHN
pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1675067381.307002,VS0,VE89
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEI2z__mc-QcunGoBchOHE6I&google_push=Aa02lx9ts0cE-JrpdWltQx-eJSIUN3m_Dk16K6KYp4h0ubLZQbkG5yfa8YPZeJGjWkNrC1OPZO6HSXwvu7B6jfu3CTbWMc7h1UKCgsqBBNaV1AqlOf3yPf-8DudTalmLcs7NLdLQhJEfjGM
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0420
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEG8RJRXV3sC0v3V6FX4qIvM&google_cver=1&google_push=Aa02lx8Tna1hUTesMYoTgRA_6e-BAxmuPEI1jR5A2W1Ngn2ertSc49fSWZstQh0jW6Qbji6-MMiI0Nl5vuMi7JCE...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=aVUBxnXVSTGWlS4btHnjmw2&google_push=Aa02lx8Tna1hUTesMYoTgRA_6e-BAxmuPEI1jR5A2W1Ngn2ertSc49fSWZstQh0jW6Qbji6-MMiI0Nl5vuMi7JCEhydAHrmk8GSvjM...

170 B
188 B

28ms
22ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=aVUBxnXVSTGWlS4btHnjmw2&google_push=Aa02lx8Tna1hUTesMYoTgRA_6e-BAxmuPEI1jR5A2W1Ngn2ertSc49fSWZstQh0jW6Qbji6-MMiI0Nl5vuMi7JCEhydAHrmk8GSvjMk230BAOSWc_FWgYF4q8o1hWNvWuCTgLph8OiQ39RdN

Requested by

Host: 7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com
URL: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 30 Jan 2023 08:29:41 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=aVUBxnXVSTGWlS4btHnjmw2&google_push=Aa02lx8Tna1hUTesMYoTgRA_6e-BAxmuPEI1jR5A2W1Ngn2ertSc49fSWZstQh0jW6Qbji6-MMiI0Nl5vuMi7JCEhydAHrmk8GSvjMk230BAOSWc_FWgYF4q8o1hWNvWuCTgLph8OiQ39RdN
x-host: tde-deliveryengine-production-fb497649f-s2lxl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0420
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESECC0uDC7e1bpu_tpnzM4gsc&google_cver=1&google_push=Aa02lx_wfMUYGmz2RgLj3z0YiI0wc7JNjrTsN27PuOGCto7wP5hbpbgLhk-w2wffcvNDkSNnga1hhC7mOJhXNpqwZwAlPec...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx_wfMUYGmz2RgLj3z0YiI0wc7JNjrTsN27PuOGCto7wP5hbpbgLhk-w2wffcvNDkSNnga1hhC7mOJhXNpqwZwAlPecOdOZ-XGwBNQqdnJDWGMAf86gi1Zp__DoT0aeE_...

170 B
188 B

20ms
20ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx_wfMUYGmz2RgLj3z0YiI0wc7JNjrTsN27PuOGCto7wP5hbpbgLhk-w2wffcvNDkSNnga1hhC7mOJhXNpqwZwAlPecOdOZ-XGwBNQqdnJDWGMAf86gi1Zp__DoT0aeE_Milt7oriG8&google_hm=eS1tbTdESTExRTJwSHpJMlU4YkZ2ZnN0cDRBeXhKSHJTcn5B

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 30 Jan 2023 08:29:41 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx_wfMUYGmz2RgLj3z0YiI0wc7JNjrTsN27PuOGCto7wP5hbpbgLhk-w2wffcvNDkSNnga1hhC7mOJhXNpqwZwAlPecOdOZ-XGwBNQqdnJDWGMAf86gi1Zp__DoT0aeE_Milt7oriG8&google_hm=eS1tbTdESTExRTJwSHpJMlU4YkZ2ZnN0cDRBeXhKSHJTcn5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0420
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBLZtz4hgtOMXay75Z_OJxM&google_cver=1&google_push=Aa02lx9GGzxALJY8L16-DVSmJ5S5RTeX5Y8IuzvwU9qN8BkTOJZT_T9ihxWctU87cgSASULiGsu...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TERJSlZCQ0otUC02NTlM&google_push=Aa02lx9GGzxALJY8L16-DVSmJ5S5RTeX5Y8IuzvwU9qN8BkTOJZT_T9ihxWctU87cgSASULiGsuEuUxf8hxN9uxbiKkhCw5plWD7TBtao...

170 B
188 B

22ms
22ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TERJSlZCQ0otUC02NTlM&google_push=Aa02lx9GGzxALJY8L16-DVSmJ5S5RTeX5Y8IuzvwU9qN8BkTOJZT_T9ihxWctU87cgSASULiGsuEuUxf8hxN9uxbiKkhCw5plWD7TBtaoBUcLe4RxjHs3_JiQJMCMNFJ1PexqJwBtTyVtHw

Requested by

Host: 7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com
URL: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TERJSlZCQ0otUC02NTlM&google_push=Aa02lx9GGzxALJY8L16-DVSmJ5S5RTeX5Y8IuzvwU9qN8BkTOJZT_T9ihxWctU87cgSASULiGsuEuUxf8hxN9uxbiKkhCw5plWD7TBtaoBUcLe4RxjHs3_JiQJMCMNFJ1PexqJwBtTyVtHw
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 0420 0
12 B 17ms
16ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L2mNIPXVPLlp5SZHYWnh-msfcVsol-fPJX_LabJ7flY-mLL1qTU223MKdUtVrA03ucH_fq

Requested by

Host: 7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com
URL: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:41 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 217B 63 KB
23 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6054746292d3567c660857d4e7ed6153dadda2b3d602245f4612deef4dba2bd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:14:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 929
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23828
x-xss-protection: 0
server: cafe
etag: 9010139400925747384
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Mon, 30 Jan 2023 09:14:12 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 64D7 0
0 51ms
51ms Image
text/html 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2023012501&jk=1091092376693124&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 217B 43 B
215 B 94ms
94ms Image
image/gif 2600:1f18:1aca:4280:ecee:c915:72bb:546
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1319389&asId=164fd682-7869-3958-f88a-39a775192d20&tv=%7Bc:2LDyBF,pingTime:-10,time:916,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTA5LjAuNTQxNC4xMTkgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1675067381279%7C%7Ca9e8681ea64a9090f5e4ad4e29f8d77d%7C%7C2e8a6538fa2d69b650a00d23a95123ee%7C%7C14519f1efbdb27d2eefcf138d3ac87d3%7C%7C6fb98979dc582310d9deda2ac53732fb%7C%7Ceb25b05936504eafbddf7c5407b6b1a4%7C%7C77ff26845483d3af3569b9eec281052d%7C%7C8f5d671dcde8a592f4ba3050d634c097%7C%7C1663701684%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:ecee:c915:72bb:546 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
server: nginx
x-server-name: dt07.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C1ED 0
16 B 61ms
59ms Document
text/html 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhCsuIT9ARjLl5vfATAB&v=APEucNXmbYOqegQHksALRqDcf_cjn1wU7sAYTjO5aqMODfOLPBIQgnIcH-VVxlnv5sMU5Pwyk7WV0DlvMMb2dNc_Wzf3WM5aNjLX8n6eQHUJkgykXsWklSt8lwFdrH6Kiv42OvmHJA7cnH-7AT9M0dq6gV7jlxK1Uzxh7JZQFvaDNay0yKCipb4

Requested by

Host: c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
URL: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:41 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame D8AE 76 KB
27 KB 128ms
128ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
URL: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc54379b6288f5970da471f0f64ca15f8c9e3a3819a0950608a45b7479d5a11f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:41 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27384
x-xss-protection: 0
server: cafe
etag: 10506132538256102613
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 30 Jan 2023 08:29:41 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame D8AE 42 B
63 B 54ms
53ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CkR2KgXTlGM3a2X4yoboWd73zWGQQHyjt8Hd6icx7biQfaerUKbWg9P4r26yOGFKV3EiZfQcCjH4Jg4JYAm6cco0DRI6alXIzMNQ_MGK19s0T12-c

Requested by

Host: c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
URL: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D8AE 0
20 B 56ms
54ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=7236506720719206287&x=1&ct=77

Requested by

Host: c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
URL: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame D8AE 2 KB
3 KB 158ms
22ms Script
text/javascript 37.157.4.40
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=60989391;gdpr=;gdpr_consent=;click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=C1Yt69H_XY8G4KcLImweY-KiQBur62NRuyKWew7QR8C4QASCosoV8YJX68IGMB8gBCakC2FH_lG07sj6oAwGqBOsBT9BrFc-EuSFVyA-TF1DJcnzrizXTSU3hgACqZD5DUJ-NiHjv5yBYyKs8Wxu1lYVrm3R4rCFWKlcI39HiotxLVATME8Uxbn9LqSsBSh8lo_zNF3ym0vQde6Sa5cl1jZjRQ5hSOsXKKw7TvN45BPKUygPU1_06fTgxUJ13aB00fGQxEU8B2oUPWhDhcTQXPqkKk2rNJr5KWYMef1NeakyG9TsFUe0tKaCOPIsfCFBIjom2e0Wmvci6DeY1WQCDFHYetjt5FpP2TFrjCBHGp0AiQeH-rlwapAZWK_mGiedjB8qXQFqyEfqDShAnT8AEmYPi6pkE4AQDkAYBoAZNgAfum9XbAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQPIIG2FkeC1zdWJzeW4tNjI2MTYyMzE3NTE2NDc5N4AKA5gLAcgLAYAMAbATsPT_EdATANgTCtgUAdAVAfgWAYAXAQ&ae=1&num=1&cid=CAQSPADUE5ymr5ogH1F-gN8gMwR3cIjq8Q78jifRuBS5e3g_cxAYLswpjT2zf0j_H8bfrKZFSmLUxdBww_CroBgBIBM&sig=AOD64_3oy8z1DlhdjWDoCkjOn1HFobLbDA&client=ca-pub-2930805104418204&dbm_c=AKAmf-DX_8j857fFQeE4WaeCxMtYCm18cJ7Lzb624jTH06JagPSg_S9_0wL2NDuoVTyvwkneC5OEw5SF7gVt4wuypMspHu53jne-iMhu5g7V_81KHa8ZPcTGa50VbP8JLzA4jj3t-xyRJZ9ABEbhRnIIs0Dd98XDczZ9rM_GbAZknnOvzurRkUo&cry=1&dbm_d=AKAmf-BZTStJpQRd3oYOgd7kI8FGIJhUQSicB7e1i_wjegA8TTt1HvzEUAmW50fTO_Jk22IDNgu8-WqwTak3OKstnW1SXB_Cw9RX7gepdXewgXuyqUVxfhb3H4hO1l6qGfEqUJip_-uc_2bewCeFROgZ0s0uJ9kPvYSzbEqtT7izaZzGmukyYfi8r4qQoPTS-QPqcIkGOBqEXCA1v8NLwUMfwWvNyvd1m8IhsC3YoQmTuEXR2UF50qpJOFjygHir5jOJxW2qc0upo4PC870M1QeIcGGWdeyBLJVptiQGLCRNRz4eI7FJoMn3S3HQkDW2rzNghMJmRQjZVkD0u0cogtkRFwmAqf0QrpYecJHRa0aU3XYRYTh7y1eti0-kvEQEyOfPjfJZz18ljdBGazf9-UgWzlJb6I__vaw59xN7CkCU0m1NWFvHL2iJMARofM0rZ_En8EJWSEx_ttEVIfXBHjebdiKuot2zrnm-rYrfw9Mi3RMojYziIyLYczdgbgAJE9mA5gNsDytcKkx30F_b8qttGjqYG3D9lMCuJKO_DGSXwYynZC9Cm8Y&adurl=

Requested by

Host: c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
URL: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.40 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

61e8658c6688a28ad8c219fc04c44f3b1b6782aa2a47783cc47d6a3ffa807be4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 2329
expires: -1

GET
H2 200 skeleton.js Show response
pixel.adsafeprotected.com/rjss/st/1322500/68733915/ Frame D8AE 46 KB
12 KB 99ms
31ms Script
application/javascript 34.249.210.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/rjss/st/1322500/68733915/skeleton.js?bundleId=&ias_dspID=3&ias_campId=1010183376&ias_pubId=pub-2930805104418204&ias_chanId=1&ias_placementId=19485175112&bidurl=https://koraplus.com/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0juvhdr7GYZepFqOQnKZwEv
Requested by: Host: c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
URL: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.210.67 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-210-67.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 893d6e3ee154ba5cafbb90c33ce8cd4253e517a22d0d44a8990809cc53fa3505

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/ Frame D8AE 3 KB
1 KB 21ms
20ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/window_focus_fy2021.js

Requested by

Host: c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
URL: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:55:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81267
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:55:14 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/ Frame D8AE 18 KB
7 KB 22ms
21ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
URL: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90fef9d0acae0cc250d08d7b98da896c6c0dc6bb33999ffce7819fad76e5ff02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:55:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81267
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7523
x-xss-protection: 0
server: cafe
etag: 641023367890010850
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:55:14 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame D8AE 0
0 17ms
16ms Image
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRRI5JRJbyNSs6UVVBaIdCV48Bk2kisW5Q-YTAzZNxEbhY-j9qiRc7F1bYBWMCg90bBQ1fznaqGeLPr5LLmGUHyWWpVsw
Requested by: Host: c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
URL: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D8AE 156 KB
48 KB 86ms
85ms Script
text/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
URL: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

948dfd7372d70c12a80472d86b4033d93adbb52d02d4585d519416c4f4b4be62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49065
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1674650782302584"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 30 Jan 2023 08:29:41 GMT

GET
H3 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 8426 170 KB
59 KB 22ms
22ms Script
text/javascript 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/
Origin: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:35:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82445
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 30 Jan 2023 09:35:36 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230124/r20110914/elements/html/ Frame 8426 8 KB
3 KB 21ms
21ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230124/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DX-EDpPuOUSQCSsG0isw-lm3L1hWeJU8v5H5Bd3d_0M2yBX2JKR4Im-XdZz2Pi9QiWUYqAOpXJbb-51erHDetSYToRFljU5qFJNH8JWvJPZOvvfqxHBhF0LybF4a1Xj2AmcuwkmEhMeXrAXl-PnvwWapsH1uy_tXiC9L53QDD0_U-M_S4&dbm_d=AKAmf-Bp5zx9JhzZ2sEHt74Oefkz8yuSbTe0N-iXci2DjSbQkijiZEM_LVcsU2ben8-9N9_MfUbJBpt5u6ev7vO34mqH0NU4JEyPnYIX8u0rXryeBfAqLmh4nZo2ViOUN6OPbLDntA6FSWbvnIrbwHD4eabg7zYUewr2UlX3CX7pcX-MzwdmLKFXaEFXIPVS_8VSZ4-XZ8apxbNunHTscrvUelAOgZQ7KYC3lD8I42zdLtqES3_EUSIIDXJdhJkRNEnbQMlwsfLFt1iDUIUpfD-s-6DTXCgWgFwTIDQK_8ThYl-3NW6JhgKOBIhYRobA40r5hLLSEha-H_bV8VOFgXQi8iAgAfKexsxBiNURQMCfJSOXiZvrZSheq3A4smclKQsti1wWiVeWQxRSTqH2ZTR4wymyvKl6kEp15oGzr-ambVJ_51w02PiRBvJA4JFNNdrPhwVVMAE3uKesWcdvwoemjm9X_hmUKl8gdYR9fasbiNn5oY1Jf-8rg8hLPq7x3Cqn-O-K5cj3SnWUIU0jZAUY9qCO6fl_XDMf_RwQ74mYDlKo0F_70KcM-WkkNf8DUgtkra40PGzL-bRjDuPqzfr4xcvRlAJO6VkdI5efl1ETDCD0vamsyzV_rBn7RujEIO4JrrAzEHjYjA66i9c1aF9Dkvae-gfuhCFAN9w-n7raiMIwbST6qcceMeVecRLu08ZxvLrG_a92ZmzVxEVPh7rh6MoB7jfmwpMQ3wmxN7qNNW-7Bgrx5OYmauGXmVVAELZ2_gabSEcOFkCZzdYQhUn2F76WhdEUIdszYig0JGv1CIy--QdfuYtfV85AZG8-lDnjcW9PMCGsDJ_AWqvV0IW3tf0_W1xoWzpOsgcKU6iW4v7tN4jIfr-eTVwm_RLg2AUD4H-qKHfIsMOAcWz6gqJZz7JzhwfR6xD9SiGMHDtoVfvg_ymzgLfplz8-17zKskt2Y88Lj452VYO5FPPhz6pevYg60SBxmzZjyOLuGN0NueIVRANpJa89Sp2DPHqih4gtOS8SicNOeVFMHkcEVSwKJ41acBpgHVTCAuxf8EAx-yzXae10IUAauq8zII4Zk77x7fJDUCc1TdJzFSBHjRi_SbuWCMuhrFt72tVViK6dkb5w7yzSMJpQWpNzu65G5RFq49yERiX6E_p5nbNKFvH7w-Z183x_EGgEp9tUKQ583yKuTzIp0keQXspHKANfkZm0y-bIkfRziWAfKGKlhR9hcFr5tazDcDiVCU3eURzz0XzeWCfrBuzvMxvWo7h0Ol2lDZ07bQ5D3_e6ZwrbJBwXdhR58sbWI0y2Btxdkt1quGYCYFFjmSA5--g1XXg2LzQFmmNF7aDC_Gl_puLc5NFaU1098k6yc1c42YFAHedUeUlGx2CFQHLzOlx7EcWEpcVYMIUlJVKD4hfWH5TW5tEgzUGRM4aeulkkG7o5hAx0n5L5U_GfoJeoSlscDi0E_-H2Q0GIMZ31Qg6dmsf5lyEre0gtXYcbzhMhXADeUBbPI51wnPyTZ2Ra5ipoUaq1Ym692d1647UTc_oxXhR8hDymW6B4Gt0l0uDdZFFMlRh32qgFEXvdlwcQkSpvvoIhKb8fEzMuh-bOhSHvqTbu0n9oH8Si1DfgCF-Wvls3WR0KvsSDGs1bY1dFWchJ77_JKJdTEFXNEDp389WRIFLkeEUgjEoGvNRg2ZLlluoHcGmKq330l8yyIciXzmFUiMPmN9oIMbuk5RCidQr4F-qRR5VOvnBTcDXX-Xen50K8hSd2kfn21kOUwH0sbsJ2Orjm1hPHzntmWULtX37DLfL1GU9epI58qt26Or-t1m9Oa6FhlhIW1icgNGkdJ97qdTXm4J7CRE8PdMLCvkq1uNmo2qisN--DY2ZXjHq_V_K95KbboJCXafplGz8ntLHpkrs_kLrkOj7_zMSojNiDrGbYCBqZwzOZewJue8VNgGceQ1qW-hvA6-bQMS3IhDdZAmNADGl-b4DkaCqYohe9aRtvYv7cs8mrmOrWOK3AsSyPVHPUDSBv9Of6trNByP-HKRbz4r5cjhbWJjH8oQg5nF0pc7Lj-7pnBdYRPMF8WPs2tieFVdKaLAEfiSp4-UPQjsQ3cqeDiFdd0qAj12TrsonlNfvGzv97qIm-1peTGBrmxC-teXCbKZV8B9zq5DQ975BOBkAiHrhWKX24OFA8gBwRE0olsKHDEh6_k5IOElyw-ziuID69DKzmx6AuAcx1fybiQ-4zLf_O0w59BLZ0hzNQpk0P7AhEELtnkUtOUK9-GeS4D9lfs9gULlU9Vtleo8GXz0fH42rtKZQzS8qTXPasvOQ2EqWxCXKfEcYsLj6nk-uSXr-Q8dE52puK1KM1LElOpfzDqaQhzQyKYbS0xN4D-0ZMqsXUpPUzV8g4QCv5a3x1iu6Nw1snb7oEzpHYnU2_KLLP4DOQzv_puP3b3p2JDEJwwJVS4fgClXL1ba-6Mwe8phejcU9p5KqZNezQms3x6htjQspNYX-us7AD4mgk4V7-CLxay5982ljOvqARItglBe1WIjRaN7UZVC8egKpoxtESEWKnU5jcZvGt0XWDB3zB4gct-ZYh8_CNql044O5wriba5wwKrqcuInj8hkZrExFV5R-y3RE5i0d-4oISFeHd_dL1JKWRDYaGf_ALPWF3fwsf1En0OabWmNaMe0nzpbcuPtg71JFjmnmpb3WzOjD9XxSEfickKJjmGxeo8zxDyivrsLyx2ycpPU7GOcseRBkKRWF9EYNbgDN8KZxtVKFa00yZGaREwCo1b9XjHgI6-RJgAqG2qcSPbUPOuFhT9tNNS28kFKpZLGjbsKQ41lIKHviBV7tlcA613ZknvL5KcUKWHSjxLuiHcHydvIUc1anTL2B4nQaGo-u555i7n5vJwigvOaFF49w4twtN_141J4Yt5rWu74jjs-KG-ZUzPSrV7Vu2sWJI_BGFi2oL9NaaFSAti3cvOYDUHiY662ryeMyNF3rvRadzviO76LrA28Oj_BhzuntC3eoyhrSsJI79jQfjIIVrOP4Ro2-g3en7L76LClDhyxkEQudAGB13tHSqrBBgMkc-oJJ7LZ0xg39IfptlNxOWIOLv9E--nayJkL6ks2kdR_Ub8mpPK07mwwtnu0w7sWG7ph0SB8Ye1h-2E1-e-z80Ax5zw42LC755zV-y9TIsZ8PBRvMjkafmhtWZTFdWRmtm4tQSBzWcHiSFX4eZpI3xBJVLbVEo0yH2yJ3AJOETT1A_O1aS5LbROxAg0SjxZQf0d7N2cLSeya7ZctNdErxXZAO7fHMQOw5VHG-lFUatp7c&cid=CAQSPADUE5ymC3o_KfMZwF01xBEqI9x1QMV7iwz1MsX9J34toyzfVmFkSQ5jD2bdF79UqvrlXK7QKRK6qxsZwhgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fkoraplus.com&ds=l&xdt=1&iif=1&cor=1309542659004332500&adk=2297716817&idt=95&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81572
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:50:09 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230124/r20110914/ Frame 8426 28 KB
11 KB 20ms
20ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230124/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3f9909775d48d612aae837f0153817e8addbfa082f901254471bced4d8c72691

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81572
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10810
x-xss-protection: 0
server: cafe
etag: 8766511519597269738
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:50:09 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame D618 0
17 B 115ms
115ms Ping
image/gif 2607:f8b0:4009:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~ldijvbbl&chm=1&c=1101900434958132&ctx=2&qqid=CMTDgaHw7vwCFWSgUQodLAAO4Q&met.4=fb.6~lb.jf~ol.t6~idt.-69~dt.-kn&met.3=733.ji~748.ju~749.jw~742.jh_g~739.jy_4~740.n4~374.qi~738.t5~113.148_2~113.14a~112.148_3&met.1=1.ldijva7e~14.4~15.0~16.4~17.4~18.4~19.5~20.5~21.5~1.ldijva4k~6.1~7.1~8.1~9.1~10.1~12.3~13.a~14.b~15.1l~16.40~17.40~18.40~19.vz~20.vz~21.vz&met.7=CCgQBRgBIAgoCDBTOExoC3BFeJ4EgAHyAYgBgAWwAQG4AQM~CBwQChgBIAgoCDBxOGloCXBneKTYAYAB-NUBiAHa3wSwAQG4AQM~CB4QChgBIAkoCTAgOBdoC3AfeIAMgAHUCYgBgRWwAQG4AQM~CBwQChgBIAkoCTAhOBhoC3AgeI89gAHjOogB0o0BsAEBuAED~CCoQChgBIAkoCTCKATiBAQ~CBwQBhgBIAkoCTBBODdoC3BAeNYCgAEqiAEqsAEBuAED~CBwQBhgBIAkoCTBAODdoC3BAeKwCsAEBuAED~CBwQARgBIKwBKKwBMOEBODVorQFw4QF4rAKwAQG4AQM~CBwQARgBIK4BKK4BMOMBODVorgFw4wF4rAKwAQG4AQM~CCgQChgBILABKLABMIwCOFxotQFwgAJ4rJQCgAGAkgKIAa6LBbABAbgBAw~CCkQChgBIJoDKJoDMLkDOB9onANwsgN4nKoCgAHwpwKIAavOBrABAbgBAw~CBwQChgBIJsDKJsDMLQDOBlonANwsAN41hmAAaoXiAG8P7ABAbgBAw~CAkQChgBIJ4DKJ4DMLcDOBlonwNwtQN45laAAbpUiAGd4QGwAQG4AQM~CB8QBRgBIKMFKKMFMLsFOBhopQVwugV4tQ2AAYkLiAHgHbABAbgBAw~CCIQBBgBIKQFKKQFMIEGOF1ApQVIsgVQsgVYygVguQVoygVwgAZ4rAKwAQG4AQM~CCcQChgBILkFKLkFMNEFOBhouwVw0AV4k3mAAed2iAGKxQKwAQG4AQM~CCIQBBgBIO8GKO8GMKAHODFo8AZwnwd4rAKwAQG4AQM~CCcQBRgBIIgHKIgHMKMHOBpoigdwnQd490OAActBiAHqsgGwAQG4AQM~CCgQChgBINQIKNQIMOEIOA1o1ghw4Ah4wLwBgAGUugGIAeD3A7ABAbgBAw~CBsQCBgBMAo4_whoA3AKeIkXgAHdFIgBkjCgAZr__________wGwAQG4AQM
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:81a::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame D618 0
17 B 115ms
114ms Ping
image/gif 2607:f8b0:4009:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=2~ldijvbcw&chm=1&c=1101900434958132&ctx=2&qqid=CMTDgaHw7vwCFWSgUQodLAAO4Q&met.6=6.1_CgsYpQMgMyoECAgSAAoLGNkIIDsqBAgFEgA
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:81a::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 commerzbank_smart_728x90_v2_js.png
s0.2mdn.net/sadbundle/498083831003229311/ Frame 79FD 40 KB
40 KB 23ms
21ms Image
image/png 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/498083831003229311/commerzbank_smart_728x90_v2_js.png

Requested by

Host: 7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com
URL: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30499f108a4ccc142603f89844eb3c740fe6c3ac89852d2f8c18116a39c374fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/498083831003229311/index.html
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 08:24:03 GMT
x-content-type-options: nosniff
age: 86738
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41265
x-xss-protection: 0
last-modified: Thu, 19 Jan 2023 09:40:05 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 29 Jan 2024 08:24:03 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1FB5 0
0 49ms
48ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvPUPRRvMr8PX6XBxDDWOnN5WvV-bPcF1HZ7rk6DCRWdl_sx0dVl9YqIJNo3R79NRUMMdDBdf2MMebBeayG_vaX25SxY5am5m6F3MRH-L_hDkh4t0KYjqeLwmt_bN15uojUOd1jOE5QWvXd-APDvtC2ai9UWv0Vz87SrT7p1JshFHB52-o1DM_DdsHjaS6Mgw85bB5oQpskxksh8dt6FeHlanWcxUN5YNiVYUbCiktkTefS7m9qEPxw08TB4LK2IKPFr9LdXkTvgh1fbPGabuyT25cSkJCOPU6AOGAjyA_iJ9-iNHWWdq1CF2oT49VLbIjTADKkWAQGARlCHnS-LVMqN3GT6UqYmltmzcORY82XLqL-pNanKolg24tnb7K9nT1dpytz3aR8jetdrtILzqRyq-leclWDzwsbIDuIGniRjR-m41AWA1UjNTAWwjnrmGCJ61l6LP8OGrAoaFreVGJb7Ff8V2b9sPZnEcW09D5MTL1MzR1VYa4kap479wx_7tuNyFeGs2hn7-EhFYT81-9LeSRiM3fTAz43u0w5ifEl1Ym6YgDk-SqEyxdanqtG7J7yYyXXmIQt1Auih0bdEsrlK26Uby8ckQw1NdBabDPYn2C96fQqTZHI-1YmL-i2BKWgRBwyFPwI-eK7fxSss4hgQNz7sdvyde5OPcFAsg7Q19FvDk08Yr8OUOWV42YtdTB9bUV1okk6-JWWGGLGzWygLnSyvi1iyPO444vLczJ3l7RrQ12mkw7-IugYFMJoeYZmy0JvtW6NKgVwk3wfAgxJVq8bsH043-lh4p1sDoUjfoUyZKkNEvOo8v78RUfGhbANlRyTtbLieD1Q8A8PX6kspw0WXBrWgL0eueDl_Wn2gYlKCXB2xY3_cM5yNAvOYoL6xgVg5yDI3CwJGiBTfIIZMAndeHDjp8-JD9VYbCtj2E4xhETwJkywLQGrFfMsJwgvpn-qV1fh2cH4J9YVFsABwMJMhY49RRhGP848PCXkkI9s-JBQ9lkv0syS9EVUpRMLptn4zJbgdHp8RQvoTMhnImpPlxeYpYRTRpBSX4-dwceRnecKPvD_mc-QHFD4uxU77QkNeUi-KGL4A3jQqxqjHdnvSovxhFo_4QUT69PChOh6UUTP-giIKZujY9NqOcEJQ4-iLpIhBEg-IK_DZVADtfwZjZh2l_vZCcY71PBJJNZQZTMRIOEsYJ-pJ0SAJcYCdEvs0ohN9BEfFpm0AuhCqtrcsTFpxCycRa_rWtiEp3Wb7cn2BhrNxaE&sai=AMfl-YTdrL_R8CsoH_T6YBgMJvUT_62Slgsu19cp1hlzM2FkKYxlZzP811acreVsahPawnkbmtCLvmzb51uHllyWzjJ85MLxBd_6FuHZTb3QSdGFDvLXHLP39aS_BZJE8-peSq5Oyfac8114rH7wDk-cLZZLWG2xHi0LZADXxVjj2e6faWc1ePOVT8AvR9MN-k9TyWSJMWARkG87DNzg-QuOlzKjOcnbJcUUx-8ooRAOIWI79R3lPJ3YeEzU1Ehs67lwwL7Xc1q8llg&sig=Cg0ArKJSzJKO-Ot0TO6uEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=671&vt=11&dtpt=506&dett=3&cstd=163&cisv=r20230124.19744&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:41 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 30 Jan 2023 08:29:41 GMT

GET
H3 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 762D 170 KB
59 KB 21ms
19ms Script
text/javascript 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/
Origin: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:35:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82445
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 30 Jan 2023 09:35:36 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230124/r20110914/elements/html/ Frame 762D 8 KB
3 KB 21ms
20ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230124/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DUzD-Z3BhF8say3zb18MnEHS0eMBGKhwJK7vqcpU9AqStxqs_Wh8vrvYZkutCJxyQR6ZW1OvDervgGuLsAryr5JLFpT19TF2x6cNwgKOfy18-276GVKa-hziY_3aTpXeAi6r8YJWWZgPt1kbJXES3pRqFfeAC8A3B4uBbrEtl6T0-I6Xw&dbm_d=AKAmf-C5_fG_VI5xtOKHOLWW7GyCksqdvuyPQwxQg_nL2aincQn_D_7tPb7nvBOS7AKch6tm7CqvaLXw_aklPVXg180vKjkHizxySFwI2H779Axzkq71dxt7Vhit3ZJEbeyVsfv1l_9biz9QF9iVrpnjIAPKxoy9YNmjDaeh0xaWIJQFKSQAn4ASvbAZ9fNjao-DysfAg2izbaVgj2h85P9ZPne3YiCsLesaRIB_hffSI8QNSyZKBUsM7SnOK6bD2I7sNwXlmW4usFlZMFyvdENKXqvDLq4cOOe3JByNsGy4wXe5Ufa803PkgbI3s9mCyXlT60yEkrNUGCdbtGZy3iMWLNS1s4fzx0Hnzv3DnpkUJKZGsGN_C74sborHSsG-DdjKVzh88scSopMrJ6OkTvkrkrSNpr29vuIY04fLtK1fcZfx4nMXwNxbLECtnhxYLXvkJFAir-wwmI3mEhFHyjrlyjZj1fOJeGX-tmHRQvQfSSqscbQP0TNCzxF61KyVGT5cpqjaectv6CM2W7kn9CccEBH2orJPcqdCXYjYXq3HRML76JmQ6Wp4R-aiqLUDsQJBJGm4B_UvhLRf2BKGFbKQD7qYbpM5x1XN8y7sGiHLLxcrTddyoQ0pnpPlGRYZTeQLMaZUzT8VBBjgEpJnPqbHl3YiQvhFpWD3TO52u79kVCQnHhUZtznjKrrtUKlMdCu9zRcnu5_wukA3y-yMEB_YCscLFs286GTqiUqe_EbK6XWG8cTzgjMfd3nsGKUjJBrZxcOVlCvrvzP-BoebHofKuCAq-TxTVlR9jShPL5NNuP6a20C7PrMLf3AYxIbFZeRzJrkXhA1EZsWpa8irVHEm0ar2y_QcNi5lpzBZKae5i31I_LnmFG8Ci0blBwSdN6YRixqU8OyHQ1rUcEQ5I3M7Nm2lQmv1mSvARzw0xuWgtnl2JqHeN1JDJ9R_7nmJyJ5G6kQ_mHojX8XRHn9Yi2NpQxRvOSXbOa-_jEtgtYsIZfEN6JH33_CfLsfqsHmkZyJ83wpNaTmRDRywoUO2P7ejQYno7nh8cCxuDn_NfvmMiqw3Kgl3gNYCeqhYR5RbcOIRavH5Q3gHVQnRn3BApu0__kttD3THd4a3YE4wwzbOdZZEmefX66kP5dhXJ63R-qdRpxb6W1b6mheWOqtRsZ7XhDt2mK69VMtqWkJRGaU3VnrNMkN-0mrFwApuLtM0LF3r-TVUMM_0q3GMz9YPAVcDryxHf-bSkeRM6FcG-O5971JXvNYbwc5NnXBqWR1nYVJDKnCy1_Prl51xr-StLnOZpR0uX2Zds50ROtDjUv8ipQiSJmps8mX5Jdjyrv3kqqa9qbe4UVPBQQ9vd_INT8XoD5nQV7UUnMcDOBO_YVeepr38Y8L1VrMjLBdirUoDMY7a-bFd25YhoyEOXCI-rwMYCk88BxqoKARZO_Km18VmSzFq9wtRjeOgAzKbYZZqnH3fDqO2Du7HO90bmJ6sXUVcErcXrhDxjAHSe0gHyL8SR5I2yIYDabrSQxXaf0375K8yP0BrTfdRR0k0OF1NuVwzQgqEzGUKu3dzaN8-R9h4mXXFjSZawbcKwgqL2tOSawGlVDaqj3lO4yfYxWM1EbpMSA5XW0xX7yYzJkdnC07Y4IxaCJsWzK4K5unC2Ur9OVtOSFtbfUbluzrsL3tXhdmx4UjQUfHW5R49wUntmXIF9nHT81mDBpZnx7gfDy3qZlX86EpUxsOeuxIUh6Tq630bLcHRPy2GLeys1Me5wl_VEnWF8NW6Iq0CFpp_myxOe8SgmzG_appEz9N3HnWoE5U7vog26VF95Rec_S0hVYVfvKZe1smPNtdpmw-EziJ0vaL8bm9aSNiGubVmqhhHktonT2DB0ug8JiX1qCGcoSgeRODrhOP15gXTMAM-XOY1_ZlL0KC7aHkqjapHxRpmS7GUvg1cxm1eLVD-KkR_eO3ObM9CJgHkDLBmqka7Vap1m6M36FmZileaQOhPUbDA-zQt1-KlSO1odlyIOtnq6syVU2t3wHktve8QtvYcu8kt6erhKLwCYueIxHgzkCYZcHHfpj3HIFpqApir4bf0gKX6bgMSqPEECKIFVe_n9BE7Xh_gSxz4r6pT5EGTa-b2aM9jYTb3gsO7TroS3403c1wjRYj1BBG6pXViE6kHo6krfY-ZXMAQjYt8d3LpysjHVqdlPrwDrVCNVRqEJHEA1ARjqTQBu9B1mVS5GBL8k7YZ84dhFsWq1yPYmwMysSIJuWyL1jS3jYUyEJ3ZP_WyBEUa9SxYfcEQ_DrF8Uv01G1ErMpXr6Z25aBbQr1At6Ne90FJTqrdgaAk5wU38i4bzY4INE7rpljPPDYKkTk0agRXpyaWYbHHB_RG9_K9dfce9FRWjrkaZCFPWalHb-X3axmhRLE94ZjqracU3CERKLbSQZ54EJEDcNNVLRwsMqiI1SOkq4oQ_AD3sqVGC1Mkgg_cC3zWWGgaGZfGn_e2UOsZSwXEzIorQe1Y_Nh0GV8pN_QE3IuzJb_Wv2it4KndwpomapkefjF6Li1h5Ub48dEsaKQAFJxTmUDtS3Q6c-a14i6WXCRWQ8PuXzkwHkZFq5ek_wSq5c9XVJN0wvvZveNjS4TVtNdHvZuKRMZkX0r0DTrzwGy_RC16y5AVY3-dj7wdt2YQ75MP9bMvem8_eb00MouME0LV1NAmI5MJzN3CD0JTbkYH8tvNrlAzkZPestbW-qjHFg_vnWcYCKpCS2nn7-nuHIW9qwKMCw0PYlzCZ4m_cCahj8DwOeGKNKdFTy20Rk84xUBROpLaJBQyqqiNhISJgTtb2DsckqGiXUjaBzjV3i6_H6IAqJsOyznv5MpDNF-6NZEYdNkt4PB5v-ATY_zRJJicCa8gEDnkihzTaxOFgC8XJ3lQYSv-bPX6ZSc1y75M2EnyUNXqmmBNq2a9nzhM3nzj9tdd3XW_bVXXfmHgtNuvG5vKCE6z5nsbd_u_uztZxP8XJdSYMcbqrKUOKrZen2qyVF16iwGscxC0iAHMkclU-IkztwCww6yzBrvOoI_8p08ncAa5AXv9DmomYQSGGOfbSpincCvtBExSHn54F8urww37sOjy6jdWdbGO6T_lwYXAvsfPYAOkXEcGllJlcGfpBr_2rw7FV5ovV1mkPdZSkL7j3FGr8Dc7pG0dpCtcmptP0XVQMWlbTDFQZJw_j_gKaxkmDBJbwklUUQz0F3jpwaJmlJC8wX0UfbB1AUpLFlAyQhnxOd7dUukdLfcM-TIVSWwYYwEOZmwWOc-G3hHnQ_yWGKwAw5qA-VoEwvSHNmZEPB4-Qh2odkAbkr2YnmjfTAge&cid=CAQSOwDUE5ymAGNJGbzoAjZ5xHxhaKOVv_0c32VN6oGKep2U_hQc2aGmgxdxzoC2qHOE5dB986rnYtY5EenEGAEgEw&dv3_ver=m202209210101&rfl=https%3A%2F%2Fkoraplus.com&ds=l&xdt=1&iif=1&cor=14193382253363542000&adk=945720016&idt=129&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81572
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:50:09 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230124/r20110914/ Frame 762D 28 KB
11 KB 22ms
21ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230124/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3f9909775d48d612aae837f0153817e8addbfa082f901254471bced4d8c72691

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81572
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10810
x-xss-protection: 0
server: cafe
etag: 8766511519597269738
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:50:09 GMT

GET
H3 200 container.html Show response
29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 843D 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023012301.js?cb=31071978

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://koraplus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:39 GMT
expires: Tue, 30 Jan 2024 08:29:39 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js Show response
pagead2.googlesyndication.com/bg/ Frame 7D96 36 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35da5c6b61db6ad2f028dc52eddbe524529ee5f74cf6b1eda074131d2b64bb61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81522
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14214
x-xss-protection: 0
last-modified: Thu, 19 Jan 2023 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 29 Jan 2024 09:50:59 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame CC07 0
17 B 115ms
115ms Ping
image/gif 2607:f8b0:4009:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~ldijvbdn&ctx=0&met.3=113.xw~112.xw&qqid.1=CMGCzaHw7vwCFULk5godGDwKYg
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:81a::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1B6F 0
0 51ms
51ms Image
text/html 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2023011901&jk=4363826726186569&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

POST
H3 204 csi
csi.gstatic.com/ Frame 217B 0
17 B 116ms
115ms Ping
image/gif 2607:f8b0:4009:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~ldijvbf1&chm=1&c=1101900434958132&ctx=2&qqid=CIeC7qDw7vwCFZX01QodKYgN8Q&met.4=fb.7~lb.h3~ol.189~idt.n~dt.-dr&met.3=733.h5~748.hh~749.hh~742.h5_e~739.hj~740.ku_1~518.p6~518.p6~374.pt~518.rg~518.wl~738.189~518.1d3~518.1d3~113.1em_1~113.1en_1~112.1el_2&met.1=1.ldijva0g~14.5~15.0~16.5~17.5~18.5~19.5~20.5~21.5~1.ldijv9yw~6.0~7.1~8.1~9.1~10.1~11.1~12.1~13.c~14.d~15.q~16.8z~17.8z~18.8z~19.19s~20.19s~21.19s&met.7=CCgQBRgBIAgoCDCZATiRAUALSCBQIFhdYDNoXXCYAXiKBIAB3gGIAfAEsAEBuAED~CBwQChgBIAgoCDCWATiOAWgMcIsBeKTYAYAB-NUBiAHa3wSwAQG4AQM~CB4QChgBIAkoCTBoOF9oPHBneIAMgAHUCYgBgRWwAQG4AQM~CBwQChgBIAkoCTBjOFpoO3BWeI89gAHjOogB0o0BsAEBuAED~CCoQChgBIAkoCTBwOGg~CBwQBhgBIAkoCTBCODloDHBBeNYCgAEqiAEqsAEBuAED~CBwQBhgBIAkoCTBCODloDHBAeKwCsAEBuAED~CBwQARgBINwBKNwBMJICODZo3QFwkQJ4rAKwAQG4AQM~CBwQARgBIOABKOABMJUCODVo4QFwlAJ4rAKwAQG4AQM~CCgQChgBIOUBKOUBMNACOGto5gFwuQJ4u7oCgAGPuAKIAYygBrABAbgBAw~CBsQCiCNAziiAg~CCkQChgBII4DKI4DMIsEOH1AlgNIowNQowNY4ANgtgNo4ANw9AN4nKoCgAHwpwKIAavOBrABAbgBAw~CBwQChgBIJADKJADMK8DOCBolwNwrQN41hmAAaoXiAG8P7ABAbgBAw~CAkQChgBIJMDKJMDMK8DOB1omANwrgN45laAAbpUiAGd4QGwAQG4AQM~CCcQChgBIOQEKOQEMIAFOB1o5wRw_wR4k3mAAed2iAGKxQKwAQG4AQM~CB8QBRgBIO0FKO0FMLsGOE9Q7wVYngZg7wVooQZwuQZ4x1CAAZtOiAHquwKwAQG4AQM~CBsQCiCzBjiiAQ~CCcQBRgBIOEGKOEGMPoGOBlo5QZw-QZ490OAActBiAHqsgGwAQG4AQM~CBsQBiCNBzjDAw~CBsQBiCQBzi_Aw~CBsQBiDdBzj2Ag~CCIQARgBIIcJKIcJMMwJOEVAhwlIhwlQhwlYnQlghwlonQlwywl4rAKwAQG4AQM~CCgQChgBIJANKJANMJ8NOA5okQ1wnA14wLwBgAGUugGIAeD3A7ABAbgBAw~CBsQCBgBMA048QxoAnAMeIkXgAHdFIgBkjCgAcj__________wGwAQG4AQM~CBIQBxgBIDYoNjCLAThUaGBwigF4jAeAAeAEiAHkIaAByP__________AaoBFQoTUm9ib3RvOndnaHRANDAwOzcwMLABAbgBAw~CEsQChgBIEEoQTCeAThdaHNwmwF43kKAAbJAiAGEmgGgAcj__________wGwAQG4AQM
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:81a::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 217B 0
17 B 116ms
115ms Ping
image/gif 2607:f8b0:4009:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=2~ldijvbgn&chm=1&c=1101900434958132&ctx=2&qqid=CIeC7qDw7vwCFZX01QodKYgN8Q&met.6=6.1_CgsYoAUgMyoECAgSAAoLGNQKIDsqBAgFEgA
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:81a::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 79FD 14 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5875e49a2696039a2ea407e4e0febb942e0f73bd973698d7ae2980f22f23c0b2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ Frame 79FD 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5e0a21250317405f5c346190a17c3f72e4f443c243261ce20916a185ccbc802e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 79FD 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 42828709ad91aa444517749cdd56dc665ef9419a859d7b40fbb1505ec76338ae

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 79FD 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8c6e72ee524a5beb9bf4c616f50d29b0d69b4bd6d4161dd2d531961c61705ca5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 79FD 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 28e530a17d146e0b28568569a6cfebbbd14d29b082dba71518117ecbbf1620fe

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 79FD 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fcad94dc5217edbe940f0e33215ac715a9675a2bfbed59e9804047791eb8f864

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js Show response
pagead2.googlesyndication.com/bg/ Frame BA7D 36 KB
14 KB 21ms
20ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35da5c6b61db6ad2f028dc52eddbe524529ee5f74cf6b1eda074131d2b64bb61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81522
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14214
x-xss-protection: 0
last-modified: Thu, 19 Jan 2023 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 29 Jan 2024 09:50:59 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/7314573151872791710/ Frame 8A89 108 KB
25 KB 54ms
53ms Document
text/html 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=O9bLcDAJmX&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

22ec56df25744866a27efb0d3a95c71bec34cd151f986376a9f2e10f498760c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:41 GMT
expires: Tue, 30 Jan 2024 08:29:41 GMT
last-modified: Thu, 23 Jun 2022 10:58:10 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 8426 0
0 54ms
53ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvCZXiG30SE9c9puR4KWERFzyA4QfKUuCmddaMohGvUQ0z0S_fyk4QdbeV5tub80RhRONbW7VPk_5gn_em1aio8Y2R4xwBgI1qfS7h0Vl20x5-WPogH1Oi9-n22NwnE0LLrBB51D5-0GItDOEvlB3Yof7DDksOoQkj1YTYKdTGcyV6ViWWsPyc8gW9SoRn-yLSzjwYcTi3Jacq1FH30eCckJA0TM-a7ZdAl_qzOTQ3U1jqQZO4BQ3ehwh-j5ONksIlHE-2AjXCb1EaoSKmpCyWFRJuwh2nWCDGgeJzHv282ORrv1c46bwjkzg90ABe8eAZzUAEfiQnxi3B3Hm1t_lq2xXQfxjyNR7GOklMGtCJlEVCGBZ8SQ187asrDj9Kp7rWDEC6uMzpMWh_ImHOlNBLvNluUx2AsQd8JldctADHbxbonfUejSRiDIRDauMegyCFe8fFsko8ChuTKCCbG3EXQAxsZtnlLAaHxvoia7yOfDIbQcKGPbjC8dR_CkdWH6i84GDdli0ui1IBdfbpoZQItasF3xqFZr6OXT8Kvx8SNBICpE3DGRvbe1ubHLvqX87C0_lUztEKjeMylRPXaNlCp5d43khd766vdURkjmFw3Fq8y64WIfPYKaHn-3JDQ_FOMbc3g82EuVrDir4b7-r1KCogNI-23Bw_hB2CQEGj0wpxzdmCXeEx4cTMj7FkVVyJN2yDSMhCCuj51PI9me0BWOoKBkSEvvpISNPddMyNwOYdcjDy8X7OJubRFLnpJbPwXQWS4niwuUSKU6IjOQvVvu8V02XLUt7mH3leeDjgT4czRwl9uXuGMRViWt2X0fHUCq6tcnWw_2gQ77JP1G9PrSJkOa0t-z_vTTk-gg_gavOxXZ8xh84-UtMYG2CEdX6VWNrqJ0P0GKLsQAcz3j9I-NdSWStsG-6Y2fzdyrh7lRDqhm8suQDXTjYvYhvRYAqF-OacaxJ50bUWkNcchpCfijl5ZzhtoCCMsPvQ6ujOOP3Uz8HLYeQN-51tshArSmkL9LdoDmPGAGTtvIk83jqvKMHWFQRXi1p58v26Urmhou9B5XGI0ygN6X18wfMdh_JOcJ0PPm-USB2pWeVcrHLadyqFk3T2iM0hyqRTcH0V_yRWZSbOQ5jLto4K4UDuIvaNde1s7JxghAUAEf7RB3eyvmfo_CeB4XVEtvUzC01ZkgvQ5tgTCIp7vpfmzKXvWCaJli6ZPFo2ZYHLgF5XisCoDJsqRZ6wdfgWrznUvX4KQjCGWUFp14_2cXqLrD2XlM9hI8FHjFQc0boGlI_g&sai=AMfl-YSmtWYKF7L8CEFRXFZRiH2fL8eD6nqUKVdjr93ykM-EvnuO1DJACw5K3AssaZX5TqEI9NcaERlvEylWoT2uPPwFJybyqXQtQH5rBvf-lyl7h4gIvE9lI7ZSd6MugsL2-14GzyEAh34uZbBSq0PawjIWm5OHQQnavriytlUJ714qpK-1tsljQDV9ka4hMidPKdQQZLquicrGHrgEzLS148qgPo9L8Q5Afs3b9kL8uA7T4XmqZKfnJPo6OuomAFB1ceEOnu63vEPS_Q&sig=Cg0ArKJSzFC1zAlSUbxsEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=194&cbvp=1&cstd=188&cisv=r20230124.58031&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 30 Jan 2023 08:29:41 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 30 Jan 2023 08:29:41 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 76AD 13 KB
5 KB 24ms
22ms Document
text/html 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://koraplus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 257139
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 09:04:02 GMT
expires: Sat, 27 Jan 2024 09:04:02 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 6815 783 B
536 B 20ms
18ms Document
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

5a4d1e092996d70e15b9668def9258b62aae5832226900e05eee116e7bee90d1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-fHT0aQBgn4UGwDDOMC7HDQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://koraplus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-fHT0aQBgn4UGwDDOMC7HDQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:41 GMT
expires: Mon, 30 Jan 2023 08:29:41 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 2 MB
112 KB 23ms
22ms Document
text/html 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/index.html

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5f67f3b8930a083aefe7479bcb7aeabcb090c8eebf1ec4268852c9d1c4a887

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 68263
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 114555
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Sun, 29 Jan 2023 13:31:58 GMT
expires: Mon, 29 Jan 2024 13:31:58 GMT
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 843D 0
0 54ms
54ms Fetch
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CPCrI9X_XY5yIAoHwxwL4zaO4B8eUo4du3fT86fMQmLOVmEMQASCosoV8YJX68IGMB6ABycPNuQLIAQmpAthR_5RtO7I-4AIAqAMByAMCqgTiAU_QacXBcI62SjvkSsBveJuFk4r998o4BcBU8eV-G_b-JcZaGzkbigTdU8rJrfaNbnThSCt_V0ErkKtkBCgK_qVldOuArVVKbm9nFOd94XX5UsNm_wnY1UEjnvYibRUjcn0T_oJDPYDNYXgBq1apJ6kCkrLK2QzBWWsRiN3Dp0Otzm91V8ygr7yG2u_9UPKqVB7qyqJa_GEQ2G6hCsjL3WXqSqqDw_Lpq0ST_ugXfKTCazG1O9yogMiDFOYrCldMtxUl7FbxTN316eQisMst5LcfMohfv0Sce9MqzfUFrgxQIlXABIj9rN63BOAEAZIFBAgEGAGSBQQIBRgEoAZdgAefvLLGAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEIrRDdIIEQiA4YAQEAEYHTICqgI6AoBA8ggbYWR4LXN1YnN5bi02MjYxNjIzMTc1MTY0Nzk3gAoDyAsB2BMK0BUBmBYBgBcBshceChwIABIUcHViLTI5MzA4MDUxMDQ0MTgyMDQYppN2&sigh=P3SFzl-TkMU&uach_m=[UACH]&cid=CAQSPADUE5ymsVbMTQfAYo7_3nbxvnY-C-IvzB2xL_19Bg7CTg6JOrAVVINQYg-R72ohCt-9kHzhOqdJ8jbNshgBIBM
Requested by: Host: koraplus.com
URL: https://koraplus.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 77BE 143 B
166 B 23ms
19ms Document
text/html 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3451
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 07:32:10 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/ Frame 843D 3 KB
1 KB 62ms
59ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/window_focus_fy2021.js

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:55:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81267
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:55:14 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/ Frame 843D 18 KB
7 KB 61ms
58ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90fef9d0acae0cc250d08d7b98da896c6c0dc6bb33999ffce7819fad76e5ff02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:55:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81267
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7523
x-xss-protection: 0
server: cafe
etag: 641023367890010850
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Feb 2023 09:55:14 GMT

GET
H3 200 Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js Show response
pagead2.googlesyndication.com/bg/ Frame DB43 36 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35da5c6b61db6ad2f028dc52eddbe524529ee5f74cf6b1eda074131d2b64bb61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81522
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14214
x-xss-protection: 0
last-modified: Thu, 19 Jan 2023 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 29 Jan 2024 09:50:59 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 8426 41 KB
15 KB 41ms
40ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com
URL: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81571
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 29 Jan 2024 09:50:10 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 5E9C 1 KB
643 B 20ms
19ms Document
text/html 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com
URL: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 72031
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 29 Jan 2023 12:29:10 GMT
etag: 48472445140208031
expires: Mon, 30 Jan 2023 12:29:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 8426 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f063c682af117d2637793c4c4806ffee77fa3dffedd31bae31852d908fcacc0f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 79FD 8 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 88e93d5a10c5ebe9b3637d612334bd0bcafc87f9b24d3aa8554102b3b22a5029

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 79FD 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 454332f68d1cf8857bffca880a4524c0dea98499eee0be1262dc34923d4f5c96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 79FD 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: da3eb7670eaa8f33cbec5f35ef157ae63ddaeaf3b839a6d453b074567a972f26

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 79FD 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6921c4ba179bc7669521b1ce2ea9be93fcce81a5de388da7e906ff6722417a2b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 79FD 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4cba99b67be4f1ca2fee50b1ccbad96f5abd3bb8f8d3518a6616b3fe0bff4bfa

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/7024728442041512453/ Frame 0CA3 115 KB
25 KB 55ms
54ms Document
text/html 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=IyxHAVLxoL&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7733207cffdf30a54d5243350f4d55e696721a83a3022df349ce7ee17cbd3c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:41 GMT
expires: Tue, 30 Jan 2024 08:29:41 GMT
last-modified: Thu, 23 Jun 2022 10:58:01 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 762D 0
0 53ms
53ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuEnjp5cefDXZ-3MrViGiIhkwR9iPs9AJPxsb6uyLTXmZlU8ZemYqei-mD2JFJzM4YTKubHKDNkTlNHwqmXw-TTZyP93BxmuFPBRyjD7TRhHFW_4QheKl1LzD_SGD10fbF1-0yPpNEX22w3knbMIZ6ykUEmvcI5u_ZS5RFvexH1Qza-vbYQDv3EwEQl19QmEFYVOglSa5yHuSI7JNoTJ4zoA2QwIdLIrVubWQXxT6uG1SBow7bf1negVmY_wJ-iRRCJ5S35CpYMozoPLpxj8bPFlPe3us5_Gmzjznk1lC3BFJp5iQOd9CS2FkOuTH59-R8fhYCM53FXdlDPMOEjTpa9HrxsJYk-jPXIhERLQcqq8ZhoraoX1lggc882AuoLfbmTDrFpMKaRZ1vjtZ3LYkkFKuD6FGKz1GOW7EcPAYo0Uimdtx7KfgMs5-bl41Ozgh4vEqYLk0t5UbPPSyUrB4ZR6ynPP4LR9bVgXceXQFCGJRiU_wZo7a_BOwxiPB-eWFy5aRa8_8e9uqx0BfhcwPf2_mQohDTqR8sguw-pFqo8AUEYVrN6kWo_pgheV1KENYGFvYC72dO6F7GeUMI8WnOLuiPICIx49ATCRWs1Kb8-vv3er6YOxh7e0nZxthQl8wEw1V1DraFyWEw-So-2imcQOEh49J90a2JHQrita0swiQfsHCsMviENu3feqWmtt5c-zy3MFkQeVhRl57LemIf4tPoB2Y4V5woKJGUQ8sd6FBGcljtMDCqQGFv6rm2Y5oP4NxtGR1XxZmmM9xuR716O8LUe1Pm7KnhjvuSkiRctZDK4-SeFDAy2cW3YVQlR0ivKLX-P_pfNHnJF3_WTLmr1tLmIFdZ9iZLJu9LN3AgAYTsRo2IMsBp3myu_bmp1xtvKn5FxsjfuyylLTTNdCUUIJnQghtCX_V2MT5Jm0eH6MJsB0O_v38GqEnSz0cTUWCDCGpQ0lbialmm8V-5oClHK5iuKIh494m41ZrxoYVYBaSz9d7iv9oihJWAjk48Clzy4IEj-qwDvrSWVGVAyh9FFz4_tCFS5cLpVjKPWMX_2oGSd2XODBAU5vTpMrXA7XHIggDYbBt2Wk9_upakxHWGKU_byUyrdANw4YFacUlSEhWEUX8KXIFMG1Vw-jPxNIPIa_TTbQdMMK9ATajqixmdN3BFlialOeVbBmWpfq-eECcEtHN4ZKCKRRgt-y0uedrPrNVlgmFPWADfmcIU3icf8_-2w5pyZnLr0mGl1BSX1gQUEdJb2s40uNt_zspk69s-wqSJkGnxIHOY06UGkCmU&sai=AMfl-YRcH4tj6_AzRz2Z2MF7sNvXLHQNligWQbGNxKJ8LJQn_Ze3Sugo5n_8SdPKz_oiE4RP9dUKAvqxietpSNjl7QhTZYa9wo-IIbxwpmYGfI_U1OGSdGd9hiEFQuLr9nJw5Vdk9wqlLQ8J4lIdwKmnU2B79qy6bYTb29P2ntoudJh-6KUzQ8CTmp7AvnbHx3HDoy_mZGV_WVVAiraJL4ifNevuuewMlZA5qR4LbVVol0G8v2DVqmjlNupRNcuwUKQP7bLtDgbwI5Y&sig=Cg0ArKJSzEtSDVMcXfNkEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=291&cbvp=1&cstd=288&cisv=r20230124.73429&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 30 Jan 2023 08:29:41 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 30 Jan 2023 08:29:41 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D8AE 0
20 B 53ms
52ms Ping
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1938686049951&version=m202209210101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D8AE 0
20 B 52ms
52ms Ping
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1938686049951&version=m202209210101&ct=77&x=1&cor=7236506720719206000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame D8AE 15 KB
11 KB 71ms
71ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CPUHbYHzcpEtTB062uZvAKZ9VGEQ8H4GlW_t0SEq9imeb1pNgLb841_8DU36ozoh8Rr2mOCgwtb6yKtQgu_sgcLeUa__9BgBSJ8Y6hBARhTEqUdQYh-z7aM92BMDj4nwVfV-aULGX8XNa6N_0GikZz2RSK6rntRWbwKyw6RTD_H9utb_w&cry=1&dbm_d=AKAmf-CUkzQ_bxxUCw3pywt8pfEbWo1cdvb93vp7f8ZFsdKc_d7ZkWu_9ABHkPg8ftEG249C-3_mgV9U172PNQxyCsUQXKKKKMHFHKIPkj9aE5kUYxUZxxvaoPHrseFbJxir3j42mpKI9LiJRCVEM4J50yg4343uPPGWxMMKNSEQ6JC0KQ4ktLUJmWRx0GAiY0laEscNtnZzJ5Y4jp5mh3oMjMHQ6psaJWEiXyEQzXd5F3SFfE0F312cQgvIvvOJXW74JwQdDqwVdvZf5Fi7He14OaY5xSB8wdERmB2Z1n29t1g0II_-uUtEgctLQHcwSAL1UToqAt5MSe46ACDxC4LmwjgwvdrBtxG47iQ5FSwaOg6wpGPnJ2CbCffGnPBNNQG2iQ_WUKFtdhjP82Zi72Y6UDfODEyiLbTZBw8Z0HR8qbb3iyKkt3iiLH1FXHE3Ie6apcYzW96AbPo9Q_djTd_miB9VauB3PKnf11GC6phpuva6Y93MFlT2JmqHsuChGLYeaiNkekxtHLpG7_8EvRKpO6soyiaxcdA4YtSAVvcof3rlaK7ZqW71egOLhwKvig80WHCZ97bFD9quVFdH3lLg_modpuuLHU4RIuBJV50abVitfnYv98teq6T6I942UeNRWeUfaolg_xt_VcelIJt-w0haazohKeTAuJN_-uMnkGNkFlIlSlKVLqQi5UojPFDSxzEYTHbuqZsvLZkDIjAqHWsIYGu-qmmTiPxht42JgzDgdbtjPEn6rT-SnnHbQxvpmnniajWSMns3GgZiusiGp-xYRIx8Ake2KCEkFFFxl2p3XkEhVyw41ndiZ-pvE1Q6TxteXBQmD3cqbSQujZ2qc9ppfyGX5Wkr10vn7u7CnfImCzbkIMCD3c3qhna0rP7swsP1_2S6yeYpUJkNgvx6XorpqrNwdNmb4Uhu7WMmpC1py_a7mbv3oOMI5WIpMU3YIqXioknkwYy9-Ylc2G11Jtke6ecHgLLoO8wSHualLC54inEiZRCj1hIr9Erh__wDRlBrNMLgjdc9gsZfC3_J9UfFIQWyYfhLDidRyVLkt_zOiqeEEY_xD7GrXJ7FsCahM4n3zBPSPbtpY4QCKVy47LJ05eHuaQH2tB4DjW6oHMUnAIj4PFeZO3maBvld-LZSQBdof48wHhueFBLKJ8sp9uD8QY7a_CBoKs3-99c4N8AC040R4yjZ5-hva3XOp2jXjCQXH8yvq8GSOIhWTfkbwJP28T9uMfPg7g8jzQWIwKgvZgdsBcBajnN6Nn6w0Y4EksF1CRkcV-wDwyZRp3cW3mU79DZW9tFy-fGvelu0jmwit_73QBWwW2qqHkt6idmg7PlMia6L_hRztTOz1bU-r1tuGbW9bZPxBNOoghX3QENBSJ8Iztkpg7vY3Bwas7qbeXoYHq7h8ihsQ8zTkMwibw2DdtObVnpKGQTRayaJ53wouP-R0aUXP4AuJETI6RR_Npm4qpUHlQ41zYpBI0iSALcUAA2fq4rTQpj8dKfs6GfVLJfcgLZ1Z2Vs4tF3KhpUPCBiBha8sAQcVs5lqntoyteBfUX_jypSpcXW3wculBWKzWl9AHaVINy-Z4LC8ScVb39gaVApu1Z8fPiaW5POr8Jbp1-vAiJ8XfR8-_hb7wlmjcLpjm7fsBbmGq8n_jum-_jqV8f25cbswh1xFuK2n5G9JfqeQdPd7RkkbXHvtrw4l1HRc1gY_fJ5s6QECGnzR205tuTHCBdgCOWHvYPYjHbODum1Z1zOlTxMeJom7oD6OLH7mu0YI5VNR33urRazH6_baW7JuyGwSbxN6-DodAGFh7Ilue0XkYREx02JvXE4rRZl2vS8dZlwW5Ro6GhMmlvoR4WFJOQN-QlfGdT_sJUcxQqr4dsVyBzH1p87u30A2FkHVXpH-JATgOaYj4BAwF8lu37js5VR6Vnu7wD12rROi5sDbcebkmpFUyxCXx_YwrbgIf5BCzQbjMS9VTbyzXoNgZ8eEIdhO8oq0wzFBVZrIQzM2HNo5chvTWZKiqoYDo2YdV1VSidO9HwvGftQUc2S3HDPt8gi7UbNOrM8H8S1ufxskMjy2xDhtqYDcoM3QqQG9De3Q0YFEK898oZlBbm51vcuLUh8mMqLHV0bsNs6SlhaFTrhYXwzz0t2mLWQGy6Gb5WSTmJUFaR38HItU6qOiB680CvygY-cM55FJNkxhEr0Uc6h3DCGhDbjjvkzh7iPDi51uYADD81x-OREkCCHHkPH7Vb2F8ve4-oqFIxDppuC6SlrUgb1ccB_3yayQLWMgnq8JtLVJZWz90XeTidurqbF29nNqTj37-qtvEla6QgcWnQ7G8nsrnO8BvNzG4CioQ08qTr9zMOuwdxFHES-doYQnla4lYcBx2Nr5N1V8MdSXUK0DOUHTQL21ixf78fgMMg3L6nxSQ988WZdaICi_8uiEj15O9gkVhUHMYzcxT3bbyby8N4aIVHL6opMIdZ-gQRKqVGycTTAcpoA2L5fDub6aQ3rgRHmz0J3pLH_FPc8UQKh0i1ZcVHiOULwkU2iVmQitTu13PDdm6WuVy6LNxAJJhYtEBYLzevTFwLQdWqZl6EwzeQWnr2mbElwWaV_zTLOVW7LN5XG2Ujz3EhbYxaUtCzVbKdQLlEfjFfDk9ron-k6n-OdN0F22K88b6y_6GZswR4saGHfXT2_nsDrfYDWmBXDHDANZ_CQNsc-tArX5x_9C4PnmYApOQZ3_xgpH7kt4iQgt622ZeH5x3fj1EFsu3DerHpBZOOvwH_z5fp3QUXUKb1MN6Lt5NUxGdgQANjBtViZ3O1zHeKE7yT9KVy8gT_3-GvuuAWyWhTVR-qHOQFFCTD2Yudpb6bEj0dDa9JHXI2RARBn80lG5wh5aTw6YFz9krQkPYiR22-VlbycN0Jc45m9SlzjXls_cO2We0hTetcrk0YLsT1xZFY6Is_MQucUCTUhrsFMJx3lKVBP5D4eH48XlDDDolRPZ7VfY1hphDDcS_EpSe_M2Y2zOKnKEEEqcqTvhXph-vMQBicJvbLuGE94aW-zdp_btTDIROCtpa9InLKO40TzYwMD-DLYvC7BVhGY28458H5w2R9Lw5az9z8dux9PDUHSevcCfQWSL2iLMJB-SIZzYUl0dHReU_1UzuZ59TqdlDlq9BIDluU8VBZdLTijaVHMqjQ34ePwaHB3sOTmhEX0vGN-W7MaGDDXpIV2YQEpMSFqQRqrTI22oZ-4FU_gjPAArjnRk37qbQFMmLUGAgUbtLco0ya1BF6a1o7pzwMtHJHMUxaVVvvlArZdBDh8E-KoF1rasFi5zARSFTMw0zS1QbY40l05wl-0VbJBsCqkQctTsaQNyL4bTJLxi1k6aim8fs5F863z9n7hbyt1QTnEbNUomORtO0S-UDuhN5tpJZiXxuNgZFy3kKH76zas6gSMg18c8ab_6Yxl_r2mCd5lH3QibXv6ll5vomJFb9r0M8e_2STg_02xKVGn_-hrioY6aZHnvAcSHWLJA4X9BowCRBuV3dIAJrLHe-f65ueOcPrpmjp7hd-YP0wDRmHQZr-VKtZ_8St5oICvOM_cdvnyH9SlDjM4fIjFqAtuvEL764TBUihQfJxKmB8rdg9swnBvjETsnyLVYPv1FTAvl9_WpSfMxhlABlk-xOeIcHOBUW07jjTeGt7K9msZjoANvs1Rc61CiifTFKFBc7GyuRUjyVNTSAQSbMccpmJ9MjQEw9k3hWEMKpRgOhGK-fWv-sVLr0nFtHgG5Y8MdoE566G-IN8ktv3ay6-eKIJpc8WqgNaB8eBdxh5I49_BPAPcC1v3zuvJeR02hdYT_iYpQhZO5FIX8lYKxhTP4-Lg9HqsWEQnf-nOXaaLCQK1iKkLYhM4xLVMMw9zJpXsFubUUj79rgQZ2QXDGYQ1nTswSDg7s7HbbXLpuY9wxwMgiLSsYccXiOaVg-76kUws1E5wZHyt3ZTWKKjM1qpZnrVg_JngMhYcas998WYSkEE4GXgkiqumS9KlKsNT1YU2vkUhbAdPCvbSpgoxiSUYYo3jK32glZz1k2HIT66zEDrHibKAp6DLcIdN5-XUYrLDqsRioZ0df8CqEPH6&cid=CAQSPADUE5ymr5ogH1F-gN8gMwR3cIjq8Q78jifRuBS5e3g_cxAYLswpjT2zf0j_H8bfrKZFSmLUxdBww_CroBgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fkoraplus.com&ds=l&xdt=1&iif=1&cor=7236506720719206000&adk=756231327&idt=134&cac=0&dtd=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3e6b116a37930e9d8612e34a3c574922cf0f81992dd716ee26262877910937d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11361
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 8A89 118 KB
40 KB 21ms
20ms Script
text/javascript 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=O9bLcDAJmX&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=O9bLcDAJmX&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:35:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82445
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 30 Jan 2023 09:35:36 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 39D8 0
11 B 20ms
20ms Image
text/plain 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?B2KC-A
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:41 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
DATA 200
OK truncated
/ Frame F92C 66 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/webp

GET
BLOB 200
OK b343eb22-1fac-4adc-80a8-fbc31ddeb2da Show response
https://s0.2mdn.net/ Frame 710A 668 B
0 Script
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://s0.2mdn.net/b343eb22-1fac-4adc-80a8-fbc31ddeb2da
Requested by: Host: c.bannerflow.net
URL: https://c.bannerflow.net/scripts/animated-creative.dccf9a0435c1047d859e.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cda3c421b62828768ee2741a35bef36bcfdb1199ee3eb987269f7d1ce2dd8876

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Length: 668
Content-Type

GET
H3 200 css
fonts.googleapis.com/ Frame 32BE 4 KB
621 B 43ms
43ms Stylesheet
text/css 2a00:1450:400d:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:500,regular

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 30 Jan 2023 08:29:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 30 Jan 2023 07:47:26 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 30 Jan 2023 08:29:41 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 29B6 0
17 B 116ms
116ms Ping
image/gif 2607:f8b0:4009:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~ldijvaky&c=1091092376693124&e=31071678%2C31071905%2C31071578&ctx=1&met.4=fb.6~lb.62~ol.ml~idt.-32~dt.-hg&met.9=1.58~13.7a~2.9v~9.0~3_1.am~7_1.0~4_1.pz~5_1.q4&met.3=739.62~112.gw~738.mi~749.mi_3~736.nn~113.o2_1~735.ol_1~740.qc_1&met.1=1.ldijva43~14.4~15.0~16.4~17.4~18.4~19.4~20.4~21.4
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:81a::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 762D 41 KB
15 KB 20ms
19ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com
URL: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81571
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 29 Jan 2024 09:50:10 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame AFBD 1 KB
643 B 20ms
19ms Document
text/html 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com
URL: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 72031
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 29 Jan 2023 12:29:10 GMT
etag: 48472445140208031
expires: Mon, 30 Jan 2023 12:29:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 762D 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 76082bc94bf489d00e825e984c3974d4b233663c99990bbc4ac6f2e1852941e1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 csi
csi.gstatic.com/ Frame F260 0
17 B 116ms
116ms Ping
image/gif 2607:f8b0:4009:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~ldijvam0&c=4363826726186569&e=31071362%2C31071945%2C31071977%2C31071578&ctx=1&met.4=fb.6~lb.8h~ol.mu~idt.-4a~dt.-io&met.9=1.55~13.76~2.b1~9.0~3_1.bv~7_1.0~4_1.nh~5_1.nn&met.3=739.8h~112.gs~738.ms~749.ms_2~736.ne~113.p4_1~735.pz_1~740.qi_1&met.1=1.ldijva59~14.5~15.0~16.5~17.5~18.5~19.5~20.5~21.5~22.9u~23.9u
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:81a::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 0CA3 118 KB
40 KB 22ms
20ms Script
text/javascript 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=IyxHAVLxoL&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=IyxHAVLxoL&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:35:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82445
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 30 Jan 2023 09:35:36 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 731C 0
20 B 55ms
54ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bpfst83_XY9uoMuq49u8PlJ-K4AoAAAAAOAHgBAI&bg=!Xl2lXRnNAAZSrDxfcqw7ACkAdvg8WlKLwwGBPofFN4t14sABNO8RV6QImVQavSEGmPzetUBilSPIVAIAAALmUgAAAAJoAQeZAzj0FArFWOiq1JXuQeJssgaewyJEFhLZx_gyI-b8DPU7CqtUS8kVeNfhsuo_gNR-23KkX8n9DmrDCMRqhV5woDSPdWjoZsiGjYMOcqEeUzw-WFXeASqb7Q2hOeS83ifoLX4iPt3F57I3uz7XeQFLTWDH6_gZjuC9AAF6ObaFkdTfGjoE6JErMAbo7Xu_40o2OctpDPxXYwvKCqCDKI-1AUoo5T-FTFSjcZWaEj4feD9trX-f5l456CefGGyiDEoU-mbQLYVi9hteEmrx7aRiGyt3ogBvt-gPg8ATlum5lBxrSRQ94KNO8fW7NDGR3WqtZkij0xAnWhe-TTLRoiKDta9iAAUAsMz0WYyreVIUdZ-KSRYxhVSrhfE99wPaLv9t9lNnJdPXeQR_gfAph705eO46rvGsPQMK3qj3Hlb5WiIaEVDr9hGEm7ubnjybhzQ5i_QqsIv1UOg2qnaXBem2XiR-ugvzAiWTnnmJeU3XGWlGC8k8zc03xxleUZpwoYamS3KD9-Dw9ufromQ5RW5oga2JyMbC7-oJSpTp8nrbvR787_sgLLtrpw_13vIDJP5G3Ko7U-PNleP7YFL8WkphvjeRbSyXH5we0TQuGtv4rJ8OqNQ1xL2HjNXnLhntUxvuL_txOXklOAT_xZpw9oRekO-KA9LSYWCaT2v76qwBTRv9jGkYr1ikXEJmqLOXwx_uLAHN6fdr4TbwEJ8iElE6lrCnaQ7pq4MgF_E4dK_ABJK2QsSKQOJg0g17woVpVCxtH25XFSZjq5FS6u-47JPguA3suJFma6VSMBIBTwl7zDtLk5gWOygXVlro1njBneNwvu60GnbaKVyoXudNF-SdjmFIL3vkiqNa2BEzjRV7NX0Z4qGL10fyvGDY9gj_8yChOFqxldvoLzL9XX9loVsD1ksCU4q7671Dfg0XxlopSGGXxatnEDPO38DMx8oxMIAf_lrPjgJzvlcQu1pld5gBKAcAT2Tm5guTqJXyJ96IcbEYIqXavzKsB5AD0-XoqaoevQ5TEKDvePFq7koj1fSNRAZPT_DXJwWL9IvgfiKRx49FpZg8J47qtccnaxIS7l4pMI3kFFRU-cYtjQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 font
c.bannerflow.net/fs/api/v2/ Frame F92C 5 KB
6 KB 33ms
16ms Font
font/woff 2606:4700::6810:c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/fs/api/v2/font?u=https%3A%2F%2Ffontmanagerstorage.blob.core.windows.net%2Ffontmanagerfonts%2F6098d74fda7efd391f535bb5%2F43b798ed-ea3c-4feb-b9b8-c0c989e9ae4a.woff&t=%20.2AHLMNSYZabcdegiklmnoprstuw%C3%BC
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4900554790666240000/728x90_de_DE_2023_01_DE_Tactical_January_LH_2023-1-638095618950877025-ae68c46f-934f-4625-9b1a-44d4c4c982fa.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca62079c67487abe469a97294d86960f779695de5c283add9379f49f916aaec9

Request headers

Referer: https://s0.2mdn.net/
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:41 GMT
cf-cache-status: HIT
last-modified: Thu, 19 Jan 2023 12:00:41 GMT
server: cloudflare
age: 937740
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=31536000, stale-if-error=86400, stale-while-revalidate=86400
content-disposition: attachment; filename=43b798ed-ea3c-4feb-b9b8-c0c989e9ae4a-subset.woff
cf-ray: 7918d7612ab82bf3-FRA
expires: Fri, 19 Jan 2024 12:00:41 GMT

GET
H3 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 32BE 16 KB
6 KB 20ms
20ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:16:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 801
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5660
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 31 Jan 2023 08:16:21 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 32BE 34 KB
13 KB 20ms
19ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:16:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 801
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 31 Jan 2023 08:16:21 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame AC90 42 B
64 B 57ms
57ms Fetch
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsswivBzUU7Q54WG-Er8nG8vG8tz_9bh9RHXEmFZBAuVDdvg5n4y0EZcgALGF2SriIA2cSn7uO8VoRPPxNiowB2m65FJnuavrEwBS8h1wnVp7qYwXqGIftBMxpIdKOx7bp0MBA8EvQ&sai=AMfl-YRtvt7J4Jp2EkdXqnhBerZzBEmP__Tt7rYA4sDtkZ8pDSVdlTnSGCwE9r_dBtt9AQRwNIK5CHbFzQbqM8SAvDejxkmMCaHxYTgIozbTFLPqjMT7ftZoSEBFCUOqAaX6SsqHD-kIqMqmG5rcfD8&sig=Cg0ArKJSzLVzjn8MlUJbEAE&cid=CAQSSwDUE5ymQBWbWRTfylHAAYdcn08Dj5hx5BwC-FCPrmzqYmLxDfa0J_azWsISuSUghNXIxm_qTOWNuATWyJcjJ77fqofOB_EWr2tXoBgBIBM&id=lidar2&mcvt=1248&p=520,1440,1120,1600&mtos=1248,1248,1248,1248,1248&tos=1248,0,0,0,0&v=20230125&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=2755790177&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1675067380102&rpt=704&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 57ms
56ms Image
text/html 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2023012301&jk=1101900434958132&bg=!SUqlSg7NAAZSrDxfcqw7ACkAdvg8Ws-ruvOHm-jaBS5gDR0zt7p5rcXu6XaeBPyh1N7jnW-_1iQA4wIAAAH4UgAAAAJoAQcKAJSZ4Y84LzHjhkPzD2z6-8f4BXN_jE_ZyYLIhQ8z8gB99I7KfgJubmYtH_kGQgKaBU7dxNODuViunONxwMvTVWQUaFx8ac2eHEX8p4tyoFkTWoL3PJZ3BmoOS6yB2zU1F-eLIwULf7k8OnkJRlMzzcMstgMG1C1it6O6ihsaN4Oi8k9vK9o-6nozsNahT8ZYnk6jdl0-mQKcyzkpOg8QhDCF7X0hFpuwf0ORz1qlch8ccvPhT3S2_EX5-nC2pEs2bFj-217YbAoLW7QWj5G1gcXCXMC3Sja6FfxNjN_cGlfqq0CaJRp9BBwPEJQsYxcBA4BqlSIK9li7O-ii3LofaOW7Ha8r8ELlUyi0bRnuAeDiJsStnLPjZSLlKJywtRBiFbwU2NTZz8QuNjuO3YR5X45wIsDd56yaeN88E5g1eHR41SZs1nA9jveIJW-cnyM_tJLfoDqI4uCZvqKON8sI9bRw8GdogFkGDeRAhGfaOwXzAKeX1JiPZyHu0tri_cNQxfbLiW-mXH3WQKJwc1Aa09bIUakNN-NiaSgp3kDNIhkn5G-bQE6b0Q-IbdTW7fY2ztNAMUxvBXKv2TGFpx5PImzvSE01j_Jd-wbK--OUHR_pNnKLJUexlqzHJr7061rgnR5FM-HjHWXXt1TJ8pI7uY_KdZvGieJswuN0Fm_O30Uh1Fmd1reQJ5EFviL1-jf4XJZg6bvr3FBDnHTlP4lzG-x2vhshWblJNikjfYJd6wamMQrJu4740m-NzhRaLpp2zXyz5l-25m0Jz6_DusCbRfZ1JUiMrGDLUEPi-6xFaArVQuhR0qDSgmV5vaVBKPs9xBhESAGkHa-jUyY4xv6baxDIHa0jpM3xylcwrvWPYzR6cPd4m5O4HV0XCR8uS22kmwJUjdOljKr9xEQjlkjWBprIOcNhUIFtKUazxwDhgeemCEqZ5b_EuS7TepA1ulXgC3AFm9JZj6RPGHoswbZRKmI43V7K6xlmdUWlB-j4ixqpkDz45irtUFtHVVGiaOHT2RwNU8QfEBV5MCId4u3K-za12b_i4J-JghZ96VL6kdS3aoih6lAmtfSMlAh6XifOO9A-jjk
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

GET
H2 200 dpixel
cms.quantserve.com/ Frame 5E9C 35 B
464 B 44ms
9ms Image
image/gif 2620:116:800d:21:c5a4:625:6563:a5bb
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESENpDd25SS_IZ04dKfo-__8o&google_cver=1&google_push=Aa02lx-7TAYkOLg88qRVlq3L77LSOLmOi0Xm_5hSHWmROsA8GlImMQ9mbHSE-vwBJvvAX3iwaHO-jhU6etVh8oZrAJPQV1CWJJcjhA

Requested by

Host: 94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com
URL: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:c5a4:625:6563:a5bb , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 i.match
a.tribalfusion.com/ Frame 5E9C 43 B
391 B 186ms
183ms Image
image/gif 2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b6&u=CAESEO35KmfsCo78G1gNAAAkWKk&google_cver=1&google_push=Aa02lx-hsYe0JQ-8Ms62udgZU6FjeifpB2n4g8dSAtYg_H1JAxMx_z4VN39Xn3dw8BauBoI4R7TlpiCJSK8YDU291ECOks-CZP0VQw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAa02lx-hsYe0JQ-8Ms62udgZU6FjeifpB2n4g8dSAtYg_H1JAxMx_z4VN39Xn3dw8BauBoI4R7TlpiCJSK8YDU291ECOks-CZP0VQw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: 94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com
URL: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7918d76219162bc9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5E9C
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEG8RJRXV3sC0v3V6FX4qIvM&google_cver=1&google_push=Aa02lx8gLKAn4HWQPN3vCNKBRbdFmlDe7npTFpbUDLlicX2V1DEwQhjAe-0KIZUHcxbGknFnCoqLKbjUu82TGWBD...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=aVUBxnXVSTGWlS4btHnjmw2&google_push=Aa02lx8gLKAn4HWQPN3vCNKBRbdFmlDe7npTFpbUDLlicX2V1DEwQhjAe-0KIZUHcxbGknFnCoqLKbjUu82TGWBDGXjaEQG6uTHJRQ

170 B
188 B

19ms
19ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=aVUBxnXVSTGWlS4btHnjmw2&google_push=Aa02lx8gLKAn4HWQPN3vCNKBRbdFmlDe7npTFpbUDLlicX2V1DEwQhjAe-0KIZUHcxbGknFnCoqLKbjUu82TGWBDGXjaEQG6uTHJRQ

Requested by

Host: 94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com
URL: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 30 Jan 2023 08:29:42 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=aVUBxnXVSTGWlS4btHnjmw2&google_push=Aa02lx8gLKAn4HWQPN3vCNKBRbdFmlDe7npTFpbUDLlicX2V1DEwQhjAe-0KIZUHcxbGknFnCoqLKbjUu82TGWBDGXjaEQG6uTHJRQ
x-host: tde-deliveryengine-production-fb497649f-6t665
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 dds
rtb.openx.net/sync/ Frame 5E9C 43 B
351 B 73ms
19ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEI4XsAN7iAqv7DI2wLqByew&google_cver=1&google_push=Aa02lx88vxSxRF6g7nE1CDINqVldl-otitMt-WnnWzA501ZMZv78Q9Qp0QxqXC_LPu-vN6x2oMyKsHHDrj8YQsMf3UsknseX4377
Requested by: Host: 94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com
URL: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 3s8kf3hb9rg6is2pgjqr2m3dsarkicqi

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5E9C
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEB37EHFRQSTJna5vLbhIDWk&google_cver=1&google_push=Aa02lx90Jn2KhDJOHQVFH2hQYdGi0dABOUYUG_MviK6_OD01QWQS3ZayQLaBSULmoNWW-dh7jGql97TO1amHVJgIx...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEB37EHFRQSTJna5vLbhIDWk&google_cver=1&google_push=Aa02lx90Jn2KhDJOHQVFH2hQYdGi0dABOUYUG_MviK6_OD01QWQS3ZayQLaBSULmoNWW-dh7jGql97TO1amHVJgIx...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aa02lx90Jn2KhDJOHQVFH2hQYdGi0dABOUYUG_MviK6_OD01QWQS3ZayQLaBSULmoNWW-dh7jGql97TO1amHVJgIxkeLlw2sV91fmA&google_hm=GEmduGZH_amFSaP9TSes...

170 B
188 B

19ms
18ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aa02lx90Jn2KhDJOHQVFH2hQYdGi0dABOUYUG_MviK6_OD01QWQS3ZayQLaBSULmoNWW-dh7jGql97TO1amHVJgIxkeLlw2sV91fmA&google_hm=GEmduGZH_amFSaP9TSesYax6

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 30 Jan 2023 08:29:42 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aa02lx90Jn2KhDJOHQVFH2hQYdGi0dABOUYUG_MviK6_OD01QWQS3ZayQLaBSULmoNWW-dh7jGql97TO1amHVJgIxkeLlw2sV91fmA&google_hm=GEmduGZH_amFSaP9TSesYax6
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap6ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H2

200

/
onetag-sys.com/match/ Frame 5E9C
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEMb7H18PwT7qAEQA44g42YM&google_cver=1&google_push=Aa02lx-cfFpjMh7tTf6JIDeJ5OcdQzKEMoSfwCkbX3SX0cfHgjfgZk4l-7RLSC-SsGGVbDeY_uCT-2-_na8...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx-cfFpjMh7tTf6JIDeJ5OcdQzKEMoSfwCkbX3SX0cfHgjfgZk4l-7RLSC-SsGGVbDeY_uCT-2-_na8JMk7qN_955Y9oEVLiBJM
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

10ms
9ms

Image
text/plain

51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: 94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com
URL: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 5E9C 0
12 B 17ms
16ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JakQlhl1H-aSvYzvbpHrKwCiy3qRLlGoUbGUjz51wh8ES8TxIUo5JoQiBHZj2FkDo

Requested by

Host: 94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com
URL: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:42 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D618 0
20 B 52ms
52ms Ping
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9032617158028&version=m202209210101&ct=76&x=1&cor=14639601691310608000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 666C 22 KB
8 KB 21ms
20ms Document
text/html 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 81572
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 29 Jan 2023 09:50:10 GMT
expires: Mon, 29 Jan 2024 09:50:10 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame D8AE 41 KB
15 KB 20ms
19ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CPUHbYHzcpEtTB062uZvAKZ9VGEQ8H4GlW_t0SEq9imeb1pNgLb841_8DU36ozoh8Rr2mOCgwtb6yKtQgu_sgcLeUa__9BgBSJ8Y6hBARhTEqUdQYh-z7aM92BMDj4nwVfV-aULGX8XNa6N_0GikZz2RSK6rntRWbwKyw6RTD_H9utb_w&cry=1&dbm_d=AKAmf-CUkzQ_bxxUCw3pywt8pfEbWo1cdvb93vp7f8ZFsdKc_d7ZkWu_9ABHkPg8ftEG249C-3_mgV9U172PNQxyCsUQXKKKKMHFHKIPkj9aE5kUYxUZxxvaoPHrseFbJxir3j42mpKI9LiJRCVEM4J50yg4343uPPGWxMMKNSEQ6JC0KQ4ktLUJmWRx0GAiY0laEscNtnZzJ5Y4jp5mh3oMjMHQ6psaJWEiXyEQzXd5F3SFfE0F312cQgvIvvOJXW74JwQdDqwVdvZf5Fi7He14OaY5xSB8wdERmB2Z1n29t1g0II_-uUtEgctLQHcwSAL1UToqAt5MSe46ACDxC4LmwjgwvdrBtxG47iQ5FSwaOg6wpGPnJ2CbCffGnPBNNQG2iQ_WUKFtdhjP82Zi72Y6UDfODEyiLbTZBw8Z0HR8qbb3iyKkt3iiLH1FXHE3Ie6apcYzW96AbPo9Q_djTd_miB9VauB3PKnf11GC6phpuva6Y93MFlT2JmqHsuChGLYeaiNkekxtHLpG7_8EvRKpO6soyiaxcdA4YtSAVvcof3rlaK7ZqW71egOLhwKvig80WHCZ97bFD9quVFdH3lLg_modpuuLHU4RIuBJV50abVitfnYv98teq6T6I942UeNRWeUfaolg_xt_VcelIJt-w0haazohKeTAuJN_-uMnkGNkFlIlSlKVLqQi5UojPFDSxzEYTHbuqZsvLZkDIjAqHWsIYGu-qmmTiPxht42JgzDgdbtjPEn6rT-SnnHbQxvpmnniajWSMns3GgZiusiGp-xYRIx8Ake2KCEkFFFxl2p3XkEhVyw41ndiZ-pvE1Q6TxteXBQmD3cqbSQujZ2qc9ppfyGX5Wkr10vn7u7CnfImCzbkIMCD3c3qhna0rP7swsP1_2S6yeYpUJkNgvx6XorpqrNwdNmb4Uhu7WMmpC1py_a7mbv3oOMI5WIpMU3YIqXioknkwYy9-Ylc2G11Jtke6ecHgLLoO8wSHualLC54inEiZRCj1hIr9Erh__wDRlBrNMLgjdc9gsZfC3_J9UfFIQWyYfhLDidRyVLkt_zOiqeEEY_xD7GrXJ7FsCahM4n3zBPSPbtpY4QCKVy47LJ05eHuaQH2tB4DjW6oHMUnAIj4PFeZO3maBvld-LZSQBdof48wHhueFBLKJ8sp9uD8QY7a_CBoKs3-99c4N8AC040R4yjZ5-hva3XOp2jXjCQXH8yvq8GSOIhWTfkbwJP28T9uMfPg7g8jzQWIwKgvZgdsBcBajnN6Nn6w0Y4EksF1CRkcV-wDwyZRp3cW3mU79DZW9tFy-fGvelu0jmwit_73QBWwW2qqHkt6idmg7PlMia6L_hRztTOz1bU-r1tuGbW9bZPxBNOoghX3QENBSJ8Iztkpg7vY3Bwas7qbeXoYHq7h8ihsQ8zTkMwibw2DdtObVnpKGQTRayaJ53wouP-R0aUXP4AuJETI6RR_Npm4qpUHlQ41zYpBI0iSALcUAA2fq4rTQpj8dKfs6GfVLJfcgLZ1Z2Vs4tF3KhpUPCBiBha8sAQcVs5lqntoyteBfUX_jypSpcXW3wculBWKzWl9AHaVINy-Z4LC8ScVb39gaVApu1Z8fPiaW5POr8Jbp1-vAiJ8XfR8-_hb7wlmjcLpjm7fsBbmGq8n_jum-_jqV8f25cbswh1xFuK2n5G9JfqeQdPd7RkkbXHvtrw4l1HRc1gY_fJ5s6QECGnzR205tuTHCBdgCOWHvYPYjHbODum1Z1zOlTxMeJom7oD6OLH7mu0YI5VNR33urRazH6_baW7JuyGwSbxN6-DodAGFh7Ilue0XkYREx02JvXE4rRZl2vS8dZlwW5Ro6GhMmlvoR4WFJOQN-QlfGdT_sJUcxQqr4dsVyBzH1p87u30A2FkHVXpH-JATgOaYj4BAwF8lu37js5VR6Vnu7wD12rROi5sDbcebkmpFUyxCXx_YwrbgIf5BCzQbjMS9VTbyzXoNgZ8eEIdhO8oq0wzFBVZrIQzM2HNo5chvTWZKiqoYDo2YdV1VSidO9HwvGftQUc2S3HDPt8gi7UbNOrM8H8S1ufxskMjy2xDhtqYDcoM3QqQG9De3Q0YFEK898oZlBbm51vcuLUh8mMqLHV0bsNs6SlhaFTrhYXwzz0t2mLWQGy6Gb5WSTmJUFaR38HItU6qOiB680CvygY-cM55FJNkxhEr0Uc6h3DCGhDbjjvkzh7iPDi51uYADD81x-OREkCCHHkPH7Vb2F8ve4-oqFIxDppuC6SlrUgb1ccB_3yayQLWMgnq8JtLVJZWz90XeTidurqbF29nNqTj37-qtvEla6QgcWnQ7G8nsrnO8BvNzG4CioQ08qTr9zMOuwdxFHES-doYQnla4lYcBx2Nr5N1V8MdSXUK0DOUHTQL21ixf78fgMMg3L6nxSQ988WZdaICi_8uiEj15O9gkVhUHMYzcxT3bbyby8N4aIVHL6opMIdZ-gQRKqVGycTTAcpoA2L5fDub6aQ3rgRHmz0J3pLH_FPc8UQKh0i1ZcVHiOULwkU2iVmQitTu13PDdm6WuVy6LNxAJJhYtEBYLzevTFwLQdWqZl6EwzeQWnr2mbElwWaV_zTLOVW7LN5XG2Ujz3EhbYxaUtCzVbKdQLlEfjFfDk9ron-k6n-OdN0F22K88b6y_6GZswR4saGHfXT2_nsDrfYDWmBXDHDANZ_CQNsc-tArX5x_9C4PnmYApOQZ3_xgpH7kt4iQgt622ZeH5x3fj1EFsu3DerHpBZOOvwH_z5fp3QUXUKb1MN6Lt5NUxGdgQANjBtViZ3O1zHeKE7yT9KVy8gT_3-GvuuAWyWhTVR-qHOQFFCTD2Yudpb6bEj0dDa9JHXI2RARBn80lG5wh5aTw6YFz9krQkPYiR22-VlbycN0Jc45m9SlzjXls_cO2We0hTetcrk0YLsT1xZFY6Is_MQucUCTUhrsFMJx3lKVBP5D4eH48XlDDDolRPZ7VfY1hphDDcS_EpSe_M2Y2zOKnKEEEqcqTvhXph-vMQBicJvbLuGE94aW-zdp_btTDIROCtpa9InLKO40TzYwMD-DLYvC7BVhGY28458H5w2R9Lw5az9z8dux9PDUHSevcCfQWSL2iLMJB-SIZzYUl0dHReU_1UzuZ59TqdlDlq9BIDluU8VBZdLTijaVHMqjQ34ePwaHB3sOTmhEX0vGN-W7MaGDDXpIV2YQEpMSFqQRqrTI22oZ-4FU_gjPAArjnRk37qbQFMmLUGAgUbtLco0ya1BF6a1o7pzwMtHJHMUxaVVvvlArZdBDh8E-KoF1rasFi5zARSFTMw0zS1QbY40l05wl-0VbJBsCqkQctTsaQNyL4bTJLxi1k6aim8fs5F863z9n7hbyt1QTnEbNUomORtO0S-UDuhN5tpJZiXxuNgZFy3kKH76zas6gSMg18c8ab_6Yxl_r2mCd5lH3QibXv6ll5vomJFb9r0M8e_2STg_02xKVGn_-hrioY6aZHnvAcSHWLJA4X9BowCRBuV3dIAJrLHe-f65ueOcPrpmjp7hd-YP0wDRmHQZr-VKtZ_8St5oICvOM_cdvnyH9SlDjM4fIjFqAtuvEL764TBUihQfJxKmB8rdg9swnBvjETsnyLVYPv1FTAvl9_WpSfMxhlABlk-xOeIcHOBUW07jjTeGt7K9msZjoANvs1Rc61CiifTFKFBc7GyuRUjyVNTSAQSbMccpmJ9MjQEw9k3hWEMKpRgOhGK-fWv-sVLr0nFtHgG5Y8MdoE566G-IN8ktv3ay6-eKIJpc8WqgNaB8eBdxh5I49_BPAPcC1v3zuvJeR02hdYT_iYpQhZO5FIX8lYKxhTP4-Lg9HqsWEQnf-nOXaaLCQK1iKkLYhM4xLVMMw9zJpXsFubUUj79rgQZ2QXDGYQ1nTswSDg7s7HbbXLpuY9wxwMgiLSsYccXiOaVg-76kUws1E5wZHyt3ZTWKKjM1qpZnrVg_JngMhYcas998WYSkEE4GXgkiqumS9KlKsNT1YU2vkUhbAdPCvbSpgoxiSUYYo3jK32glZz1k2HIT66zEDrHibKAp6DLcIdN5-XUYrLDqsRioZ0df8CqEPH6&cid=CAQSPADUE5ymr5ogH1F-gN8gMwR3cIjq8Q78jifRuBS5e3g_cxAYLswpjT2zf0j_H8bfrKZFSmLUxdBww_CroBgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fkoraplus.com&ds=l&xdt=1&iif=1&cor=7236506720719206000&adk=756231327&idt=134&cac=0&dtd=4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81572
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 29 Jan 2024 09:50:10 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6815 0
0 52ms
51ms Image
text/html 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2023012401&jk=2041286406762589&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

POST
H3 204 csi
csi.gstatic.com/ Frame D618 0
17 B 115ms
115ms Ping
image/gif 2607:f8b0:4009:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=3~ldijvbcx&chm=1&c=1101900434958132&ctx=2&qqid=CMTDgaHw7vwCFWSgUQodLAAO4Q&met.6=6.1_CgsYshAgaCoECAgSAA
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:81a::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 217B 0
17 B 115ms
115ms Ping
image/gif 2607:f8b0:4009:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=3~ldijvbgn&chm=1&c=1101900434958132&ctx=2&qqid=CIeC7qDw7vwCFZX01QodKYgN8Q&met.6=6.1_CgsYrBIgaCoECAgSAA
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:81a::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1FB5 42 B
64 B 61ms
61ms Fetch
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu7RJZPAXu8a0ERIHEFK5gZBJa4rYFnnvb42PZQwj2evSpEXauNCCX77j0VgZUORHMaZj_oBwbbrXM-N_ub51c-6EKLXoTfa-U8PeF35dQUy__yXXnxHNX3AcO8LSTvHsO5-8FYSA&sai=AMfl-YQkn3Ex2vNepx-QA-_-mP77T77T97EY3CwH_6A3AOwAcMhzlGBSwVBiSLqBGJo1Sl3jkdAnJNPzF31a5ZfJojWh8trE2wbqPifVQx0bTJc2qQmUN1KfYsaTv4OZNg&sig=Cg0ArKJSzGi2sO0M5gdbEAE&cid=CAQSOwDUE5ymaKRC1Mhjs9xkJU8H5SDCTvUyr-3IW19QhQDk3GJwPHWG4dK6iL5k8REnCut6co0_FowqjlA9GAEgEw&id=lidar2&mcvt=1234&p=130,436,220,1164&mtos=1234,1234,1234,1234,1234&tos=1234,0,0,0,0&v=20230125&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3234993216&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1675067380018&rpt=883&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame CC07 42 B
64 B 52ms
51ms Fetch
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvqQ3jtQEjxFvbuCYbAPn-tvLwJD4Qc6VQqfvc8HZtutOh2RpG4HBt9cGdBl9zCLOq5KfwfIlwrU1ZIlmngviJ3MImGjiLu6rNVKp8V83xJSNBmK5xJ&sig=Cg0ArKJSzMpHnLbt2typEAE&id=lidar2&mcvt=1126&p=546,170,796,470&mtos=1126,1126,1126,1126,1126&tos=1126,0,0,0,0&v=20230125&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=528338454&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1675067380119&rpt=876&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 77BE
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

57ms
57ms

Document
text/html

2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:42 GMT
expires: Mon, 30 Jan 2023 08:29:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 08:29:42 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 csi
csi.gstatic.com/ Frame CC07 0
17 B 116ms
115ms Ping
image/gif 2607:f8b0:4009:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~ldijvayh&c=2041286406762589&e=31071904&ctx=1&met.4=fb.7~lb.97~ol.of~idt.-eu~dt.-t8&met.9=1.6m~13.cr~2.dg~9.0~3_1.e7~7_1.0~4_1.qr~5_1.qw&met.3=739.97~112.iq~738.oc~749.oc_2~736.p9~113.q8_1~735.qi_1~740.to_1&met.1=1.ldijvafr~14.6~15.1~16.6~17.6~18.6~19.6~20.6~21.6~22.9l~23.9l
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:81a::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame D8AE 34 KB
16 KB 164ms
22ms Script
text/javascript 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=60989391;gdpr=;gdpr_consent=;click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=C1Yt69H_XY8G4KcLImweY-KiQBur62NRuyKWew7QR8C4QASCosoV8YJX68IGMB8gBCakC2FH_lG07sj6oAwGqBOsBT9BrFc-EuSFVyA-TF1DJcnzrizXTSU3hgACqZD5DUJ-NiHjv5yBYyKs8Wxu1lYVrm3R4rCFWKlcI39HiotxLVATME8Uxbn9LqSsBSh8lo_zNF3ym0vQde6Sa5cl1jZjRQ5hSOsXKKw7TvN45BPKUygPU1_06fTgxUJ13aB00fGQxEU8B2oUPWhDhcTQXPqkKk2rNJr5KWYMef1NeakyG9TsFUe0tKaCOPIsfCFBIjom2e0Wmvci6DeY1WQCDFHYetjt5FpP2TFrjCBHGp0AiQeH-rlwapAZWK_mGiedjB8qXQFqyEfqDShAnT8AEmYPi6pkE4AQDkAYBoAZNgAfum9XbAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQPIIG2FkeC1zdWJzeW4tNjI2MTYyMzE3NTE2NDc5N4AKA5gLAcgLAYAMAbATsPT_EdATANgTCtgUAdAVAfgWAYAXAQ&ae=1&num=1&cid=CAQSPADUE5ymr5ogH1F-gN8gMwR3cIjq8Q78jifRuBS5e3g_cxAYLswpjT2zf0j_H8bfrKZFSmLUxdBww_CroBgBIBM&sig=AOD64_3oy8z1DlhdjWDoCkjOn1HFobLbDA&client=ca-pub-2930805104418204&dbm_c=AKAmf-DX_8j857fFQeE4WaeCxMtYCm18cJ7Lzb624jTH06JagPSg_S9_0wL2NDuoVTyvwkneC5OEw5SF7gVt4wuypMspHu53jne-iMhu5g7V_81KHa8ZPcTGa50VbP8JLzA4jj3t-xyRJZ9ABEbhRnIIs0Dd98XDczZ9rM_GbAZknnOvzurRkUo&cry=1&dbm_d=AKAmf-BZTStJpQRd3oYOgd7kI8FGIJhUQSicB7e1i_wjegA8TTt1HvzEUAmW50fTO_Jk22IDNgu8-WqwTak3OKstnW1SXB_Cw9RX7gepdXewgXuyqUVxfhb3H4hO1l6qGfEqUJip_-uc_2bewCeFROgZ0s0uJ9kPvYSzbEqtT7izaZzGmukyYfi8r4qQoPTS-QPqcIkGOBqEXCA1v8NLwUMfwWvNyvd1m8IhsC3YoQmTuEXR2UF50qpJOFjygHir5jOJxW2qc0upo4PC870M1QeIcGGWdeyBLJVptiQGLCRNRz4eI7FJoMn3S3HQkDW2rzNghMJmRQjZVkD0u0cogtkRFwmAqf0QrpYecJHRa0aU3XYRYTh7y1eti0-kvEQEyOfPjfJZz18ljdBGazf9-UgWzlJb6I__vaw59xN7CkCU0m1NWFvHL2iJMARofM0rZ_En8EJWSEx_ttEVIfXBHjebdiKuot2zrnm-rYrfw9Mi3RMojYziIyLYczdgbgAJE9mA5gNsDytcKkx30F_b8qttGjqYG3D9lMCuJKO_DGSXwYynZC9Cm8Y&adurl=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 06d0965f0851d3936c68da6d6de73163a6bb32e3f134822ccfec6d28f185ff29

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:42 GMT
content-encoding: gzip
last-modified: Wed, 21 Dec 2022 11:59:41 GMT
server: nginx
x-cache-status: UPDATING
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Thu, 22 Dec 2022 19:29:51 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 1E15 22 KB
8 KB 21ms
20ms Document
text/html 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 81572
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 29 Jan 2023 09:50:10 GMT
expires: Mon, 29 Jan 2024 09:50:10 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AFBD
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESENpDd25SS_IZ04dKfo-__8o&google_cver=1&google_push=Aa02lx_J9kSZqysNy1dnkBhPcBbRdHurXaRa-8gNTz5K5qtZSLsusti6zX...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=Aa02lx_J9kSZqysNy1dnkBhPcBbRdHurXaRa-8gNTz5K5qtZSLsusti6zX60AL4JQr2YejkV-hWoiWTUvYFcbtJxb0JAbBIAiYI&google_hm=pffcBIHCq_4su...

170 B
188 B

18ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=Aa02lx_J9kSZqysNy1dnkBhPcBbRdHurXaRa-8gNTz5K5qtZSLsusti6zX60AL4JQr2YejkV-hWoiWTUvYFcbtJxb0JAbBIAiYI&google_hm=pffcBIHCq_4sugoMAy6QhA

Requested by

Host: 96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com
URL: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=Aa02lx_J9kSZqysNy1dnkBhPcBbRdHurXaRa-8gNTz5K5qtZSLsusti6zX60AL4JQr2YejkV-hWoiWTUvYFcbtJxb0JAbBIAiYI&google_hm=pffcBIHCq_4sugoMAy6QhA
pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
strict-transport-security: max-age=86400
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3 200 i.match
a.tribalfusion.com/ Frame AFBD 43 B
614 B 169ms
168ms Image
image/gif 2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b6&u=CAESEO35KmfsCo78G1gNAAAkWKk&google_cver=1&google_push=Aa02lx8AFnRx6ZcEKUUv4psL-NJu9NmAxR7Ovab-Gktz0micAPUiSEZ2iasGgSBMQiNgs3L7zjgMh82Tc5zIP8jQ3X-BFRZqGkg&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAa02lx8AFnRx6ZcEKUUv4psL-NJu9NmAxR7Ovab-Gktz0micAPUiSEZ2iasGgSBMQiNgs3L7zjgMh82Tc5zIP8jQ3X-BFRZqGkg%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: 96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com
URL: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7918d762eaba9b1b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AFBD
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEG8RJRXV3sC0v3V6FX4qIvM&google_cver=1&google_push=Aa02lx9Ad9SpCOt-x912VC3LlkXNZD2kFBmRIOu0cM1M3akmALboKgQqehN1I0Hufx4KiSu73gQVhsd2_SaBdVtF...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=aVUBxnXVSTGWlS4btHnjmw2&google_push=Aa02lx9Ad9SpCOt-x912VC3LlkXNZD2kFBmRIOu0cM1M3akmALboKgQqehN1I0Hufx4KiSu73gQVhsd2_SaBdVtF84Kiha_nrYA

170 B
188 B

25ms
25ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=aVUBxnXVSTGWlS4btHnjmw2&google_push=Aa02lx9Ad9SpCOt-x912VC3LlkXNZD2kFBmRIOu0cM1M3akmALboKgQqehN1I0Hufx4KiSu73gQVhsd2_SaBdVtF84Kiha_nrYA

Requested by

Host: 96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com
URL: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 30 Jan 2023 08:29:42 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=aVUBxnXVSTGWlS4btHnjmw2&google_push=Aa02lx9Ad9SpCOt-x912VC3LlkXNZD2kFBmRIOu0cM1M3akmALboKgQqehN1I0Hufx4KiSu73gQVhsd2_SaBdVtF84Kiha_nrYA
x-host: tde-deliveryengine-production-fb497649f-dfbbt
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 dds
rtb.openx.net/sync/ Frame AFBD 43 B
135 B 21ms
17ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEI4XsAN7iAqv7DI2wLqByew&google_cver=1&google_push=Aa02lx8Bzgc5Otrk8N2nznT6_-_7gPTF6sh6p5s92xpVPBXI53bNTZqfDczWqSi0LQ-UgjDenHd9NUdIOHQruDwv0hHXkVWQy9E
Requested by: Host: 96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com
URL: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:41 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 3r5vr1dkqplic66nhhuc7o9fekjkjcao

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AFBD
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEB37EHFRQSTJna5vLbhIDWk&google_cver=1&google_push=Aa02lx_dPG0Tvy8koFOi_Fx4MQhFPdOVD-50qSyP3cg_CfItaGsETa3oMD32JLoJtt1eAgh-BGhMeb7NhdJUeyNHk...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aa02lx_dPG0Tvy8koFOi_Fx4MQhFPdOVD-50qSyP3cg_CfItaGsETa3oMD32JLoJtt1eAgh-BGhMeb7NhdJUeyNHkxeiaWWCcYM&google_hm=GEmduGZH_amFSaP9TSesYax6

170 B
188 B

24ms
24ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aa02lx_dPG0Tvy8koFOi_Fx4MQhFPdOVD-50qSyP3cg_CfItaGsETa3oMD32JLoJtt1eAgh-BGhMeb7NhdJUeyNHkxeiaWWCcYM&google_hm=GEmduGZH_amFSaP9TSesYax6

Requested by

Host: 96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com
URL: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 30 Jan 2023 08:29:42 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aa02lx_dPG0Tvy8koFOi_Fx4MQhFPdOVD-50qSyP3cg_CfItaGsETa3oMD32JLoJtt1eAgh-BGhMeb7NhdJUeyNHkxeiaWWCcYM&google_hm=GEmduGZH_amFSaP9TSesYax6
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap6ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H2

200

/
onetag-sys.com/match/ Frame AFBD
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEMb7H18PwT7qAEQA44g42YM&google_cver=1&google_push=Aa02lx_hNJbuzazD1NYUkffW-s7iGRF9-fqMDQw_0LfA3rnqMU37g5Ca-vmrB99SZFJKf24k5wQXMNbIxCa...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx_hNJbuzazD1NYUkffW-s7iGRF9-fqMDQw_0LfA3rnqMU37g5Ca-vmrB99SZFJKf24k5wQXMNbIxCaEHE30WiGQXLoEGXk
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

9ms
9ms

Image
text/plain

51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: 96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com
URL: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame AFBD 0
12 B 19ms
16ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Jp0-EMQuhOqo9rpvuHRp24JlYY1Vqd4L75EIIbJ-pZhOKnz8l9KKkYg6BoUfFfHfY

Requested by

Host: 96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com
URL: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:42 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 204 l
www.google.com/ads/measurement/ Frame 843D 0
0 16ms
15ms Image
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTFekxMeyMihN6eMlWrzyx3nSo6jpDvfkRCSbZgnGnGmD-J_FV5AilRv9A0P5F_SpkIR2BH36DvybUKWjzznKQ26NahwQ
Requested by: Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 843D 156 KB
48 KB 66ms
65ms Script
text/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

948dfd7372d70c12a80472d86b4033d93adbb52d02d4585d519416c4f4b4be62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49065
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1674650782302584"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 30 Jan 2023 08:29:42 GMT

GET
H3 200 btn_cta_arrow.svg
s0.2mdn.net/sadbundle/7314573151872791710/ Frame 8A89 366 B
298 B 20ms
20ms Image
image/svg+xml 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7314573151872791710/btn_cta_arrow.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=O9bLcDAJmX&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65ecaacea233cbd58cd42e885e80df77cbc92fc6cfd6e85f1d0e9d2852e1e7ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=O9bLcDAJmX&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 22:58:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 120680
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 269
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 10:58:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 28 Jan 2024 22:58:22 GMT

GET
H3 200 kia.woff
s0.2mdn.net/sadbundle/7314573151872791710/ Frame 8A89 23 KB
23 KB 21ms
20ms Font
font/woff 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7314573151872791710/kia.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=O9bLcDAJmX&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4974622fff31e0fe9dcc6c31c33e3f74dfb665d2678bd876ab807506e3bab60c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=O9bLcDAJmX&t=1&renderingType=2&ev=01_247
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 18:19:12 GMT
x-content-type-options: nosniff
age: 137430
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23072
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 10:58:10 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 28 Jan 2024 18:19:12 GMT

GET
DATA 200
OK truncated
/ Frame 843D 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6aa973649c1c6508588e17d4dfe3e76e7c5f514a1f9a58382597415ce653f9f0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 font
c.bannerflow.net/fs/api/v2/ Frame F92C 4 KB
4 KB 16ms
15ms Font
font/woff 2606:4700::6810:c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/fs/api/v2/font?u=https%3A%2F%2Ffontmanagerstorage.blob.core.windows.net%2Ffontmanagerfonts%2F6098d74fda7efd391f535bb5%2F9aa62b45-e08d-4719-8b11-ecb2c2d378fd.woff&t=03456789%E2%82%AC
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4900554790666240000/728x90_de_DE_2023_01_DE_Tactical_January_LH_2023-1-638095618950877025-ae68c46f-934f-4625-9b1a-44d4c4c982fa.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bfa36b80412fedbec98205b35afd6764ca764124cf34b1a50ceea13c6433ac63

Request headers

Referer: https://s0.2mdn.net/
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:42 GMT
cf-cache-status: HIT
last-modified: Thu, 19 Jan 2023 12:00:41 GMT
server: cloudflare
age: 937741
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=31536000, stale-if-error=86400, stale-while-revalidate=86400
content-disposition: attachment; filename=9aa62b45-e08d-4719-8b11-ecb2c2d378fd-subset.woff
cf-ray: 7918d7630d442bf3-FRA
expires: Fri, 19 Jan 2024 12:00:41 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 217B 0
20 B 53ms
52ms Ping
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=7334207192888&version=m202209210101&ct=76&x=1&cor=5882576267676796000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js Show response
pagead2.googlesyndication.com/bg/ Frame 76AD 36 KB
14 KB 21ms
21ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35da5c6b61db6ad2f028dc52eddbe524529ee5f74cf6b1eda074131d2b64bb61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81523
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14214
x-xss-protection: 0
last-modified: Thu, 19 Jan 2023 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 29 Jan 2024 09:50:59 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 8426 0
0 46ms
46ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvCZXiG30SE9c9puR4KWERFzyA4QfKUuCmddaMohGvUQ0z0S_fyk4QdbeV5tub80RhRONbW7VPk_5gn_em1aio8Y2R4xwBgI1qfS7h0Vl20x5-WPogH1Oi9-n22NwnE0LLrBB51D5-0GItDOEvlB3Yof7DDksOoQkj1YTYKdTGcyV6ViWWsPyc8gW9SoRn-yLSzjwYcTi3Jacq1FH30eCckJA0TM-a7ZdAl_qzOTQ3U1jqQZO4BQ3ehwh-j5ONksIlHE-2AjXCb1EaoSKmpCyWFRJuwh2nWCDGgeJzHv282ORrv1c46bwjkzg90ABe8eAZzUAEfiQnxi3B3Hm1t_lq2xXQfxjyNR7GOklMGtCJlEVCGBZ8SQ187asrDj9Kp7rWDEC6uMzpMWh_ImHOlNBLvNluUx2AsQd8JldctADHbxbonfUejSRiDIRDauMegyCFe8fFsko8ChuTKCCbG3EXQAxsZtnlLAaHxvoia7yOfDIbQcKGPbjC8dR_CkdWH6i84GDdli0ui1IBdfbpoZQItasF3xqFZr6OXT8Kvx8SNBICpE3DGRvbe1ubHLvqX87C0_lUztEKjeMylRPXaNlCp5d43khd766vdURkjmFw3Fq8y64WIfPYKaHn-3JDQ_FOMbc3g82EuVrDir4b7-r1KCogNI-23Bw_hB2CQEGj0wpxzdmCXeEx4cTMj7FkVVyJN2yDSMhCCuj51PI9me0BWOoKBkSEvvpISNPddMyNwOYdcjDy8X7OJubRFLnpJbPwXQWS4niwuUSKU6IjOQvVvu8V02XLUt7mH3leeDjgT4czRwl9uXuGMRViWt2X0fHUCq6tcnWw_2gQ77JP1G9PrSJkOa0t-z_vTTk-gg_gavOxXZ8xh84-UtMYG2CEdX6VWNrqJ0P0GKLsQAcz3j9I-NdSWStsG-6Y2fzdyrh7lRDqhm8suQDXTjYvYhvRYAqF-OacaxJ50bUWkNcchpCfijl5ZzhtoCCMsPvQ6ujOOP3Uz8HLYeQN-51tshArSmkL9LdoDmPGAGTtvIk83jqvKMHWFQRXi1p58v26Urmhou9B5XGI0ygN6X18wfMdh_JOcJ0PPm-USB2pWeVcrHLadyqFk3T2iM0hyqRTcH0V_yRWZSbOQ5jLto4K4UDuIvaNde1s7JxghAUAEf7RB3eyvmfo_CeB4XVEtvUzC01ZkgvQ5tgTCIp7vpfmzKXvWCaJli6ZPFo2ZYHLgF5XisCoDJsqRZ6wdfgWrznUvX4KQjCGWUFp14_2cXqLrD2XlM9hI8FHjFQc0boGlI_g&sai=AMfl-YSmtWYKF7L8CEFRXFZRiH2fL8eD6nqUKVdjr93ykM-EvnuO1DJACw5K3AssaZX5TqEI9NcaERlvEylWoT2uPPwFJybyqXQtQH5rBvf-lyl7h4gIvE9lI7ZSd6MugsL2-14GzyEAh34uZbBSq0PawjIWm5OHQQnavriytlUJ714qpK-1tsljQDV9ka4hMidPKdQQZLquicrGHrgEzLS148qgPo9L8Q5Afs3b9kL8uA7T4XmqZKfnJPo6OuomAFB1ceEOnu63vEPS_Q&sig=Cg0ArKJSzFC1zAlSUbxsEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=986&vt=11&dtpt=792&dett=3&cstd=188&cisv=r20230124.58031&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 30 Jan 2023 08:29:42 GMT

GET
H3 200 btn_cta_arrow.svg
s0.2mdn.net/sadbundle/7024728442041512453/ Frame 0CA3 363 B
294 B 21ms
20ms Image
image/svg+xml 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7024728442041512453/btn_cta_arrow.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=IyxHAVLxoL&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47a278025cea905349e975bf082b6d027e22a536a4b3d370afeb04d8fc5b2ca4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=IyxHAVLxoL&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 25 Jan 2023 16:37:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 402703
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 265
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 10:58:01 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 25 Jan 2024 16:37:59 GMT

GET
H3 200 kia.woff
s0.2mdn.net/sadbundle/7024728442041512453/ Frame 0CA3 23 KB
23 KB 22ms
21ms Font
font/woff 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7024728442041512453/kia.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=IyxHAVLxoL&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4974622fff31e0fe9dcc6c31c33e3f74dfb665d2678bd876ab807506e3bab60c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=IyxHAVLxoL&t=1&renderingType=2&ev=01_247
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 02:11:20 GMT
x-content-type-options: nosniff
age: 109102
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23072
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 10:58:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 29 Jan 2024 02:11:20 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C31D 0
20 B 56ms
55ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B4toS9H_XY8bAAYSTjuwPqM6e6AoAAAAAOAHgBAI&bg=!gIOlg8fNAAZSrDxfcqw7ACkAdvg8Wo8HTG8EnRWUsRSDjao6Za36S2S3x-XSIjjUX0jzhi3Yokwz8QIAAAPEUgAAAAJoAQeZAyw1ljqIvpjZjMoBu-3xSikPfdw9PuaKMTxHJ8dGGAONMbERC-9CAj6lNdWiRL5ICyIzUSvfCOJ4b8w60lEnENeUDuk8HjAIdzGBM8pb_HDZCBpYFwURroFLFFTbIuKfOiBGWJitqvlqWsJ_WzSttowKjNzlTkCcjsrqTLn2osrBRqZn0XePruGSWF-YIt6KX5SWVTq6SEGDvyoD4mxQ8y9fzIwcpB0XMGaNLbCeUJ86Vdod7vb7HkF5CFeXX598yQ73CWCwePFUvy71RNtgSpXCgn2eE-30pa3SPXl6uFvqx2Z9DLh4cIjzsc115GhMUWHWmL9bCnsd3EE6vd693yNnA_J7NelfNwOOl7nPt_06Dk-qlGvdy2WLC4tiz7NXUA6bMGS0nRYtvFZ7KkNh6QQKmn05MT7BeJ0MfIp8US9YBxmy7TyhHOa_CknhlfeXNRlC3IFat5q2mHdIc0L0ftI2byNsUvdECeEuOvjTvtsnW3UjtDQ2pADWctJQVfrVvh3_5DQGLOHcgMrhbj2sBeXJ0uq2oNpyb7soTvOXqiW0MIvDQroNEBbxKSdzd1YICPS_js_dFVRt9OB0861fUs2w1sbZydqghMUcFBAZR6-vw_G39XlFfEWJNX-8LvY_ch_c9UtMX5wrGNIguEPwqau9QLAGh1VzYy8xIRwz4W0ZhEFqg_putodVFj9n2q67xCH3CFD4qVIQZylvphxmY6XFCyhEZpQDrPEPr4B-qX2tbpQbVS6YeveJVcxL6jihzTflxWYcQQwqhkqi_wYorOrA3blBLDoEo1xm4hWNi8JebM-HJunwCSh34U3F2zpK_cBNryKlquMp3wCMTQHBDIKfrxoshIhyfFskLmbor_bw3JxSyON8IUljcePsqSMixzpxPFTRfuyBQsf9qowCLttd1DTPz5I-2ap6n6rCV-6TpR7hkhShJRlPHylEmR6-9bh0bZQ6OEDz7YSfUWkmVyXTLJl3WTJsKFwqYM94QzYYCD7HQhAtq6Y3ExopzGvnR2wk0rua3rfIlyR-Pq2kxHnojmE9Luo3uSm32wLb_YhXBK4xPjmSi9GWREoGHA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 29BB 22 KB
8 KB 21ms
20ms Document
text/html 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 81572
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 29 Jan 2023 09:50:10 GMT
expires: Mon, 29 Jan 2024 09:50:10 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 font
c.bannerflow.net/fs/api/v2/ Frame F92C 4 KB
5 KB 14ms
14ms Font
font/woff 2606:4700::6810:c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/fs/api/v2/font?u=https%3A%2F%2Ffontmanagerstorage.blob.core.windows.net%2Ffontmanagerfonts%2F6098d74fda7efd391f535bb5%2F5502bd4c-ec26-4a3c-b271-a4140d66bb8b.woff&t=%20-HJRabcdefghiklntuz%C3%BC
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4900554790666240000/728x90_de_DE_2023_01_DE_Tactical_January_LH_2023-1-638095618950877025-ae68c46f-934f-4625-9b1a-44d4c4c982fa.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 445d8a5680e2cd98db5ee96aa41d03511ae0b1ff832523a1d10b8fea85ab59a9

Request headers

Referer: https://s0.2mdn.net/
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:42 GMT
cf-cache-status: HIT
last-modified: Thu, 19 Jan 2023 12:00:41 GMT
server: cloudflare
age: 937741
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=31536000, stale-if-error=86400, stale-while-revalidate=86400
content-disposition: attachment; filename=5502bd4c-ec26-4a3c-b271-a4140d66bb8b-subset.woff
cf-ray: 7918d7639e1c2bf3-FRA
expires: Fri, 19 Jan 2024 12:00:41 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 8A89 7 KB
6 KB 60ms
59ms XHR
application/json 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

58263e94028eeae6ddede037bbdd48717e7c146fdbf9c7255c810045dd674654

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5662
x-xss-protection: 0

GET
H3 200 Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js Show response
pagead2.googlesyndication.com/bg/ Frame 666C 36 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35da5c6b61db6ad2f028dc52eddbe524529ee5f74cf6b1eda074131d2b64bb61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81523
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14214
x-xss-protection: 0
last-modified: Thu, 19 Jan 2023 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 29 Jan 2024 09:50:59 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 0CA3 7 KB
6 KB 60ms
60ms XHR
application/json 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c5c441639c40ebe2d990a9e48ddf8abae666480ae9e0cfecd559d839428d44ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5672
x-xss-protection: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 7D96 0
12 B 20ms
19ms Image
text/plain 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?cwIUsg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:42 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 762D 0
0 46ms
45ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuEnjp5cefDXZ-3MrViGiIhkwR9iPs9AJPxsb6uyLTXmZlU8ZemYqei-mD2JFJzM4YTKubHKDNkTlNHwqmXw-TTZyP93BxmuFPBRyjD7TRhHFW_4QheKl1LzD_SGD10fbF1-0yPpNEX22w3knbMIZ6ykUEmvcI5u_ZS5RFvexH1Qza-vbYQDv3EwEQl19QmEFYVOglSa5yHuSI7JNoTJ4zoA2QwIdLIrVubWQXxT6uG1SBow7bf1negVmY_wJ-iRRCJ5S35CpYMozoPLpxj8bPFlPe3us5_Gmzjznk1lC3BFJp5iQOd9CS2FkOuTH59-R8fhYCM53FXdlDPMOEjTpa9HrxsJYk-jPXIhERLQcqq8ZhoraoX1lggc882AuoLfbmTDrFpMKaRZ1vjtZ3LYkkFKuD6FGKz1GOW7EcPAYo0Uimdtx7KfgMs5-bl41Ozgh4vEqYLk0t5UbPPSyUrB4ZR6ynPP4LR9bVgXceXQFCGJRiU_wZo7a_BOwxiPB-eWFy5aRa8_8e9uqx0BfhcwPf2_mQohDTqR8sguw-pFqo8AUEYVrN6kWo_pgheV1KENYGFvYC72dO6F7GeUMI8WnOLuiPICIx49ATCRWs1Kb8-vv3er6YOxh7e0nZxthQl8wEw1V1DraFyWEw-So-2imcQOEh49J90a2JHQrita0swiQfsHCsMviENu3feqWmtt5c-zy3MFkQeVhRl57LemIf4tPoB2Y4V5woKJGUQ8sd6FBGcljtMDCqQGFv6rm2Y5oP4NxtGR1XxZmmM9xuR716O8LUe1Pm7KnhjvuSkiRctZDK4-SeFDAy2cW3YVQlR0ivKLX-P_pfNHnJF3_WTLmr1tLmIFdZ9iZLJu9LN3AgAYTsRo2IMsBp3myu_bmp1xtvKn5FxsjfuyylLTTNdCUUIJnQghtCX_V2MT5Jm0eH6MJsB0O_v38GqEnSz0cTUWCDCGpQ0lbialmm8V-5oClHK5iuKIh494m41ZrxoYVYBaSz9d7iv9oihJWAjk48Clzy4IEj-qwDvrSWVGVAyh9FFz4_tCFS5cLpVjKPWMX_2oGSd2XODBAU5vTpMrXA7XHIggDYbBt2Wk9_upakxHWGKU_byUyrdANw4YFacUlSEhWEUX8KXIFMG1Vw-jPxNIPIa_TTbQdMMK9ATajqixmdN3BFlialOeVbBmWpfq-eECcEtHN4ZKCKRRgt-y0uedrPrNVlgmFPWADfmcIU3icf8_-2w5pyZnLr0mGl1BSX1gQUEdJb2s40uNt_zspk69s-wqSJkGnxIHOY06UGkCmU&sai=AMfl-YRcH4tj6_AzRz2Z2MF7sNvXLHQNligWQbGNxKJ8LJQn_Ze3Sugo5n_8SdPKz_oiE4RP9dUKAvqxietpSNjl7QhTZYa9wo-IIbxwpmYGfI_U1OGSdGd9hiEFQuLr9nJw5Vdk9wqlLQ8J4lIdwKmnU2B79qy6bYTb29P2ntoudJh-6KUzQ8CTmp7AvnbHx3HDoy_mZGV_WVVAiraJL4ifNevuuewMlZA5qR4LbVVol0G8v2DVqmjlNupRNcuwUKQP7bLtDgbwI5Y&sig=Cg0ArKJSzEtSDVMcXfNkEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1077&vt=11&dtpt=786&dett=3&cstd=288&cisv=r20230124.73429&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: koraplus.com
URL: https://koraplus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 30 Jan 2023 08:29:42 GMT

GET
H3 200 logo_kia.svg
s0.2mdn.net/sadbundle/7314573151872791710/ Frame 8A89 1 KB
710 B 22ms
21ms Image
image/svg+xml 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7314573151872791710/logo_kia.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4caec19fb48c8b123d8f1dd3443f2bd70863adf6408db3ea83b1ee46df65c454

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=O9bLcDAJmX&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 21:20:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 126570
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 674
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 10:58:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 28 Jan 2024 21:20:12 GMT

GET
H3 200 23717839_20211025053327454_bg_01.jpg
s0.2mdn.net/ads/richmedia/studio/23717839/ Frame 8A89 19 KB
19 KB 22ms
21ms Image
image/jpeg 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23717839/23717839_20211025053327454_bg_01.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3578599c04427db93b8dbb9856b31ec74706adab651288a8444b48a833606c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=O9bLcDAJmX&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 07:13:07 GMT
x-content-type-options: nosniff
age: 4595
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19143
x-xss-protection: 0
last-modified: Mon, 25 Oct 2021 12:33:27 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 31 Jan 2023 07:13:07 GMT

GET
H3 200 23717839_20211025053330635_bg_02.jpg
s0.2mdn.net/ads/richmedia/studio/23717839/ Frame 8A89 16 KB
16 KB 31ms
30ms Image
image/jpeg 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23717839/23717839_20211025053330635_bg_02.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

99d22e206a5ac6e477ce8a4466d3f01ab5db135dc1fdb8a75b9bf8f0d10a28d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=O9bLcDAJmX&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 07:13:07 GMT
x-content-type-options: nosniff
age: 4595
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16509
x-xss-protection: 0
last-modified: Mon, 25 Oct 2021 12:33:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 31 Jan 2023 07:13:07 GMT

GET
H3 200 23717839_20211025053333882_bg_03.jpg
s0.2mdn.net/ads/richmedia/studio/23717839/ Frame 8A89 17 KB
17 KB 23ms
23ms Image
image/jpeg 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23717839/23717839_20211025053333882_bg_03.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d0045314684d37447b37f42a67c55caaf3d04c98a68cb75a760ed799899a965

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=O9bLcDAJmX&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 07:13:07 GMT
x-content-type-options: nosniff
age: 4595
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17219
x-xss-protection: 0
last-modified: Mon, 25 Oct 2021 12:33:33 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 31 Jan 2023 07:13:07 GMT

GET
H3 200 23717839_20211025053324221_bg_04.jpg
s0.2mdn.net/ads/richmedia/studio/23717839/ Frame 8A89 13 KB
13 KB 27ms
26ms Image
image/jpeg 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23717839/23717839_20211025053324221_bg_04.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aaae67d76785ca3c10c3ec64930c48342d5ee67f49a7ce60854e38b80b7d0774

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=O9bLcDAJmX&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 07:13:07 GMT
x-content-type-options: nosniff
age: 4595
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13772
x-xss-protection: 0
last-modified: Mon, 25 Oct 2021 12:33:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 31 Jan 2023 07:13:07 GMT

GET
H3 200 gentonanetto-extrabold.ttf
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 53 KB
26 KB 62ms
22ms Font
font/ttf 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/gentonanetto-extrabold.ttf

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ef5f7dcf7a5c67a176d0fe031fbe89a148b107b891d200eb51500326eb79c00

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 29 Jan 2023 13:31:58 GMT
age: 68264
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26535
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 13:31:58 GMT

GET
H3 200 Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js Show response
pagead2.googlesyndication.com/bg/ Frame 1E15 36 KB
14 KB 22ms
22ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35da5c6b61db6ad2f028dc52eddbe524529ee5f74cf6b1eda074131d2b64bb61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81523
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14214
x-xss-protection: 0
last-modified: Thu, 19 Jan 2023 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 29 Jan 2024 09:50:59 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1FB5 0
20 B 53ms
53ms Ping
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8731378165337&version=m202209210101&ct=76&x=1&cor=1763716832606824700

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 8A89 17 KB
6 KB 72ms
71ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 30 Jan 2023 08:29:42 GMT

GET
H2 200 optimize
c.bannerflow.net/io/api/image/ Frame 0B27 16 KB
16 KB 19ms
18ms Image
image/webp 2606:4700::6810:c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Ffinnair%2F6140ae64cb78547990abe56c%2Fimages%2F0d8542cd-e891-4bd5-8f8f-4db47961d433.jpg&w=365&h=219&q=67&f=webp&rt=cover&x1=0&y1=224&x2=6720&y2=4256
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 421970f1952860cfa08ae0c1dc0316beabd2ff11b73380be815af4da963610ca

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:42 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Jan 2023 12:01:06 GMT
api-supported-versions: 2.0
server: cloudflare
age: 73716
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=86400,stale-if-error=86400,stale-while-revalidate=86400
accept-ranges: bytes
cf-ray: 7918d7649ef82c18-FRA
content-length: 16586
request-context: appId=cid-v1:aa2d0cc3-fd7d-4ac0-80ca-1db03d937ce1

GET
H2 200 optimize
c.bannerflow.net/io/api/image/ Frame 0B27 1 KB
1 KB 17ms
17ms Image
image/webp 2606:4700::6810:c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Ffinnair%2F6140ae64cb78547990abe56c%2Fimages%2F8bc511b3-5a1a-488b-8301-4f6b7a44119a.png&w=115&h=14&q=85&f=webp&rt=contain
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b9d2c73ec1f8137a518b8345a65f02da3c8eca11bfbe989f1d3ca99559c5db72

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:42 GMT
cf-cache-status: HIT
last-modified: Mon, 30 Jan 2023 05:58:58 GMT
api-supported-versions: 2.0
server: cloudflare
age: 9044
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=86400,stale-if-error=86400,stale-while-revalidate=86400
accept-ranges: bytes
cf-ray: 7918d7649efa2c18-FRA
content-length: 1446
request-context: appId=cid-v1:aa2d0cc3-fd7d-4ac0-80ca-1db03d937ce1

GET
H2 200 optimize
c.bannerflow.net/io/api/image/ Frame 0B27 528 B
763 B 15ms
15ms Image
image/webp 2606:4700::6810:c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Ffinnair%2F6140ae64cb78547990abe56c%2Fimages%2F5d725dc0-1ea3-40e1-8571-8abfb3481b84.png&w=19&h=19&q=85&f=webp&rt=contain
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6181563c99588058803ee902907792de673ecad25d9890f610b2c1bfcd573388

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:42 GMT
cf-cache-status: HIT
last-modified: Mon, 30 Jan 2023 05:58:58 GMT
api-supported-versions: 2.0
server: cloudflare
age: 9044
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=86400,stale-if-error=86400,stale-while-revalidate=86400
accept-ranges: bytes
cf-ray: 7918d7649efc2c18-FRA
content-length: 528
request-context: appId=cid-v1:aa2d0cc3-fd7d-4ac0-80ca-1db03d937ce1

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame DB43 0
12 B 19ms
19ms Image
text/plain 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?5FRvyg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:42 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 0CA3 17 KB
6 KB 137ms
137ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 30 Jan 2023 08:29:42 GMT

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame D8AE 8 KB
4 KB 23ms
23ms Script
text/javascript 37.157.4.40
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?CC=1&bn=60989391;gdpr=;gdpr_consent=;click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=C1Yt69H_XY8G4KcLImweY-KiQBur62NRuyKWew7QR8C4QASCosoV8YJX68IGMB8gBCakC2FH_lG07sj6oAwGqBOsBT9BrFc-EuSFVyA-TF1DJcnzrizXTSU3hgACqZD5DUJ-NiHjv5yBYyKs8Wxu1lYVrm3R4rCFWKlcI39HiotxLVATME8Uxbn9LqSsBSh8lo_zNF3ym0vQde6Sa5cl1jZjRQ5hSOsXKKw7TvN45BPKUygPU1_06fTgxUJ13aB00fGQxEU8B2oUPWhDhcTQXPqkKk2rNJr5KWYMef1NeakyG9TsFUe0tKaCOPIsfCFBIjom2e0Wmvci6DeY1WQCDFHYetjt5FpP2TFrjCBHGp0AiQeH-rlwapAZWK_mGiedjB8qXQFqyEfqDShAnT8AEmYPi6pkE4AQDkAYBoAZNgAfum9XbAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQPIIG2FkeC1zdWJzeW4tNjI2MTYyMzE3NTE2NDc5N4AKA5gLAcgLAYAMAbATsPT_EdATANgTCtgUAdAVAfgWAYAXAQ&ae=1&num=1&cid=CAQSPADUE5ymr5ogH1F-gN8gMwR3cIjq8Q78jifRuBS5e3g_cxAYLswpjT2zf0j_H8bfrKZFSmLUxdBww_CroBgBIBM&sig=AOD64_3oy8z1DlhdjWDoCkjOn1HFobLbDA&client=ca-pub-2930805104418204&dbm_c=AKAmf-DX_8j857fFQeE4WaeCxMtYCm18cJ7Lzb624jTH06JagPSg_S9_0wL2NDuoVTyvwkneC5OEw5SF7gVt4wuypMspHu53jne-iMhu5g7V_81KHa8ZPcTGa50VbP8JLzA4jj3t-xyRJZ9ABEbhRnIIs0Dd98XDczZ9rM_GbAZknnOvzurRkUo&cry=1&dbm_d=AKAmf-BZTStJpQRd3oYOgd7kI8FGIJhUQSicB7e1i_wjegA8TTt1HvzEUAmW50fTO_Jk22IDNgu8-WqwTak3OKstnW1SXB_Cw9RX7gepdXewgXuyqUVxfhb3H4hO1l6qGfEqUJip_-uc_2bewCeFROgZ0s0uJ9kPvYSzbEqtT7izaZzGmukyYfi8r4qQoPTS-QPqcIkGOBqEXCA1v8NLwUMfwWvNyvd1m8IhsC3YoQmTuEXR2UF50qpJOFjygHir5jOJxW2qc0upo4PC870M1QeIcGGWdeyBLJVptiQGLCRNRz4eI7FJoMn3S3HQkDW2rzNghMJmRQjZVkD0u0cogtkRFwmAqf0QrpYecJHRa0aU3XYRYTh7y1eti0-kvEQEyOfPjfJZz18ljdBGazf9-UgWzlJb6I__vaw59xN7CkCU0m1NWFvHL2iJMARofM0rZ_En8EJWSEx_ttEVIfXBHjebdiKuot2zrnm-rYrfw9Mi3RMojYziIyLYczdgbgAJE9mA5gNsDytcKkx30F_b8qttGjqYG3D9lMCuJKO_DGSXwYynZC9Cm8Y&adurl=;js=1;adfxid=1x;172;set=en-US|en-US|1600X1200|0|300|250|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0&CREFURL=https%3A%2F%2Fkoraplus.com

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.40 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

6d912f6c7822b065a9b779aca5c09890f3147fc5497120cadd98fe38f72b40ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 3912
expires: -1

POST
H3 204 csi
csi.gstatic.com/ Frame D618 0
17 B 115ms
115ms Ping
image/gif 2607:f8b0:4009:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=4~ldijvc08&chm=1&c=1101900434958132&ctx=2&qqid=CMTDgaHw7vwCFWSgUQodLAAO4Q&met.6=6.1_Cg0Y6BQgNCoGCAYSAhAB
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:81a::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 217B 0
17 B 115ms
115ms Ping
image/gif 2607:f8b0:4009:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=4~ldijvc08&chm=1&c=1101900434958132&ctx=2&qqid=CIeC7qDw7vwCFZX01QodKYgN8Q&met.6=6.1_CgsY4hYgNCoECAcSAA
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:81a::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 motif.svg
s0.2mdn.net/sadbundle/7024728442041512453/ Frame 0CA3 451 B
350 B 21ms
21ms Image
image/svg+xml 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7024728442041512453/motif.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

524c55c8d2300cce448d346b995650dc7fcd703ab0c3734c057147b5c69d3773

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=IyxHAVLxoL&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 18:54:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 480908
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 10:58:01 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 24 Jan 2024 18:54:34 GMT

GET
H3 200 logo_kia.svg
s0.2mdn.net/sadbundle/7024728442041512453/ Frame 0CA3 1 KB
711 B 25ms
24ms Image
image/svg+xml 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7024728442041512453/logo_kia.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4caec19fb48c8b123d8f1dd3443f2bd70863adf6408db3ea83b1ee46df65c454

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=IyxHAVLxoL&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 23 Jan 2023 16:57:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 574332
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 674
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 10:58:01 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 23 Jan 2024 16:57:30 GMT

GET
H3 200 23717839_20220120063955117_bg_01.jpg
s0.2mdn.net/ads/richmedia/studio/23717839/ Frame 0CA3 14 KB
14 KB 27ms
26ms Image
image/jpeg 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23717839/23717839_20220120063955117_bg_01.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63e9a0058f74fed8eebe7be41e119de0a17cff86be74f63f438731b1f3e11bab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=IyxHAVLxoL&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 03:33:43 GMT
x-content-type-options: nosniff
age: 17759
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14582
x-xss-protection: 0
last-modified: Thu, 20 Jan 2022 14:39:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 31 Jan 2023 03:33:43 GMT

GET
H3 200 23717839_20220120063958473_bg_02.jpg
s0.2mdn.net/ads/richmedia/studio/23717839/ Frame 0CA3 25 KB
25 KB 25ms
24ms Image
image/jpeg 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23717839/23717839_20220120063958473_bg_02.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1f5dad11bc1eaef854848901913d4b452c3c6ad1844df5a9d7578ed0e9ce887

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=IyxHAVLxoL&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 19:56:33 GMT
x-content-type-options: nosniff
age: 45189
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25611
x-xss-protection: 0
last-modified: Thu, 20 Jan 2022 14:39:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 30 Jan 2023 19:56:33 GMT

GET
H3 200 23717839_20220120064001356_bg_03.jpg
s0.2mdn.net/ads/richmedia/studio/23717839/ Frame 0CA3 24 KB
24 KB 27ms
27ms Image
image/jpeg 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23717839/23717839_20220120064001356_bg_03.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df0b62593763a1faa65202d76c4dad0774189bc742452b7895ebda8534da0b1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=IyxHAVLxoL&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 17:24:59 GMT
x-content-type-options: nosniff
age: 54283
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24095
x-xss-protection: 0
last-modified: Thu, 20 Jan 2022 14:40:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 30 Jan 2023 17:24:59 GMT

GET
H3 200 23717839_20220120064004362_bg_04.jpg
s0.2mdn.net/ads/richmedia/studio/23717839/ Frame 0CA3 16 KB
16 KB 30ms
29ms Image
image/jpeg 2a00:1450:400d:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23717839/23717839_20220120064004362_bg_04.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

815061e2fd0ba411deebcd25e999158eaedf768d16eb0742f48586db901be7a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=IyxHAVLxoL&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 03:33:44 GMT
x-content-type-options: nosniff
age: 17758
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15937
x-xss-protection: 0
last-modified: Thu, 20 Jan 2022 14:40:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 31 Jan 2023 03:33:44 GMT

GET
H3 200 Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js Show response
pagead2.googlesyndication.com/bg/ Frame 29BB 36 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35da5c6b61db6ad2f028dc52eddbe524529ee5f74cf6b1eda074131d2b64bb61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81523
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14214
x-xss-protection: 0
last-modified: Thu, 19 Jan 2023 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 29 Jan 2024 09:50:59 GMT

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 843D 63 KB
23 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: 29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6054746292d3567c660857d4e7ed6153dadda2b3d602245f4612deef4dba2bd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:14:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 930
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23828
x-xss-protection: 0
server: cafe
etag: 9010139400925747384
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Mon, 30 Jan 2023 09:14:12 GMT

POST
H2 200 /
c.bannerflow.net/tr/v2/pixel/ Frame F92C 0
73 B 188ms
188ms Ping
text/plain 2606:4700::6810:c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/tr/v2/pixel/
Requested by: Host: c.bannerflow.net
URL: https://c.bannerflow.net/a/63c6ae0e7c127b7a6179dca6?did=5ced17d285b1c200019c3fe1&&redirecturl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjstMMCFYE5vDAvV_3cSyysdoZ-sAH9pllZAgAQ1-kcf9D2xxMBvhNK40vMbpqtD6F88S8leYsGmBXZgWSFbyss90BVq5p9PrETj9k2pb0IFgoP8ftLC7XR-0Ah-HPBm5_u6BN0izRuACEOlJQr-PDKh_6PH8W-LZIR4NVv35wyACjLxLjuG27QULr6e1v4_bsdWL0ifry5JvroRBB753oDVgC7BkTo1Mzze2JLMGCj3gqceGN2V3y0yhGjLOvCDhSdxkfY1cq_3OtiMVkLC5R3T34JEXttT-wnnnP3f04vXJwGCds-V_fVlDqXMTg8sKP_TPI_e2MnxKPdtZrbzxw4XwFc29mfx8cbjFJdKtiTgoQc06iKnGGbovuYemex1Ig9sUy4KepOU6GZFDvgeO-D1ogCXRLqQJCeZ2LvGtGXFeo5ZwhSmDl7jzo_YzMPkaEA1o3vfHj23fHM7a8_6ey4PINuiqaszGspfBCZyPr7Y9hP84J8qm6lDo7nCb6CZ20kCO6V0IWcoLio6IXHWwXu1OgYIwCRIt3TaxpxfxraavNAjFsBY-pegUhx2bfvdfqxFCinY6qp5_PNTszOY0sRFIs1xFETnUupiI3VJgrT3uWf6ex4F1CC-MEKyHOe2EMOA9nNcGBsdZCPyWC69r92DxtwT4fdtljlDUh3bB6uqg_ZobTiCHGO8GbRrFE-S3bd6rdlpaqyoC4XSeHkGSymdY-gKKqxO5HThxON7GYINriTmV7CKt-gJmqu6oGdqoEJWyDb4oMm2o7W5Aj0gOJ3ingV4O1KQ_tDghhzuw-0HqZfcHReWdcbgz__BEDBq65RLsPT-00TngI6LBwTsCd5nGRdRxCrlSMe5NYsPT5jDos4QgfQoQjovR4pzDPF1qTiZmcyXlwxwaNVs4VuInI2qvk1Q3lk6WJ4BJuuhe-Pe0zUJQwYeNaMJcilQmiS1sOR1stfJY5S4AQhqJ9Hwcbfv7dWGa_5kFPbaY7ZP8XIKJKnMSXgRxVcJbRJc7LYLZRXQov9bHEuwf0yb_2XyiLgvlBTTevn3Y3Ns8aIpJMPyEW4OItN_j8qsB0Aor1C58XXB89Bskn6jVO8dPFavArm3A4YZ6cn_bwLnSq8NL17t2SzyjFt_hKcNRo5UTgapOmyB5X0LSJsl-OszR8d5-BTsAGnjT0k9VwCGtoFq8dhKFGNlFo8yvtwK9yN3W9OZWz4gELsCqkIl_-ybw1BpVvGWENBy3WmGrSMtllIij4eEghr5Eq9U%26sai%3DAMfl-YT64ur-n1AoMfOO1uQkklsCXgoBtJmrMo3F7-nTLDEr4ULrDggWcTLw1CATCvfYdw7TmF4IMGEr2PhiPIUlBzId4AZpujnGIDW5ELbpDsqszy9acpbbP28-jHfxQN7uPP7O6TH7x9PSEl2z_n5Prub_7uQrHdd6I-7VfVPiYtays-ad_2A17wmXRuiGYCI3ycVGNeCgBLYB0MQaS3oIhyIVTdgEx7az1tdE7NH_KBLygKiIAwstdD-kxFcEr1M8N2AWUKsIZIMf4U098xJ-vgZiN7PkKVl2yy8D-6-v5utLQoQDlxA%26sig%3DCg0ArKJSzOUHdJOmkFhoEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26rm_eid%3D8149908%26adurl%3Dhttps%253A%252F%252Fwww.finnair.com%252Fde-de%252Faktionsangebote%253Fdclid%253D%2525edclid!%2526utm_source%253Dprogrammatic%2526utm_medium%253Ddisplay_campaign%2526utm_campaign%253D20230119_de_tactical_jan
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://s0.2mdn.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 30 Jan 2023 08:29:42 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7918d765a8cd2c18-FRA
content-length: 0
request-context: appId=cid-v1:1d9bcaa3-5ddc-4e5d-973c-949d7ceab63e

GET
H3 200 Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js Show response
pagead2.googlesyndication.com/bg/ Frame FF58 36 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35da5c6b61db6ad2f028dc52eddbe524529ee5f74cf6b1eda074131d2b64bb61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81523
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14214
x-xss-protection: 0
last-modified: Thu, 19 Jan 2023 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 29 Jan 2024 09:50:59 GMT

GET
H2 204 ad_impression.gif
beacon.krxd.net/ Frame D8AE 0
338 B 164ms
30ms Image
text/plain 99.81.65.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/ad_impression.gif?confid=vzkbcd8um&campaignid=2914070&advertiserid=IKEA+DE+Mediacom&placementid=10254579&adid=57114325&creativeid=57114325&siteid=1734703_&rnd=32348
Requested by: Host: c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
URL: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.81.65.5 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-81-65-5.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-served-by: beacon-n009-dub-prod.krxd.net
date: Mon, 30 Jan 2023 08:29:42 GMT
cache-control: private, no-cache, no-store
x-request-time: D=34 t=1675067382
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/ImageTag:types/ Frame D8AE 85 KB
36 KB 32ms
32ms Script
text/javascript 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/ImageTag:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 863ad739bb9402363d8f11aa86e044ddfa80fd927de18b09814259f152fdf01f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:42 GMT
content-encoding: gzip
last-modified: Wed, 21 Dec 2022 11:59:41 GMT
server: nginx
x-cache-status: STALE
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Thu, 22 Dec 2022 17:23:12 GMT

GET
H3 200 rum.js Show response
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/ Frame 32BE 63 KB
23 KB 25ms
24ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230124/r20110914/rum.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6054746292d3567c660857d4e7ed6153dadda2b3d602245f4612deef4dba2bd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 04:37:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13917
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23828
x-xss-protection: 0
server: cafe
etag: 9010139400925747384
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Feb 2023 04:37:45 GMT

GET
H2 200 main.19.8.385.js Show response
static.adsafeprotected.com/ Frame D8AE 200 KB
62 KB 9ms
8ms Script
application/javascript 2600:9000:214f:4200:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.385.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/rjss/st/1322500/68733915/skeleton.js?bundleId=&ias_dspID=3&ias_campId=1010183376&ias_pubId=pub-2930805104418204&ias_chanId=1&ias_placementId=19485175112&bidurl=https://koraplus.com/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0juvhdr7GYZepFqOQnKZwEv
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:4200:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e46fa7ee227000e5803c3317aecd58d5f4fa151e367a94f24e9e814b9dad6330

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 18 Jan 2023 21:29:24 GMT
x-amz-version-id: VUpTdNSw556u8DTxBoj61VmLffpEPAG9
content-encoding: gzip
via: 1.1 a3c2566f9e36ad3cdf79fc6307fcf566.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 990019
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 18 Jan 2023 19:44:57 GMT
server: AmazonS3
etag: W/"d4db5e05b3c00fb6a3a262869af20f38"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: C_-zt4f71dUAbsmP4_ZJrorRkLFiPi0K60qd30ublDbHiq5IDOc5-w==

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame FB14 1 KB
643 B 20ms
20ms Document
text/html 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
URL: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 72032
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 29 Jan 2023 12:29:10 GMT
etag: 48472445140208031
expires: Mon, 30 Jan 2023 12:29:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame D8AE 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2e48b252ef2259d71b021df795be99f35039c0b21ece4aa0bb1fb07a534bf3d0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 p5.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 13 KB
4 KB 21ms
21ms Image
image/svg+xml 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/p5.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d044b489cee90571b34dc4af276c9a51acf12f4bc8ad08ad80e63e188009ef1

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 29 Jan 2023 13:31:58 GMT
age: 68264
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4076
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 13:31:58 GMT

GET
H3 200 b5.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 73 KB
73 KB 25ms
22ms Image
image/png 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/b5.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a1e78fb7e51d3b2d412350a14b9904c0025fe6914b1799329f198270a5597eea

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Sun, 29 Jan 2023 12:35:54 GMT
x-content-type-options: nosniff
age: 71628
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74917
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 12:35:54 GMT

GET
H3 200 p4.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 15 KB
4 KB 34ms
31ms Image
image/svg+xml 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/p4.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2113122ed13e1cb74c82ccef5b374945442aef4b4ae7051b4b8b7bbfd92c43fb

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 29 Jan 2023 13:31:58 GMT
age: 68264
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4440
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 13:31:58 GMT

GET
H3 200 b4.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 96 KB
96 KB 30ms
28ms Image
image/png 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/b4.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eead0db8ec1f452443dc79fb433a4603ea624db210b184c8fa911a4bdd6a7a91

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Sun, 29 Jan 2023 12:35:54 GMT
x-content-type-options: nosniff
age: 71628
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 98626
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 12:35:54 GMT

GET
H3 200 p3.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 10 KB
3 KB 29ms
26ms Image
image/svg+xml 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/p3.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0600e99849dbc60da5c2a9e3ee49b90635bca0f71ceecd368d0a7fe0303148b5

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 29 Jan 2023 13:31:58 GMT
age: 68264
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3324
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 13:31:58 GMT

GET
H3 200 B3.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 107 KB
107 KB 31ms
29ms Image
image/png 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/B3.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

056138259a2e55407c1676dc9df4752782ed937738ee2068894a9511064586db

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Sun, 29 Jan 2023 12:35:54 GMT
x-content-type-options: nosniff
age: 71628
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 109761
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 12:35:54 GMT

GET
H3 200 p2.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 7 KB
3 KB 32ms
30ms Image
image/svg+xml 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/p2.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac8f7efc880bf0528a9888e9709ddf74fa0eab9fe544142d04753e7643f4528c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 29 Jan 2023 13:31:58 GMT
age: 68264
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2650
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 13:31:58 GMT

GET
H3 200 b2.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 40 KB
40 KB 38ms
36ms Image
image/png 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/b2.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21a61bd1967c7020155d5599cf69a647e6081c2f314fe51e1e511537e4724437

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Sun, 29 Jan 2023 12:35:54 GMT
x-content-type-options: nosniff
age: 71628
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40559
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 12:35:54 GMT

GET
H3 200 p1.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 17 KB
5 KB 37ms
35ms Image
image/svg+xml 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/p1.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

512c2d94006347a24e2977c9b5824bcf51d06af6bda5ea5cb09ede92b79821d2

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 29 Jan 2023 13:31:58 GMT
age: 68264
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4941
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 13:31:58 GMT

GET
H3 200 b1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 47 KB
47 KB 39ms
37ms Image
image/png 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/b1.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f786db2d21a4e9accd632866a82cccd061a7f0ef558288471ba8559dd05a6fe

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Sun, 29 Jan 2023 12:35:54 GMT
x-content-type-options: nosniff
age: 71628
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48412
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 12:35:54 GMT

GET
H3 200 Key_Visual_03.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 8 KB
3 KB 34ms
32ms Image
image/svg+xml 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/Key_Visual_03.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc9162a2911d1b9508df47e9643484d4c63957933add975e7a5eb20885cd7cd1

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 29 Jan 2023 13:31:58 GMT
age: 68264
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2681
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 13:31:58 GMT

GET
H3 200 Logo_gelb_Master.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 5 KB
2 KB 36ms
34ms Image
image/svg+xml 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/Logo_gelb_Master.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0146ab3169091e5493824565b9fcbfecd8164e480bfc8c4f6d7c14bc8670028f

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 29 Jan 2023 13:31:58 GMT
age: 68264
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1974
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 13:31:58 GMT

GET
H3 200 Logo_schwarz_Master_03.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 4 KB
2 KB 36ms
34ms Image
image/svg+xml 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/Logo_schwarz_Master_03.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

776e4f1df9d2192c5ea5f749f99722a1a99946a7cd899af459dcf130592cf686

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 29 Jan 2023 13:31:58 GMT
age: 68264
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1812
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 13:31:58 GMT

GET
H3 200 Hand.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 3 KB
1 KB 33ms
31ms Image
image/svg+xml 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/Hand.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b5b2b6fc85060f59709f7d436b7fd7f2b25b9da3ffb45058a591bb5d033729e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 29 Jan 2023 13:31:58 GMT
age: 68264
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1179
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 13:31:58 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1762 0
0 57ms
57ms Image
text/html 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2023012501&jk=1104399846271448&bg=!t7SltPDNAAZSrDxfcqw7ACkAdvg8WkQK4HEirULvaNCg0PR2eVhpyS1XcnDVN8y3bn8AyCz6w1Qi_gIAAAP4UgAAAAJoAQeZArB8ah-qa5MksmJftGOlkkhQxmdXXPtaYNVZj7LGF4qZr2fOHa1zAr_HStKQ6BSbDfVSnPZh70E7kWSYGuDdLKfp0fbendTONUuqtrrv0gwzPAzs8UjieOwIKx14_8jkGjLH1NOgRr2iFsNa5DqBRnHqz9rdIE6ioj8vt6xnJUmBqbyYEPmbGFTBWX_9EEHNU0qaPE_cPlOWBKIQRBb3T9zlH7BgSnZJRy2XO3URUezwH1MGDxKz7mgBQOMytYkiKP0FV-PRrpsp7xvd83_nLUzFI0JXo8pKj6ordS_qqWiBMsjqFNEVXdQ_WT8xAqr7N9H4iYI75KtJkKFAAwQTpx9BLlVt-lggyQlE55_dZisOvZvdR350Nm-k_dyHt37SAbEHafoYAfeR4RjLVVt9jK7nkvt0hINyUx1-UKdSRHYh9Ws4D7y9TfrXWjKsVR6NdRcDq-JytLReRTOVfD6SxAaiYmbb2gKWZGtdzi7RGP3R5jU0B7Zmae7u4XYsvb8aUzSZAI6sABU3BTT2n3e9OpxidrTgc5BRKuGHqgorkiUe0nBNY1ChOGHWKd8Rbi5W9W3BqWr4g3i4QrjZUGqoIwNwtFmdwqRYACM5g05UR915QKIXII9-8PE354MEjW9bC-aTGkXCQ7n61SB6jjGOw_PiQ4X4XYGlwJyPu5xrG6jb4hMzRKd_zEp0N-TEGMg-lvZCEpoXI2x0VECvFrgbIaUSW1s7Y9Z6ClaMSeNfSjfFKmIakK7OZhbDzfYXkuM9Hqc3Uufo6OFGTmpsDJKwP27mUMTPcPJHvY-GagW204VeMqjsZA2LngO6abZ6YEedH7HzyKDe3-zYKn3itYNIfV1i3ug-PXOUZmjIUda0PYenrvHN1rihf_r4xnXmDP9cd_pE0Qn4_UPqE0DJVPF2IksJ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BA7D 0
20 B 65ms
58ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BEN159H_XY_LTHcX97_UP2fqDgAIAAAAAOAHgBAI&bg=!c3ClcDTNAAZSrDxfcqw7ACkAdvg8WlPGtz6834acqKWdyWGsn-wzpqAdzzFsNMpgVy4_bm29hS8OBAIAAANNUgAAAAJoAQcKAIYsyEgdtj4wmhj8Afo25fMstr2BeqGLQTGzJClV7rB64UXPejzccYCAYPKbTGueobm0bjCQvSS9gR4IE3sV9dd5KaeNFFTyyDEBLN9HCofdcmSZE8zcn7hD0lanTbOTDfSSZx_Gmch7Er7FCz9JgAebaCwN1WQOpqqsizBp2vfzIz4ST3egDZkC9Z_TOr1K56EkLrDDX61d6mMmkYaaD50MHRAGZwgxv7smXC-6gUhCbF9JUs0PtXc7TgFIsk1JYbQZ4jfEoNQvGDOilEfnmtM-CalIu9jxaSj2ZBUpo8CAN3w0GYj1mbr0bgoxX_pPz73LAow_RXoJBiz0W42RTiOuc7kIWYR9TQKBCJu4yoKrRI_nvs-InHHNSKJVGrlCv-4NoFo1vLU4_e7lDAKCUwSg4SMmBo55RCPBxM_eS2kEnaB4EAmnjdv38tvWmt8ME55Qhaa0qzwaFv-tArNOOQR5Dv2RLYN9DXlMolrNQZcl5iL8jMQf8BxVoq60wxy-KAleV5mquBJkew9Utg0fSwiLPslqVTv8XHvN4k9nFpnLFji618aApQu_f08wCqkZbN1kO_n8xgvADGTHqPxxF65DZ83WMCIHB39fbe1QDbwGrdy2xxvOKXaGa_bMGIyeximKsJQKNGCRVPcy2eTHk4iYq89ndPW7ZH9R4wIJILn2aObMfNT3LYBJPM1quMZhvp0PQbMwC6pwhxNwyqutPpI3_uus3ByNVNecY5XTN7ytRwIL2vbfd-cTiA6u5GNLXOxwuLLSIx9-NqYD4dWChiR2Fj6mckhz_fqHcE6EdkSaZCtyqyLUjiUKKc222jyDRaeOAEAUjAXWxRCsanAa-3BFaneUyf0762b34l-2SgTV9m_DcuRVe_EPdYx8DptsJqghyUACs0xe_p6EL17vEJAB9yDXZZS9CKvLnILwxj2hN1OAGB7G2LS5PCumuJjGErgRwFSISKNZ5G7QuRLrHVIsMCny6XlYVM7-T8oym9tpk2p1DqqG6nbTR1guCQOZvtZRofMbPaHpnLGMGF6pm1rCjevI5IWAv_bnbnjQQ2loZsr4k77j1p6VpKbAv4omRQzcwk8koxbioZAvjzn5VTHZne6jABOlmmi4YpAdqva720G-1X-BVgwsLSdUElFpF3kpJSwY0ofOIWgpDwkzK-V0XD27j3YC6D060t08yR0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js Show response
pagead2.googlesyndication.com/bg/ Frame DC5F 36 KB
14 KB 20ms
19ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ndpca2HbatLwKNxS7dvlJFKe5fdM9rHtoHQTHStku2E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35da5c6b61db6ad2f028dc52eddbe524529ee5f74cf6b1eda074131d2b64bb61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 09:50:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81523
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14214
x-xss-protection: 0
last-modified: Thu, 19 Jan 2023 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 29 Jan 2024 09:50:59 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 843D 0
17 B 115ms
115ms Ping
image/gif 2607:f8b0:4009:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~ldijvcju&chm=1&c=1101900434958132&ctx=2&qqid=CNzW4qHw7vwCFQH4UQod-OYIdw&met.4=fb.3t~cmrload.78~lb.nu~ol.xw~idt.3o~dt.-aq&met.3=733.s1~748.sb~749.sc~742.s1_e~736.t6~735.ws_2~740.x4_1~739.x4~738.xw~113.159_4~112.159_5&met.1=1.ldijvbem~6.0~7.0~8.0~9.0~10.0~12.1~13.8~14.9~15.v~16.x4~17.x4~18.x4~19.xv~20.xv~21.xw~22.s2~23.s2&met.7=CBsQCBgBMAk4xAloAXAIeIkXgAHdFIgBkjCwAQG4AQM~CB8QBRgBIJcBKJcBMNgBOEFomAFwrwF4p4EHgAH7_gaIAdHbdrABAbgBAw~CCEQBBgBIJkBKJkBMNABODc~CCgQBRgBIJoBKJoBMLMBOBlonwFwswF4vQOAAZEBiAGPAbABAbgBAw~CB4QChgBIJoBKJoBMNsBOEFonwFw2gF4gAyAAdQJiAGBFbABAbgBAw~CBwQBRgBIJsBKJsBMIQCOGk~CBwQChgBIJsBKJsBMNsBOEBonwFw2QF4jz2AAeM6iAHSjQGwAQG4AQM~CBsQBhgBINoGKNoGMOsGOBE~CCoQChgBINoGKNoGMKQHOEk~CCgQChgBII0KKI0KMJcKOApojgpwlQp4wLwBgAGUugGIAeD3A7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:81a::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 32BE 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/gif

POST
H2 200 /
track.adform.net/csimpr/ Frame D8AE 35 B
503 B 23ms
22ms Ping
image/gif 37.157.4.40
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=60989391&csi=UT3pM5BSmOIzd14JVGLWTIax0jUDWgxh_7QC0pwEIRfrygPkIxxfk_6kpW1UQPAi5K2YBsk7cUiufObyFfWUed6vWmW1dlSa0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.40 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 57114325.gif
s1.adform.net/Banners/57114325/ Frame D8AE 123 KB
124 KB 27ms
26ms Image
image/gif 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/57114325/57114325.gif?bv=1
Requested by: Host: c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
URL: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 0e65a9c25af4e241f6e304673b15e3d20053681a6010566da4e10950e360c2ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:42 GMT
last-modified: Fri, 20 Jan 2023 16:31:10 GMT
server: nginx
x-amz-request-id: tx000005d894245c69860c6-0063d45836-3294894a-default
etag: "78311883b1daf567da6c67d4a8de700a"
x-cache-status: STALE
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 126341

GET
H3 200 p3.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 10 KB
3 KB 21ms
20ms Image
image/svg+xml 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/p3.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0600e99849dbc60da5c2a9e3ee49b90635bca0f71ceecd368d0a7fe0303148b5

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 29 Jan 2023 13:31:58 GMT
age: 68264
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3324
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 13:31:58 GMT

GET
H3 200 b5.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 73 KB
73 KB 22ms
21ms Image
image/png 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/b5.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a1e78fb7e51d3b2d412350a14b9904c0025fe6914b1799329f198270a5597eea

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Sun, 29 Jan 2023 12:35:54 GMT
x-content-type-options: nosniff
age: 71628
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74917
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 12:35:54 GMT

GET
H3 200 p5.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 13 KB
4 KB 23ms
23ms Image
image/svg+xml 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/p5.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d044b489cee90571b34dc4af276c9a51acf12f4bc8ad08ad80e63e188009ef1

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 29 Jan 2023 13:31:58 GMT
age: 68264
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4076
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 13:31:58 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 76AD 0
12 B 22ms
21ms Image
text/plain 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?jT53sw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:43 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 Logo_schwarz_Master_03.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 4 KB
2 KB 23ms
23ms Image
image/svg+xml 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/Logo_schwarz_Master_03.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

776e4f1df9d2192c5ea5f749f99722a1a99946a7cd899af459dcf130592cf686

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 29 Jan 2023 13:31:58 GMT
age: 68265
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1812
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 13:31:58 GMT

GET
H3 200 Logo_gelb_Master.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 5 KB
2 KB 24ms
22ms Image
image/svg+xml 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/Logo_gelb_Master.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0146ab3169091e5493824565b9fcbfecd8164e480bfc8c4f6d7c14bc8670028f

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 29 Jan 2023 13:31:58 GMT
age: 68265
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1974
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 13:31:58 GMT

GET
H3 200 Key_Visual_03.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 8 KB
3 KB 25ms
23ms Image
image/svg+xml 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/Key_Visual_03.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc9162a2911d1b9508df47e9643484d4c63957933add975e7a5eb20885cd7cd1

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 29 Jan 2023 13:31:58 GMT
age: 68265
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2681
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 13:31:58 GMT

GET
H3 200 b1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 47 KB
47 KB 25ms
24ms Image
image/png 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/b1.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f786db2d21a4e9accd632866a82cccd061a7f0ef558288471ba8559dd05a6fe

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Sun, 29 Jan 2023 12:35:54 GMT
x-content-type-options: nosniff
age: 71629
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48412
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 12:35:54 GMT

GET
H3 200 p1.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 17 KB
5 KB 27ms
25ms Image
image/svg+xml 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/p1.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

512c2d94006347a24e2977c9b5824bcf51d06af6bda5ea5cb09ede92b79821d2

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 29 Jan 2023 13:31:58 GMT
age: 68265
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4941
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 13:31:58 GMT

GET
H3 200 b2.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 40 KB
40 KB 27ms
26ms Image
image/png 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/b2.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21a61bd1967c7020155d5599cf69a647e6081c2f314fe51e1e511537e4724437

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Sun, 29 Jan 2023 12:35:54 GMT
x-content-type-options: nosniff
age: 71629
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40559
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 12:35:54 GMT

GET
H3 200 p2.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 7 KB
3 KB 28ms
27ms Image
image/svg+xml 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/p2.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac8f7efc880bf0528a9888e9709ddf74fa0eab9fe544142d04753e7643f4528c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 29 Jan 2023 13:31:58 GMT
age: 68265
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2650
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 13:31:58 GMT

GET
H3 200 B3.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 107 KB
107 KB 29ms
27ms Image
image/png 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/B3.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

056138259a2e55407c1676dc9df4752782ed937738ee2068894a9511064586db

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Sun, 29 Jan 2023 12:35:54 GMT
x-content-type-options: nosniff
age: 71629
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 109761
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 12:35:54 GMT

GET
H3 200 b4.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 96 KB
96 KB 29ms
28ms Image
image/png 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/b4.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eead0db8ec1f452443dc79fb433a4603ea624db210b184c8fa911a4bdd6a7a91

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Sun, 29 Jan 2023 12:35:54 GMT
x-content-type-options: nosniff
age: 71629
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 98626
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 12:35:54 GMT

GET
H3 200 p4.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/ Frame 32BE 15 KB
4 KB 30ms
28ms Image
image/svg+xml 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9419780827614543872/Netto_GDA_SdW_KW05_R/p4.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2113122ed13e1cb74c82ccef5b374945442aef4b4ae7051b4b8b7bbfd92c43fb

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 29 Jan 2023 13:31:58 GMT
age: 68265
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4440
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 08:46:46 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 13:31:58 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FB14
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESENpDd25SS_IZ04dKfo-__8o&google_cver=1&google_push=Aa02lx941PBqY-zapGISr9vSY3NEfuZqKJjua2-tPHWOWRBEGMtBEyeum8...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=Aa02lx941PBqY-zapGISr9vSY3NEfuZqKJjua2-tPHWOWRBEGMtBEyeum8hN-MPFXdrAtLupRvdW7ETXHglQgrjp1dIYqBI7TRMD&google_hm=pffcBIHCq_4s...

170 B
188 B

20ms
20ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=Aa02lx941PBqY-zapGISr9vSY3NEfuZqKJjua2-tPHWOWRBEGMtBEyeum8hN-MPFXdrAtLupRvdW7ETXHglQgrjp1dIYqBI7TRMD&google_hm=pffcBIHCq_4sugoMAy6QhA

Requested by

Host: c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
URL: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=Aa02lx941PBqY-zapGISr9vSY3NEfuZqKJjua2-tPHWOWRBEGMtBEyeum8hN-MPFXdrAtLupRvdW7ETXHglQgrjp1dIYqBI7TRMD&google_hm=pffcBIHCq_4sugoMAy6QhA
pragma: no-cache
date: Mon, 30 Jan 2023 08:29:43 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
strict-transport-security: max-age=86400
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3 200 i.match
a.tribalfusion.com/ Frame FB14 43 B
578 B 175ms
173ms Image
image/gif 2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b6&u=CAESEO35KmfsCo78G1gNAAAkWKk&google_cver=1&google_push=Aa02lx_K3dL9FVUfSnqpePhqAxnsR4adIBN7XKgD65XTXNvYcwZxduGguV8CE34yerPHSIE8TZP8S1k2OjisVpr8mhygfSjt110Y2g&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAa02lx_K3dL9FVUfSnqpePhqAxnsR4adIBN7XKgD65XTXNvYcwZxduGguV8CE34yerPHSIE8TZP8S1k2OjisVpr8mhygfSjt110Y2g%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
URL: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:43 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7918d767d9c39b1b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FB14
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEG8RJRXV3sC0v3V6FX4qIvM&google_cver=1&google_push=Aa02lx-HNOWnNgFEjTxXjJGZ8J_IJPZpFSpSPqUUCj-vemOj4CG_uOHoN4fQ1WGDrjcaNpJITRMp2aQ4WT_y1ZGW...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=aVUBxnXVSTGWlS4btHnjmw2&google_push=Aa02lx-HNOWnNgFEjTxXjJGZ8J_IJPZpFSpSPqUUCj-vemOj4CG_uOHoN4fQ1WGDrjcaNpJITRMp2aQ4WT_y1ZGWwZdrFVzFnQJt

170 B
188 B

20ms
19ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=aVUBxnXVSTGWlS4btHnjmw2&google_push=Aa02lx-HNOWnNgFEjTxXjJGZ8J_IJPZpFSpSPqUUCj-vemOj4CG_uOHoN4fQ1WGDrjcaNpJITRMp2aQ4WT_y1ZGWwZdrFVzFnQJt

Requested by

Host: c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
URL: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 30 Jan 2023 08:29:43 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=aVUBxnXVSTGWlS4btHnjmw2&google_push=Aa02lx-HNOWnNgFEjTxXjJGZ8J_IJPZpFSpSPqUUCj-vemOj4CG_uOHoN4fQ1WGDrjcaNpJITRMp2aQ4WT_y1ZGWwZdrFVzFnQJt
x-host: tde-deliveryengine-production-fb497649f-s2lxl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 dds
rtb.openx.net/sync/ Frame FB14 43 B
64 B 21ms
19ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEI4XsAN7iAqv7DI2wLqByew&google_cver=1&google_push=Aa02lx8UFWH1nMgHDrFwgpLatl8QLhcKHgDJ24s-R9_yc5BEb2hC2HD-XT17Rrk_E8N7F3oiskQXOhu_rt4dl2Zk9iDbBP9rNtW2Ow
Requested by: Host: c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
URL: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:42 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: t6af4s720u5u902mprvqftmieh25sv37

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FB14
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEB37EHFRQSTJna5vLbhIDWk&google_cver=1&google_push=Aa02lx871J-6MhDK0fGtXwPYHGRPGZZv7MndB1y5rXlZiZpHVtoqJQmCWOsJ-SqxKBGYMg4dZ6dNg81CbAUniyzqG...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aa02lx871J-6MhDK0fGtXwPYHGRPGZZv7MndB1y5rXlZiZpHVtoqJQmCWOsJ-SqxKBGYMg4dZ6dNg81CbAUniyzqGsIrmLIwCF1a&google_hm=GEmduGZH_amFSaP9TSesYax6

170 B
188 B

19ms
19ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aa02lx871J-6MhDK0fGtXwPYHGRPGZZv7MndB1y5rXlZiZpHVtoqJQmCWOsJ-SqxKBGYMg4dZ6dNg81CbAUniyzqGsIrmLIwCF1a&google_hm=GEmduGZH_amFSaP9TSesYax6

Requested by

Host: c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
URL: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 30 Jan 2023 08:29:43 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aa02lx871J-6MhDK0fGtXwPYHGRPGZZv7MndB1y5rXlZiZpHVtoqJQmCWOsJ-SqxKBGYMg4dZ6dNg81CbAUniyzqGsIrmLIwCF1a&google_hm=GEmduGZH_amFSaP9TSesYax6
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap6ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H2

200

/
onetag-sys.com/match/ Frame FB14
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEMb7H18PwT7qAEQA44g42YM&google_cver=1&google_push=Aa02lx-XN0NF90nmh0UIVqRl4vrZjB-FWCwTZqYKf-RFoYkQLyApZolnxEhhlRvPMDLZHb4-r-8g5ELnl9C...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx-XN0NF90nmh0UIVqRl4vrZjB-FWCwTZqYKf-RFoYkQLyApZolnxEhhlRvPMDLZHb4-r-8g5ELnl9CLiP-hAjq5xX6Xkzulde8
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

9ms
8ms

Image
text/plain

51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Protocol

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:43 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame FB14 0
12 B 20ms
19ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JskoAffcxsIwurptKvkAu587P2F5pUSWwGoboLRANGv2ivfL47WcMIRC8A6_uOSdw

Requested by

Host: c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
URL: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:29:43 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3 204 csi
csi.gstatic.com/ Frame 32BE 0
17 B 116ms
116ms Ping
image/gif 2607:f8b0:4009:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~ldijvcnl&c=1101900434958132&ctx=3&qqid=CNzW4qHw7vwCFQH4UQod-OYIdw&met.7=CB8QCBgBKAEwQTisCGgCcBh4p4EHgAH7_gaIAdHbdrABAbgBAw~CBIQBxgBIKUBKKUBMNEBOCxopgFw0AF4_QaAAdEEiAGwH6oBFAoSUm9ib3RvOjUwMCxyZWd1bGFysAEBuAED~CBwQChgBIJ0EKJ0EMLIEOBVongRwsgR4yC6AAZwsiAH0gQGwAQG4AQM~CBwQChgBIKIEKKIEMLcEOBVoowRwtwR4l2iAAetliAHujgKwAQG4AQM~CB8QAhgBIIEHKIEHMMoHOEpQgQdYqgdggQdoqgdwvwd409EBgAGnzwGIAYyoA7ABAbgBAw~CBgQChgBINsJKNsJMPUJOBpo2wlw9Al4wLwBgAGUugGIAeD3A7ABAbgBAw~CB8QBhgBIJAKKJAKMKYKOBZokApwpQp4mCKAAewfiAG9ZLABAbgBAw~CB8QBhgBIJAKKJAKMMkKODlokwpwqQp40csEgAGlyQSIAaXJBLABAbgBAw~CB8QBhgBIJAKKJAKMNMKOENokwpwrwp47oQGgAHCggaIAcKCBrABAbgBAw~CB8QBhgBIJAKKJAKMLgKOChokwpwsgp4hCWAAdgiiAGZd7ABAbgBAw~CB8QBhgBIJAKKJAKMLAKOB9okwpwrQp4qByAAfwZiAHPULABAbgBAw~CB8QBhgBIJAKKJAKMNUKOEVokwpwsAp47dsGgAHB2QaIAcHZBrABAbgBAw~CB8QBhgBIJEKKJEKMLgKOCdokwpwsQp4hheAAdoUiAG_O7ABAbgBAw~CB8QBhgBIJEKKJEKMNAKOEBokwpwtwp4m78CgAHvvAKIAe-8ArABAbgBAw~CB8QBhgBIJEKKJEKMLkKOChokwpwtgp4-SiAAc0miAGLhAGwAQG4AQM~CB8QBhgBIJEKKJEKMNEKOEBokwpwuAp4yPwCgAGc-gKIAZz6ArABAbgBAw~CB8QBhgBIJEKKJEKMLgKOCdolApwtAp4pReAAfkUiAGoPLABAbgBAw~CB8QBhgBIJEKKJEKMLkKOCdolApwtQp44hGAAbYPiAGjJLABAbgBAw~CB8QBhgBIJEKKJEKMLkKOCdolApwtgp4wBCAAZQOiAHiIbABAbgBAw~CB8QBhgBIJIKKJIKMLgKOCZolApwswp4xwuAAZsJiAHtFbABAbgBAw&met.9=12.ldijvcnz
Requested by: Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20230124/r20110914/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:81a::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:43 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame D8AE
Redirect Chain

https://pixel.adsafeprotected.com/rfw/st/1322500/68733915/skeleton.js?bundleId=&ias_dspID=3&ias_campId=1010183376&ias_pubId=pub-2930805104418204&ias_chanId=1&ias_placementId=19485175112&bidurl=http...
https://static.adsafeprotected.com/skeleton.js?bundleId=

17 B
465 B

8ms
8ms

Script
application/javascript

2600:9000:214f:4200:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js?bundleId=
Protocol: H2
Server: 2600:9000:214f:4200:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 01 Jul 2022 02:01:00 GMT
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via: 1.1 a3c2566f9e36ad3cdf79fc6307fcf566.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 18426524
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: mu1T7NuHDyJnoPDkGK2F3AQzGySrGIlH0ThGR7AbQ0C6CDOmr-N-8g==

Redirect headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:43 GMT
server: nginx
x-server-name: app02.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js?bundleId=
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 8265 91 KB
23 KB 9ms
8ms Script
application/javascript 2600:9000:214f:4200:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
URL: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:4200:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 a3c2566f9e36ad3cdf79fc6307fcf566.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 11292807
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: Hb9mbj6ussARwtqOWO5oodC6g3hrJZb1Ev1FHQGhsp9Yb0gWZUv0Vw==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame D8AE 43 B
215 B 92ms
91ms Image
image/gif 2600:1f18:1aca:4280:ecee:c915:72bb:546
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1322500&asId=30920b62-509b-7fa7-4a02-d9128f290ee9&tv=%7Bc:2LDz6V,pingTime:-3,time:430,type:v,clog:%5B%7Bpiv:-1,vs:n,r:,w:300,h:250,t:358%7D,%7Bpiv:0,vs:o,r:l,t:429%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:430,n:429,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:358,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B85~1,0~0%5D,as:%5B85~300.250%5D%7D%7D,%7Bsl:o,t:429,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B1~0%5D,as:%5B1~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tupu1Zp+11%7C121%7C13%7C141%7C1421%7C1422%7C1423%7C1424%7C143%7C1511%7C1512%7C1513%7C1514%7C161%7C1621%7C162211%7C1623%7C16241%7C163%7C164%7C1711%7C17121%7C17122%7C1713%7C181%7C18211%7C1821211%7C18213%7C182141%7C183%7C184%7C19%7C1a1%7C1b1%7C1b2*.1322500-68733915%7C1b21%7C1b221%7C1b23%7C1b31%7C1b4%7C1c1%7C1c2%7C1c3,idMap:1b2*,rmeas:1,rend:1,renddet:IMG.qs,siq:359%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:ecee:c915:72bb:546 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:43 GMT
server: nginx
x-server-name: dt11.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame D8AE 43 B
215 B 91ms
91ms Image
image/gif 2600:1f18:1aca:4280:ecee:c915:72bb:546
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1322500&asId=30920b62-509b-7fa7-4a02-d9128f290ee9&tv=%7Bc:2LDz6W,pingTime:-6,time:431,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:431,n:429,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:358,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B85~1,0~0%5D,as:%5B85~300.250%5D%7D%7D,%7Bsl:o,t:429,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B2~0%5D,as:%5B2~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tupu1Zp+11%7C121%7C13%7C141%7C1421%7C1422%7C1423%7C1424%7C143%7C1511%7C1512%7C1513%7C1514%7C161%7C1621%7C162211%7C1623%7C16241%7C163%7C164%7C1711%7C17121%7C17122%7C1713%7C181%7C18211%7C1821211%7C18213%7C182141%7C183%7C184%7C19%7C1a1%7C1b1%7C1b2*.1322500-68733915%7C1b21%7C1b221%7C1b23%7C1b31%7C1b4%7C1c1%7C1c2%7C1c3,idMap:1b2*,rmeas:1,rend:1,renddet:IMG.qs,siq:359%7D&tpiLookup=ao:koraplus.com*%2Ckoraplus.com*&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:ecee:c915:72bb:546 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:43 GMT
server: nginx
x-server-name: dt15.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame D8AE 43 B
215 B 92ms
92ms Image
image/gif 2600:1f18:1aca:4280:ecee:c915:72bb:546
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1322500&asId=30920b62-509b-7fa7-4a02-d9128f290ee9&tv=%7Bc:2LDz7q,pingTime:-2,time:461,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:1697,beZ:1698,mfA:2039,cmA:2040,inA:2040,inZ:2043,prA:2043,prZ:2051,si:2056,poA:2057,poZ:2069,cmZ:2069,mfZ:2069,loA:2128,loZ:2130,ltA:2158,ltZ:2158,mdA:1699,mdZ:1711%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.254,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:,w:300,h:250,t:358%7D,%7Bpiv:0,vs:o,r:l,t:429%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:461,n:429,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:358,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B85~1,0~0%5D,as:%5B85~300.250%5D%7D%7D,%7Bsl:o,t:429,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B33~0%5D,as:%5B33~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tupu1mj+11%7C121%7C13%7C141%7C1421%7C1422%7C1423%7C1424%7C143%7C151.1319389-68771741%7C1511%7C1512%7C1513%7C1514%7C161%7C1621%7C162211%7C1623%7C16241%7C163%7C164%7C1711%7C17121%7C17122%7C1713%7C181%7C18211%7C1821211%7C18213%7C182141%7C183%7C184%7C19%7C1a1%7C1b1%7C1b2*.1322500-68733915%7C1b21%7C1b221%7C1b23%7C1b31%7C1b4%7C1c1%7C1c2%7C1c3,idMap:1b2*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:1,renddet:IMG.qs,siq:359,sinceFw:101,readyFired:true%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:ecee:c915:72bb:546 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:43 GMT
server: nginx
x-server-name: dt04.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 29B6 0
0 56ms
56ms Image
text/html 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2023012501&jk=1091092376693124&bg=!gYKlgsbNAAZSrDxfcqw7ACkAdvg8Wm8jGdoMg_pAcUmZu7Q2gBl34u9url2CBfKl4v_j8uzc945GXQIAAANSUgAAAAJoAQeZArg24rsjnUOcvvz-BXNsQmewik8blzMLGGsFuW0T-uIJfqHS4nXcgMW11B1uZ-QdVe6Dsmwvgvglns6zqjqce0E6FNYmyERorCmZM0S1ZFb91zbWMy9vwaWdk8bCubs7pXFMdVoKPWmq7GSGm6Q-R0lzmzDP3B1EV5WyIrALVop_J__yYRvlxm_9JBKhP9JAqQmtSOrR9WveD-4WRQzY5keEMionAO8CavyBN9CVsE_0nBxCb2a8IBuDzOAxSFnRj6f0kTimbNu9r0rg4xpW4bCJ8yEiZGVhq_49DZivQJxClV9dq441-1FDdGk5IBN2sF7BFyJj9JER5dVZvJBi2bXAF8kCwaF4YbZSlsd8knqiurfM9NsTnMI3QjBpwyxtqTe6uLfEKO4dqbCVllXGirzfmKnKTm-x0JAMzfwLRBdLr0YeMUjUkhfa8hCuUH3RO99KFXskoNLYSNVAt5lFGPT2LmwYQJZzGMW1a_wWikwPHMgZNcgABRjYocx6BgpDITpz2TCzilCVO5Bz5OuzAbVuhMkerI5-hyDE-CL5ARheFGTOq-8MqzY1Z5erO8JPrIdC5A4xYc-D7w72tv38v6VoJ5uwejlnksf5O7LEHVhdSM4KZZTTivYRQ-W6ua79HTubgoOL3pKbnsP3UdSC-BHV3mha_xA-jCqrEaWq6grpQ-d8ij_tTDxaVI2Q0I7eF4Biywa4Q8vdue3YcKYQ9qeUlA8R34Eqc4LWBZ7xxW89F82TL-DpXJm-wsfH7lD5WHIQzxJdr9UhMsT3xNc36LntOra_eJITpI8FVeW0nndhM0JtdmNCHLoRDH0C6ICb5PFL6QY-Eap6eCgpAVm6FX-8AH0z25TCv1jmvIRE5CL1JFl4AuwNF4rwOQe81Q_H78Wnllw6F3KGZfzeWdVKohxRGWKWQbow9Oc
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 666C 0
20 B 58ms
58ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bu_AN9X_XY8SvBJOhx_APiIqQcAAAAAA4AeAEAg&bg=!r6ylrOjNAAZSrDxfcqw7ACkAdvg8WgCM4H86UwSmm5cH99JYOPnvzQIjYIgbRG3Mtt4bsBDACJmGEQIAAAJsUgAAAAJoAQcKAFL7I7VRE2Qmd2ZwMDSZ4cE9Z9PqJqtNnrVR2ZiY464WdpXSpvJapeiG9bhcNboK8UiusMxoOIsxUk6b6cWRCeUBzGSrmtX80WG3x2sqjQsvtN2gmQNHpAHs7_isAHeTD96bIFmei6GgeNgIDK-y_DYXQBpnFnbLi7Cf2QfP2tCWKeh9eWAEDhMqfjLifrqdZoWvY_kfKzG-dtfgibA9u0_88bsAquCuoIo9N5ZmXTm4J5hQT6ZGo3O0buBXXADgOYo_P0hb2ulClSCmdxTI7yDWo8ijJH8TUw-xP_IWxcNXzIQkVpDlzSBAhcJw5QAw_R54H5mlAGA-_deGpx1FMUtSjco4UPXehwYEZtGMffZiZnQP9y1GoibZXILhDg5CjxA-67Kk_lDhdOz73bYiim-b4NqQoJc21-v6DZbxBB8SpF3iXVt92bYU6zCTrfY2camTF0Z0pzzH4myKi3Zm3FWgaIkWTqt2tGH9pme86t5sjsS-jN7S0xXbduYskWQTOgSMyqkm4UTPp0yVh5DqssNj6Gkv45YNJS8sOGq3tglEr9jiRlGrT36Lfg-nQBqppvpbbQdRlzKfVt6-T5gyCyNtH4jpJw3XfSUmJWsCkZmAJ8yuLgeBznh72lnBIpdtuST01KYGTI45mSP_L9fxpock6D-0Qqo9zO--Nx5G7j1Aajkd4DTH5ioToflkf5r2yI1rncdVT-9G5v6j3sf6XvKlzrhezLJ6pbWu_Wpx-6sgEcTx8g4vQbpfzJJBK6OI0lI8fXCaQ0km_wN8V6dAouS_G7kaHpglYDep75u2qDI1R5Qxg04t7CWfCD5wZWitiEzZVTBTvxNSGXsYan-Iidr_qGxUJwAmqLGuk4OLRACslr_b87XV5P6PdxYRb1V2SzSr0y9Q8m2aFAPRMiq9HfpAllx1ZWYr4wdlVFlX83Sm-f85ejth0BB9MyVaucghof9oHPMvcYfG7appMIoiDZOsFp8ndrQJ_5y9ReOu5XZ-zrryIxyod-Tt4J79nUkFCoaB7zVtOfUbN3_JhzsJq99XUBIVNI86JXqXJI7WSpAgWiCmDTQTW-WTsv3e-Fyhw70KRM1JKT_V8fQZ5KCus9CjU9bN6u_Kg0fLvox7R8ESDHXUiU-Nb4u6CJEiAym76SWoWzbhEfGrfHuNv2OPZvebffGA4ZRrPMY4i6T1r0km5KRGZrpnPv5TMuYVjtFO58V2MmsPfgfr7MRZi5w

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1E15 0
20 B 58ms
58ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B1Tly9X_XY7yKBsfB-gb057i4AgAAAAA4AeAEAg&bg=!d3SldDDNAAZSrDxfcqw7ACkAdvg8WuODeTS5Lt4F53FTsHwGPj4Xk6WQW3WCT-unrJp7XW_eQUjKtQIAAAIkUgAAAANoAQeZAvp2Ftid-3-CiOb_4MK4KtmruxSp05dLwdfhsyutctK7DVlYVowT9LcpV-NkGVKqvHC3YYUvd5z3iDvqc2wNhGfRB22mSrBkwS05KmXNGJevBzp2AM-2F_P416dxx1LzApmxIqAFygV_mcad8l-IR5_p1mh3Rkwb8w5IljRoj27r84VNUSE2Cqvbf7G4E-wAmVszglS7J2ySwp42QOLNYFqm3Ky6ztpDvuvCe_iV09g2jATyEI8lQogZRjCUeAUShIjOgM_aPolT__H5QdQd56uGpZNjn_C8MOPPLBgyzNuHANQiOipXfqdaSqIfLSO08iIuuJg5fNXpqeGGIPNGd88Fa9DhDxf8ygsoV3ye4kP_Dn21te5tFgCEQO7bTCfg18__XNsI2nq6xmLLPD-ZEnye0jKil3I3Cfmq1xRKJFbNeuif6Hg5xdUldUgWawnkpfFDvG1GbnJ_LfyxgsWd_heeODCNqMI00e20S1AtaBC1yKWduGpI6CuABcayWT4PkCPzpjDPJApzl7OEa5auHIj-C0NT_ta4s38Vja8NBhu3IYsXbSNhAo5KPqlxMCdV2OLVCGU-3lZ5umNXy4qDH6dzGbC7uAZg3JMmmHklYTjm8Vmlh_4JYXJ1Brpm_n2h8MewXXU2-FOkAzdUSHtvX8HEN--8QOAbezwmRj87rztMqcT2TjabN5r-8Jg_44qkzRFStVzMi9NlYQrIguB6jxFMQlKZQ32mL3uB-ssjKid35YAXNt9TeyjwAX6mnl1Q7dAw_KVKJtEJElvXy-hqlg53QdBeHAbQL0D6TqR5ozIe_DqWjXTtJVNnJkWlKFAWj10KjsGSYNX8p9F-nZeW46Gd8r2oHOomWPS5lKNZ-LOcNWj4cVU_ZBBPxR6F22D4COyay5kvpZzjvDaFDR2TbcrahoUNzl8GbcV6wHww9gAKY9cOythhYIgz5_sK1pFUBt7Yp-Yc8ecEh9AE-t7bar2StEAywpXry7xJuFX-m3uzeeClD3TgbKMTfjU

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8426 0
20 B 52ms
51ms Ping
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5315136651076&version=m202209210101&ct=76&x=1&cor=1309542659004332500

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F260 0
0 56ms
56ms Image
text/html 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2023011901&jk=4363826726186569&bg=!5eal5qLNAAZSrDxfcqw7ACkAdvg8Wjd4yk5X-T70-fIpJ3u5yurEFAeJ0l8rcjHhSMV8XnSv78C7LAIAAAJyUgAAAANoAQeZAqzIrKxEWYvRPgovxSi3li4Cny6qPmMCrFsgrl3yFuql5FoAAOg_6fCVn4GfPE_k4Mf9sZzbmHX1aNA8KYtzRlhkSj0r1daSb_MLXIid94PziF1xuVCBl6phek69XXoXrw2SDxxAjPbCSXp8kUj4rak-wP4N7hf38z7D1PKzahSkcHWArsIbKp8JeerHl1ron6IAVfoOt7-5PGYMbMW1qic8VryoRGIpeeHhi375-ShuiDl_rPn2mYSNVoAP0RpBzIMjls2T0f3zK3rCtqIKDDElHga5-HJ8fSHqVisoXrcnS4fWo3tn7hh4PXuBx4oTxuDsVkmINQ9zPUAga52qfDp4q2X9uPGQbDu_7YLOGiZW3OKyxTWRXhoPfqu4sNKRMMVGQ9Y06nG8j6YCOU0nPCskrYe_bojlwsMGjNcL30zwu7MGQkjkYfZZjkeBWeqIhu3c_o89b5YhSY3aWYq54eNXzIw1U4Q5H7GmZY47UMy2tSvfozWeGcngz1P3Xd_-kZYVHWAAZ5PBXnj5aVmvFZXBdBsB4YFsL7KAmIuNH05URiQx9_TELUS1T6Eu-ngEjXQDBGffp_o7ukhbYGdTZipVexJelCc-DRawP-_NgE-eBxvuginI1CuNbySuKalm86Y69wFHBIWBGl3Ed6F78mGfq-46cVQBT0if-UtDXSxyW63WhxoZmoIWZYTIgszK28_0l4guq1jg07nOxfBd-YaFusgeC-VLQiRgQXjtce6CpU9gFF33004iYxHuhYRQvG7xlauHjDk0tYaSE4UGZOkD5A-qbSy7HYrXz7m8lVC2Ewj1AQ4-2jzm_PVFtnKBGHbl2pSLV1nqJfv3dh7lg5XfkCWdWQEJwKJLM6GTq4uLU-SY1vhXPhL_nHUqkaVhH4tntOZGNbIvgKAW_JU
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 29BB 0
20 B 56ms
55ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BreyV9X_XY_fxKcO-9u8P_pmvoAEAAAAAOAHgBAI&bg=!JSalJmLNAAZSrDxfcqw7ACkAdvg8WtgvKNb-0Qq9Y4e9B9BkOiX3IWjeck-bsMZqHCKbckb_kJQp-gIAAAHmUgAAAANoAQeZAwXlV--k88RMcTnSAfz_haw9w_YH6PJEt36wMhxEvm09HfmafxR9xDF9DhT5_tZLMY3WJTjbkYZC4QxpCFnvY5exLy5ajShZFJC1QsxQKBwqj8SRG72E9M-rhSagcnAjwLDcaT-OSs_IpjKTZ44XhLo2ROWq1wIcgVAXD32e4zc0j6vtvCJ289pG323MyQc2fDEQB66wt4hZ9xvL-xDUax-ijGWUAD4goZDdKdAdfii2LJJGdj4uhHYjpRP_6u-MiqgsnQB1MFmEyMuLiRNrrOLk7X6Ia6Jd0hr2vrisCKTzeuEeahca6Eqtu1TnwAT8CXFRHX9e9-9BtxkKfY4RCYZGHzUPd8K9Y5YDzTnp4-MOYRoSdmFpkSu3zIE6QqZSTJ5AwVRT5r15bFC632vfyttjH4GWicPF8Q4SVG5TuwigUN_14zl0xzHFL7xgZcrpimS-_1W_s6ARsLsiDcplkTLHFUR17e5O9wJlJY7qDsn9puQZ1vWK61DMQW0tKU9FZ1EdXivhcd90s-LAHPv9QzX1QApUdLJTb4GGiGPErWoIcIW06RR0upFhc3_6vsIZdxdVdK8XdFWoOHzm4BwHKmNK9Cg7LVQImeX40jBmfvaxBiPY5sWFGLfsMMasvWcgC156K07aMSr68_HTLeTLzJWCSD46HYB3-ou-3qiE6lFbGbSd7h4PMWeo3afbi-MdRwvrAGjJfKJhsFAGMmNhPA3YoTCqTw5eX_gVlglX53JtZYjUjPgjC8H6G-io2qsHZSbPCk2buROQ_g7RIkLuqfI15GsTV3xqSL9a9mOzYaQnGottvXN-Fw-U2FpgQfUIvaYzG8xKBcH2sh14glByPkPzlekTxZ9g2mKNTXqfKf_PvRMErp6g-MC8kU2n1oYdlrPUf7pvqjKtOBEdfKMtuzr2ay0R5cEZ5abewQHZOv56xdHQmC_x6riPWxOhIc0GEoJGP8imnrYbOqQTIrlfXWfPvRh3xyMIjPg6YYhewoGsVzEDgRbeQsL6CQjzSZrr-PSZG-BtyQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 762D 0
20 B 52ms
52ms Ping
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6787306333064&version=m202209210101&ct=76&x=1&cor=14193382253363542000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 843D 42 B
64 B 61ms
60ms Fetch
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsua3b7JJurG1r4KrQLI2ADk5ECfNPC8_c3t_w7Wt_5TJmCVljHkuBbt10FhbeObTHSgVqfBrtH6pXD0SfMhEVKEI0FDTtVbb05P1A0jKs_mDs60pYSrACpAdYUvNAjDJaaZo7xm9w&sai=AMfl-YQWZNdxpwzSsvliVJjsusvm04pj6z4Xalrzu2aEkELM7_TDedLI3MPaYUh2fpQT7HF2KxfuRtqx-XSwQfFztkvhdVEIwQYM7UfWqNcRh-5_W-_I1rybwTXx-e7zS7M&sig=Cg0ArKJSzCNAgiYaXYqjEAE&cid=CAQSPADUE5ymsVbMTQfAYo7_3nbxvnY-C-IvzB2xL_19Bg7CTg6JOrAVVINQYg-R72ohCt-9kHzhOqdJ8jbNshgBIBM&id=lidar2&mcvt=1002&p=1132,436,1222,1164&mtos=0,1002,1002,1002,1002&tos=0,1002,0,0,0&v=20230125&bin=7&avms=nio&bs=0,0&mc=0.75&if=1&vu=1&app=0&itpl=2&adk=3102769304&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1675067381374&rpt=1020&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame D8AE 43 B
215 B 91ms
91ms Image
image/gif 2600:1f18:1aca:4280:ecee:c915:72bb:546
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1322500&asId=30920b62-509b-7fa7-4a02-d9128f290ee9&tv=%7Bc:2LDzcj,pingTime:-10,time:764,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTA5LjAuNTQxNC4xMTkgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1675067383550%7C%7C65b55281de46efd37d0c73eef526dd4c%7C%7C2e8a6538fa2d69b650a00d23a95123ee%7C%7C7b3e77c1f90ae7faa702e2ab1d3bdac9%7C%7C6e88b4925e7122ce31f2a9227a496b27%7C%7C0dd34cd6c1cd3ac68727ad4e66894c88%7C%7Cca7f7beea6cdcc63255165522fa2ba5c%7C%7Cd8b23ccb031e340e720c85304e3601c2%7C%7C1663701684%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:ecee:c915:72bb:546 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:43 GMT
server: nginx
x-server-name: dt07.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame CC07 0
0 60ms
60ms Image
text/html 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2023012401&jk=2041286406762589&bg=!NTalNnLNAAZSrDxfcqw7ACkAdvg8WjxpwSFKOWm4xdBAKlM_vC_I6l5BYeUkmg-ODKOCWpaJpjHz2AIAAALVUgAAAAloAQcKAMpgEW9xlphH6S8hewWasYE2XGCkVL30NldP48933LKCcsvtq-we4DdQWOMNg2_vxtP89rCgazJVlZGiiFALHPVs8iFUswo86nfiZZ-4g8gOodDHpmc-8DVZhxcPWPDaER0dukXnp8AOMsD6jUYNxrAd_rPs_irCohpciu330K8m5F6zi9gkHJsMVxEnI2Fs-rWnz7njctJyF9xNWEcSszbVa_dwNV8jF_6-tE2bv4S1jaNtKJ59tttUnB5JjMIY2zjwFaN_In_cdhXvmQLDdWmYP0GGhinHB8D38kPYueFU7AkwNooyL8pIPc69_s7nXLEW5uRjznOK-MAb3aez4-BM7ten--8haBcUrODjBrAF2FwJYyWxjFgs9dD9Pcme-CHKj1RAkctEoQm07iZr56A7CMWRNNOoRZ-DReHkBh0jmOwkmdhIo27Lp-eeNelx0Po3-AvS0y8SOw1F_FA-a5Os4MvjyYGIFC_TGZik90iES2uSY2cJPxENkoDIA8H8Juoa4Ug2R76wH0FkfCs7-I6eHmP2SHomw2tohNVkeCigcLV1m2bOmVwIiJWpCKgES7YEQYlFcw4024SjBwUGE0SWas9ana_tNV0gNQ5oLR7COylGswjZc7MU_SvG_32aA1Z_SxqoZ7Uwmom0cbpmoESN1_3JB9G5B1hl_FWsLeuu98uABhVNU6lw9K80jHb9rlBc1fuCQUivO0s2CIdrjdxjWhkAEcX7vUy2DF8HGwRHgF0ylmAmVBexJnlpaFisfVdhcJcKItSitdxE2jiClSFksd1wvm6c4bpWNzJsozHGlMhvyJMCxoxDRXbTVOWAAJHA5FPgabb2fna1yUUue9G57zFRFiOjFkunOR6mS54WherBj8UZLu1qQgmYklXVKHS0zio0UjhPQhx-cTta8W4dInA_4MU2XQwn1LERhn0M_6E9zLybQwB-iSvA4yMNCesjJ9Qr8E9NJB3QJIDpgjQVQ2D1DdQ6j8mXCDXzOEIDSVF5mOMRcVLBTz85WK0-0oFWUQ9DGjGaKLK-YAF2LFqRSlSubWbQ1G8rMP5_dEiXEf41NVb5vUpZ3Hm7zBZeMnw_XWTA3CAvwEmA4bBKna598QXHYgPk-uFnhj0EMFh415m8e-1xrjHEfDjnh0hmujOd1iNarWVVipteEyxgkfKKEDhALH-m1H6o6QUfgqylW4nhTOmw90vmeOlGHM_BJ2Y
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koraplus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D8AE 42 B
64 B 55ms
54ms Fetch
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstCd0nfqecrxsZFFDUMWWx5a1kp_1p9JqRrWoQPDC2rOWJXBrYt13r9gsYvvQ16adMrp8UEST4R4n4RO5Fylih_TW9T_qtRJwYmWovXMAJF31pUFwYPCvHJEz5U&sai=AMfl-YS7JWhngH9Ns5MBbomLGLL-wJXSCGyRVF60UEDRglHc6Rfntq7dWZUrqZPDzCgBEtjOIenQb1f_OHezXH2jz9ioUfoD7OQyWESlZV4g9XDM6GXH4fR6tTxU7CVvTLc&sig=Cg0ArKJSzMgtmSuNJIW_EAE&cid=CAQSPADUE5ymr5ogH1F-gN8gMwR3cIjq8Q78jifRuBS5e3g_cxAYLswpjT2zf0j_H8bfrKZFSmLUxdBww_CroBgBIBM&id=lidar2&mcvt=1001&p=0,0,254,300&mtos=124,1001,1001,1001,1001&tos=124,877,0,0,0&v=20230125&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=3757239826&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1675067381090&rpt=1721&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D8AE 0
20 B 52ms
52ms Ping
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=1938686049951&version=m202209210101&ct=77&x=1&cor=7236506720719206000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame D8AE 43 B
215 B 92ms
91ms Image
image/gif 2600:1f18:1aca:4280:ecee:c915:72bb:546
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1322500&asId=30920b62-509b-7fa7-4a02-d9128f290ee9&tv=%7Bc:2LDznM,pingTime:1,time:1475,type:p,clog:%5B%7Bpiv:-1,vs:n,r:,w:300,h:250,t:358%7D,%7Bpiv:0,vs:o,r:l,t:429%7D,%7Bpiv:100,vs:i,r:,t:469%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:1006,o:469,n:429,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:358,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B85~1,0~0%5D,as:%5B85~300.250%5D%7D%7D,%7Bsl:o,t:429,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B40~0%5D,as:%5B40~300.250%5D%7D%7D,%7Bsl:i,t:469,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1006~100%5D,as:%5B1006~300.250%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:96,fm:tupu1mj+11%7C121%7C13%7C141%7C1421%7C1422%7C1423%7C1424%7C143%7C151.1319389-68771741%7C1511%7C1512%7C1513%7C1514%7C161%7C1621%7C162211%7C1623%7C16241%7C163%7C164%7C1711%7C17121%7C17122%7C1713%7C181%7C18211%7C1821211%7C18213%7C182141%7C183%7C184%7C19%7C1a1%7C1b1%7C1b2*.1322500-68733915%7C1b21%7C1b221%7C1b23%7C1b31%7C1b4%7C1c1%7C1c2%7C1c3,idMap:1b2*,rmeas:1,rend:1,renddet:IMG.qs,siq:359,sis:535%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:ecee:c915:72bb:546 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:44 GMT
server: nginx
x-server-name: dt07.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame D8AE 43 B
215 B 93ms
93ms Image
image/gif 2600:1f18:1aca:4280:ecee:c915:72bb:546
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1322500&asId=30920b62-509b-7fa7-4a02-d9128f290ee9&tv=%7Bc:2LDznM,pingTime:1,time:1475,type:pf,clog:%5B%7Bpiv:-1,vs:n,r:,w:300,h:250,t:358%7D,%7Bpiv:0,vs:o,r:l,t:429%7D,%7Bpiv:100,vs:i,r:,t:469%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:1006,o:469,n:429,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:358,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B85~1,0~0%5D,as:%5B85~300.250%5D%7D%7D,%7Bsl:o,t:429,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B40~0%5D,as:%5B40~300.250%5D%7D%7D,%7Bsl:i,t:469,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1006~100%5D,as:%5B1006~300.250%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:96,fm:tupu1mj+11%7C121%7C13%7C141%7C1421%7C1422%7C1423%7C1424%7C143%7C151.1319389-68771741%7C1511%7C1512%7C1513%7C1514%7C161%7C1621%7C162211%7C1623%7C16241%7C163%7C164%7C1711%7C17121%7C17122%7C1713%7C181%7C18211%7C1821211%7C18213%7C182141%7C183%7C184%7C19%7C1a1%7C1b1%7C1b2*.1322500-68733915%7C1b21%7C1b221%7C1b23%7C1b31%7C1b4%7C1c1%7C1c2%7C1c3,idMap:1b2*,rmeas:1,rend:1,renddet:IMG.qs,siq:359,sis:535%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:ecee:c915:72bb:546 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:44 GMT
server: nginx
x-server-name: dt08.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H2 200 /
track.adform.net/serving/unload/ Frame D8AE 35 B
503 B 24ms
24ms Ping
image/gif 37.157.4.40
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=1098481119950686876@@60989391,2484600131306509404,100|1004|0|0|0|0|0|0|0||39|1|||0||1|0|0|Usbop56FHcpcPlakbYq96SJ_6-VV7YwV7bD231891yQTQg91nMpQ3vL_QlhaeLlf0|||11||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.40 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/serving/unload/ Frame D8AE 35 B
503 B 23ms
22ms Ping
image/gif 37.157.4.40
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=1098481119950686876@@60989391,2484600131306509404,100|2100|0|0|0|0|0|0|0||82|1|||2100||1|0|0|Usbop56FHcpcPlakbYq96SJ_6-VV7YwV7bD231891yQTQg91nMpQ3vL_QlhaeLlf0|||01||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.40 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/serving/unload/ Frame D8AE 35 B
494 B 26ms
25ms Ping
image/gif 37.157.4.40
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=1098481119950686876@@60989391,2484600131306509404,100|4602|0|0|0|0|0|0|0||180|1|||4602||1|0|0|Usbop56FHcpcPlakbYq96SJ_6-VV7YwV7bD231891yQTQg91nMpQ3vL_QlhaeLlf0|||01||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.40 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 dt
dt.adsafeprotected.com/ Frame D8AE 43 B
215 B 92ms
91ms Image
image/gif 2600:1f18:1aca:4280:ecee:c915:72bb:546
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1322500&asId=30920b62-509b-7fa7-4a02-d9128f290ee9&tv=%7Bc:2LDAqh,pingTime:5,time:5474,type:p,clog:%5B%7Bpiv:-1,vs:n,r:,w:300,h:250,t:358%7D,%7Bpiv:0,vs:o,r:l,t:429%7D,%7Bpiv:100,vs:i,r:,t:469%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:5005,o:469,n:429,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:358,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B85~1,0~0%5D,as:%5B85~300.250%5D%7D%7D,%7Bsl:o,t:429,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B40~0%5D,as:%5B40~300.250%5D%7D%7D,%7Bsl:i,t:469,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5005~100%5D,as:%5B5005~300.250%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:103,fm:tupu1mj+11%7C121%7C13%7C141%7C1421%7C1422%7C1423%7C1424%7C143%7C151.1319389-68771741%7C1511%7C1512%7C1513%7C1514%7C161%7C1621%7C162211%7C1623%7C16241%7C163%7C164%7C1711%7C17121%7C17122%7C1713%7C181%7C18211%7C1821211%7C18213%7C182141%7C183%7C184%7C19%7C1a1%7C1b1%7C1b2*.1322500-68733915%7C1b21%7C1b221%7C1b23%7C1b31%7C1b4%7C1c1%7C1c2%7C1c3,idMap:1b2*,rmeas:1,rend:1,renddet:IMG.qs,siq:359,sis:535%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:ecee:c915:72bb:546 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:48 GMT
server: nginx
x-server-name: dt08.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame D8AE 43 B
215 B 92ms
92ms Image
image/gif 2600:1f18:1aca:4280:ecee:c915:72bb:546
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1322500&asId=30920b62-509b-7fa7-4a02-d9128f290ee9&tv=%7Bc:2LDAqh,pingTime:5,time:5474,type:pf,clog:%5B%7Bpiv:-1,vs:n,r:,w:300,h:250,t:358%7D,%7Bpiv:0,vs:o,r:l,t:429%7D,%7Bpiv:100,vs:i,r:,t:469%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:5005,o:469,n:429,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:358,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B85~1,0~0%5D,as:%5B85~300.250%5D%7D%7D,%7Bsl:o,t:429,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B40~0%5D,as:%5B40~300.250%5D%7D%7D,%7Bsl:i,t:469,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5006~100%5D,as:%5B5006~300.250%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:103,fm:tupu1mj+11%7C121%7C13%7C141%7C1421%7C1422%7C1423%7C1424%7C143%7C151.1319389-68771741%7C1511%7C1512%7C1513%7C1514%7C161%7C1621%7C162211%7C1623%7C16241%7C163%7C164%7C1711%7C17121%7C17122%7C1713%7C181%7C18211%7C1821211%7C18213%7C182141%7C183%7C184%7C19%7C1a1%7C1b1%7C1b2*.1322500-68733915%7C1b21%7C1b221%7C1b23%7C1b31%7C1b4%7C1c1%7C1c2%7C1c3,idMap:1b2*,rmeas:1,rend:1,renddet:IMG.qs,siq:359,sis:535%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:ecee:c915:72bb:546 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 08:29:48 GMT
server: nginx
x-server-name: dt04.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

Verdicts & Comments Add Verdict or Comment

74 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

28 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.koraplus.com/	1970-01-20 18:53:47	Name: _ga Value: GA1.2.998354678.1675067379
.koraplus.com/	1970-01-20 09:19:13	Name: _gid Value: GA1.2.483444470.1675067379
.koraplus.com/	1970-01-20 09:17:47	Name: _gat_gtag_UA_210964759_1 Value: 1
.doubleclick.net/	1970-01-20 18:39:23	Name: IDE Value: AHWqTUmw4JcCWKiPgC4MqudRk5-kBsqyGFJKlWeJBm8RHjVMdbRiG7HseyBHr0WxJ2w
.adnxs.com/	1970-01-20 11:27:23	Name: uuid2 Value: 8921472339921513014
.adnxs.com/	1970-01-20 11:27:23	Name: anj Value: dTM7k!M41.D>6NRF']wIg2In>x9iUd!]tbPl1M>e)ZlrFUfJ+tGXxp)]4TI%E^xxpV>Xgt@OPo+E9IZa_KB_)KR_8(3If)y3KL9D3I?-$#?lZ2
.casalemedia.com/	1970-01-20 18:03:23	Name: CMID Value: Y9d-8-2kfl1NMJoaX8d.DgAA
.casalemedia.com/	1970-01-20 11:27:23	Name: CMPS Value: 3244
.casalemedia.com/	1970-01-20 11:27:23	Name: CMPRO Value: 3244
.koraplus.com/	1970-01-20 18:39:23	Name: __gads Value: ID=90ae5177862ea6de:T=1675067379:S=ALNI_Mbt9OXzPjg4xLVfY2--FS8GBduAiw
.koraplus.com/	1970-01-20 18:39:23	Name: __gpi Value: UID=00000bcedd1c7bd7:T=1675067379:RT=1675067379:S=ALNI_MbTFe39uMOx3_cgcpTrxvnr23FoOg
.yahoo.com/	1970-01-20 18:03:44	Name: A3 Value: d=AQABBPR_12MCELmqIbwEAbl9cXoUFm7SJuMFEgEBAQHR2GPhYwAAAAAA_eMAAA&S=AQAAApEg8knqqKYVquP34XIDvWU
.spotxchange.com/	1970-01-20 09:58:06	Name: audience Value: 3d67274c-a078-11ed-b9e5-1a3cf9d10306
.analytics.yahoo.com/	1970-01-20 18:03:23	Name: IDSYNC Value: 18yl~29pk
.travelaudience.com/	1970-01-20 18:48:01	Name: _tracker Value: %7B%22UUID%22%3A%22695501C6-75D5-4931-9695-2E1BB479E39B%22%7D
.mathtag.com/	1970-01-20 18:43:42	Name: uuid Value: c14363d7-7ff5-4c00-a5ef-fb12bbc41ddb
.mathtag.com/	1970-01-20 10:00:59	Name: mt_mop Value: 4:1675067381
.everesttech.net/	1970-01-20 18:03:23	Name: everest_g_v2 Value: g_surferid~Y9d-9QADH5Dq1QAb
.adform.net/	1970-01-20 09:59:32	Name: C Value: 1
ads.travelaudience.com/	1970-01-20 18:48:01	Name: _tracker Value: %7B%22UUID%22%3A%22695501C6-75D5-4931-9695-2E1BB479E39B%22%7D
.quantserve.com/	1970-01-20 11:27:23	Name: d Value: ECYBCQGWKIEA
.quantserve.com/	1970-01-20 18:48:01	Name: mc Value: 63d77ff6-20800-05cf7-0a1f7
.lijit.com/	1970-01-20 18:03:23	Name: ljt_reader Value: GEmduGZH_amFSaP9TSesYax6
.doubleclick.net/	1970-01-20 09:17:50	Name: DSID Value: NO_DATA
.adform.net/	1970-01-20 10:44:07	Name: uid Value: 1098481119950686876
.adform.net/	1970-01-20 09:27:52	Name: TPC Value: 1675067382581
.krxd.net/	1970-01-20 13:36:59	Name: _kuid_ Value: PWWjJ9iz
.tribalfusion.com/	1970-01-20 11:27:23	Name: ANON_ID Value: acntuJr2PKcFuYnRYd7244alZagZdDopbKX1tsZbZc5HBY9x7UwoOUHnMmAxH4GldlaabSqrPP0TdSSST6mT0DZdpkAXn

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://media.koraplus.com/Kora/Player/ Message: Failed to load resource: the server responded with a status of 403 ()
security	error	URL: https://29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html(Line 15) Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/9419780827614543872/Netto_GDA_SdW_KW05_R/index.html".

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

29d130d8281b5d5a100c763a39649e02.safeframe.googlesyndication.com
7f8be9cf726a023426ad6034fb7910b5.safeframe.googlesyndication.com
94d95e583dfe38db43e37a59e2289223.safeframe.googlesyndication.com
96909f4d484a694abc241a17d2da6583.safeframe.googlesyndication.com
a.tribalfusion.com
ads.travelaudience.com
adservice.google.com
adservice.google.de
aghtag.tech
ap.lijit.com
beacon.krxd.net
c.bannerflow.net
c035c636804995c8aec6f290cbd16db7.safeframe.googlesyndication.com
cm.g.doubleclick.net
cms.quantserve.com
csi.gstatic.com
dclk-match.dotomi.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
jscdn.greeter.me
koraplus.com
media.koraplus.com
onetag-sys.com
pagead2.googlesyndication.com
pahtfi.tech
pixel.adsafeprotected.com
pixel.rubiconproject.com
player.adtcdn.com
pr-bh.ybp.yahoo.com
rtb-csync.smartadserver.com
rtb.openx.net
s.tribalfusion.com
s0.2mdn.net
s1.adform.net
securepubads.g.doubleclick.net
static.adsafeprotected.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.mathtag.com
sync.search.spotxchange.com
sync.teads.tv
tpc.googlesyndication.com
track.adform.net
ups.analytics.yahoo.com
us-u.openx.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
104.96.128.226
142.250.184.194
142.250.185.66
151.101.2.49
185.29.134.244
185.80.39.216
185.86.137.132
185.94.180.125
205.185.216.42
216.52.2.30
2600:1f18:1aca:4280:ecee:c915:72bb:546
2600:9000:214f:4200:8:48e:53c0:93a1
2606:4700:10::ac43:1472
2606:4700:3030::6815:1b4
2606:4700:3030::6815:d88
2606:4700::6810:c40
2606:4700::6812:18ad
2607:f8b0:4009:81a::2003
2620:116:800d:21:c5a4:625:6563:a5bb
2a00:1450:4001:801::2002
2a00:1450:4001:803::2002
2a00:1450:4001:806::2008
2a00:1450:4001:80e::2001
2a00:1450:4001:80e::2004
2a00:1450:400c:c04::9c
2a00:1450:400d:802::2003
2a00:1450:400d:806::200e
2a00:1450:400d:807::2002
2a00:1450:400d:808::2003
2a00:1450:400d:808::2006
2a00:1450:400d:80a::2001
2a00:1450:400d:80d::2002
2a00:1450:400d:80e::2002
2a00:1450:400d:80e::200a
2a02:fa8:8806:13::1400
2a05:d018:d29:3601:b182:71dc:6cf5:e081
2a06:98c1:3121::c
3.126.56.137
34.249.210.67
35.190.0.66
35.227.252.103
35.244.159.8
37.157.4.40
37.157.5.73
37.252.173.215
51.89.9.252
69.173.144.138
99.81.65.5
0117e9167e3ef1c626663b57a724c0529d0af2701e7c8f9912dab952b5ba9ace
0146ab3169091e5493824565b9fcbfecd8164e480bfc8c4f6d7c14bc8670028f
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
01db50a96fd7839e90d5d004d9eb7509e492acfa218fc3e985d1748652b9f8c2
047ef7e9416fe045fa7bf9e9dad1324ef32a1d175d94d17dc4517bda2cbaf3c5
056138259a2e55407c1676dc9df4752782ed937738ee2068894a9511064586db
0600e99849dbc60da5c2a9e3ee49b90635bca0f71ceecd368d0a7fe0303148b5
0662c4ea2687452003b35407c62337921a5143919e6f421446dac109100bea89
06d0965f0851d3936c68da6d6de73163a6bb32e3f134822ccfec6d28f185ff29
07889a5dbbd0dc8b0de9f6664dbdf144c9cf681c2e550ff4ce1406352aab05a4
078eabeec375c3e2e7ce1d3721a3be989ca4e2575796f6754111361cb5e228f6
07970172ef078d9a58aa9ed9e9b54dd1cfbfec021be21b0d0fc7484c5fd5a58a
07e9823eec0da5f25ebb690abd4d558660213b6c739897434632bc924e449226
0925a65ecf5aee65cb0672204243d734d81eb0fbd298bfe72c84a72e764d9339
09324606f719f99067566ff005ef0623b1442b99de9863b671565a02d7e428e0
097844493adb2afc10cbac7aba243fb74c30a98828d9f7129c0a882352921194
0ad70b4f549e9e5b3b5c58cd4c481cd254b0d07ad0642d74e1493dd297d38e7f
0b5b2b6fc85060f59709f7d436b7fd7f2b25b9da3ffb45058a591bb5d033729e
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c1807a475ca0db71b01247d5d3627bdb55cfe09008b51cb59082cc2c351ad5f
0c4311df00bef1093b3e3063e654db79521f152b1a3ed8e2c3343656294e8bd6
0e65a9c25af4e241f6e304673b15e3d20053681a6010566da4e10950e360c2ad
0ede6405822be4ff2f1a05c3e9a6218b48a8638c634db0df0e9443b7763e093b
0f01a56efb1882b6396c3b52febe8a36464c2dc02b2a141b0ba7cde3a49ee0e8
0fc14ea65234e0cea602ed9203b09217c52a6fe46102c1c9aeb2ddcb953d5f24
10040ab6ed5d99a8f9912b23d8d21d368e9e285365d5f35999d7acace6abf94e
113e8ff3de67c853715c37158babb828a9d8317a448694a1fb17cb94502e27e2
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1529002ff0f1d31928a5090c1f28de571b19464dcd04540a5dcff9be9277dffe
1554993bfd6558071bd0f007fbc97c32c540ad0339cdda7a274740b4b214ea7f
1554b57dcc808805b65fab1604ce157f0e0cf7c18ab802e8b2c1825dee65f31e
16ec8f36df26aeb2ba6324272d56729483881cc087fbc4359ea02d4b9eaa0c05
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1c02b93860b37dc04ef4f253ba33f114ad25674823e48d163d59fc43651aa374
1d1b2863b166d7c4a4118b2b6239927c70a1710811a8072381b7e8cbd71aad4b
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
1fdd917f3a593fe4a70e758cdf799a002f4ad8be18773dc66590be82563a4194
2113122ed13e1cb74c82ccef5b374945442aef4b4ae7051b4b8b7bbfd92c43fb
2179c14de4542297fcf464baaf0f1ca131ec4359c88e56cb19610c0fc60c4673
21982ba4acad9b833bdb7267fad2d259d938043b3e68caaf621d6490d92980ee
21a61bd1967c7020155d5599cf69a647e6081c2f314fe51e1e511537e4724437
21ca804fd97dc74906e902e61f8175240393a338fc586ace0c60b2f426f55905
21eb00836ab9e006240b59aaa5a3c7ea0cb4e47e857b9f383f55cfa1fc788ec3
224fc71f229ce6d5aee3974575b2c81cab7dea7f3d087ac2f317aee094986785
2260264cb4d75958e8c23c1be2102745e928385224ae36cd5b7d4d619f68c572
22dc4541fb441d87e645cbbe94a553ef725b6c20b5243d9056ad3eb262017225
22ec56df25744866a27efb0d3a95c71bec34cd151f986376a9f2e10f498760c9
239724041fc526faabece90d4308276165a939a325233bf6b806073ea0362a8f
23b8cfc6930ce650d05ccc5e4a40c31d3508d672997a7701316cfa7cb80b0fb0
23b9c55ffea7b8f3594b2798e0225c5647d10f4e61dbfc535ce9e443e3d73f62
2841b577ed6f38c961a063487707f01d8ec27ca40a29b599ddbcee760c134189
28624ba5910df2040b8121bfd7b79951064820a60128fb12a225951d1cdbfb4b
28e530a17d146e0b28568569a6cfebbbd14d29b082dba71518117ecbbf1620fe
298891dfee21768fc164f88ef1c5ff66829c14e5c6dcbe341beadc32d6dfeb17
29dda5c59fefbcd5195ec3e267c1621c0beed5f12adc44ae3d5feaf95966cec4
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a
2c62321f045ffb43386252bc16cb03f9465142edd6b7d686a98455a7821ca480
2d851735b8154651bb33a40154784e9da095641e6504fafae7394245e92871c2
2e48b252ef2259d71b021df795be99f35039c0b21ece4aa0bb1fb07a534bf3d0
2eb794bc2c745207722a7484ae4c223e889f4343328cc11e10b3f6940d72dd7d
2f1e3dcfd96b1264622005639181b60e3f236ab395619b90ee28cd6146bfae5a
30295594f4c7f30b6b8adfaba2c78486ec844f84aae015295a75848b1baa722d
30499f108a4ccc142603f89844eb3c740fe6c3ac89852d2f8c18116a39c374fc
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
3301fbb56f128177eeb42f226d0415d0b06260e8325c7b25786ffc15c5bd8fff
33f49b689a021f6782e46a226c54759c119884f75702e459e6b3e00642071d9a
34b1181652a723f56ec898322fb5afa5ba022148bfa0232bcb4541df67f95c91
353f0f01ba4a4d0aff25a5e2c26f53931f47599e039a5f1ffb6065dde101e965
3578599c04427db93b8dbb9856b31ec74706adab651288a8444b48a833606c2e
35da5c6b61db6ad2f028dc52eddbe524529ee5f74cf6b1eda074131d2b64bb61
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
36e01e6c23e6d028cc94c9e1800eb6c1ef39c0f9644b1518300825a0d2846c1b
3791f33e7f348e405e3aefb2debddb2cfb30a6030fc86374086db7b589efd426
37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b
38440cef7d0613d174c2559d48258646784de3bff4bb710927dc15bfdc8257d7
38c1430f98854ce2f91f8cdedac9d59a26a97c9350a235cfea678d27af78420e
3e6b116a37930e9d8612e34a3c574922cf0f81992dd716ee26262877910937d3
3f98d93d382c543d6d3e782beb52be88829024419686e852be68626ca9f8b148
3f9909775d48d612aae837f0153817e8addbfa082f901254471bced4d8c72691
3ffc9d5e2655d95a1935bf1f67601e31be98fd53ffb286358738a186da1d98f0
406691710ad04a6231db4fa5cd7bef943f6c5e58f744b01a42d4b3972b741dac
406fc0b21c034cdcde14c7f1597a6240292a3293d8971391d70fb9f1b62ff620
41a7386432727a336a0f47f6131344abb963e842312d49908d1b06d76e760250
421970f1952860cfa08ae0c1dc0316beabd2ff11b73380be815af4da963610ca
425b905bbc27bb26ccaf48e98934438370dad2305b8f626de4ebbd3d08e55740
42828709ad91aa444517749cdd56dc665ef9419a859d7b40fbb1505ec76338ae
42ce9ee9e51344dc1182f0d456164af3530858ff5ee4e53303d7982c04ed897b
445d8a5680e2cd98db5ee96aa41d03511ae0b1ff832523a1d10b8fea85ab59a9
4487453e5ea693c7a69c28a8385800d781166820d57037088b1dc6abb30a24e8
454332f68d1cf8857bffca880a4524c0dea98499eee0be1262dc34923d4f5c96
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46b4ccca2e11cbadd1cb5345e60ed28047fcced05a700df874106cfd2bbfa48c
46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2
47a278025cea905349e975bf082b6d027e22a536a4b3d370afeb04d8fc5b2ca4
484a86dad80c638b0d998d03003d39573ac5bd716145245c17894a69d2073548
484da8391d7ffd1e027cf60b07441ac4dcf9edfbefbe56b8ebf23b99839aecc7
484ec1c347c17d7d3b98d5058aa5d90bb5c7315f3a67f44611e902de4be50831
486d12cebb58a39a977df6cabf3424da27ed7ed71ac6749bbfee29447d2be462
48995f6973f1f5fa8194d60fda6c2822d5052b881e4e016bb6c37f03fe87def6
4914edf792cd8345c867600b764bac13f44022dd709aa02528a0c24405d6aa81
4974622fff31e0fe9dcc6c31c33e3f74dfb665d2678bd876ab807506e3bab60c
49adcab3b220824cc857be3a9db5c3365bf4cbff941153f338f95130ee98f688
4b2b31d81c44d5de0e4a971b69c60c3ef741d56f9e7de3eb2a0907cb9b698069
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4baeca9f8f1db2cec8008fe066fe6a5a6596279afbb8bcb34073893c9f925309
4bc5527fcf437e2e50de6244f2c4580ab4dbc5139b7db06bdc1bf0877adc716f
4bd7fb6600ae5147ea791303676ccd945702cebe59f274241ecbeff95d423131
4caec19fb48c8b123d8f1dd3443f2bd70863adf6408db3ea83b1ee46df65c454
4cba99b67be4f1ca2fee50b1ccbad96f5abd3bb8f8d3518a6616b3fe0bff4bfa
4db4eb63f193ec761dcef84a13c4b7c197f19de622ec515ddd67bde888f5b3be
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f18ed195e69551cc4e11dca048f0dbf93078d172b582aa5f95b026c20ec6e14
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
506232725b472834278e60634b4137a0358256051a6fb7f6f03582964e756de9
50823da7bfb14d76ca9ed9b2f60dd24aa1186f3f1250d9fc551f782ca342b769
50bd38d30cc1a9c90ad3dbe21171ee37c8c21992e9e2d54c0583b6fa360bddc8
50f60888a2c8fae203727d66e4f40957015100f46fcb0c22e7346ba2f517f895
512c2d94006347a24e2977c9b5824bcf51d06af6bda5ea5cb09ede92b79821d2
5157e3025c8ce5bd65f8509719272419a7ddad9e98ccb3327a02afb7fe2e663a
524c55c8d2300cce448d346b995650dc7fcd703ab0c3734c057147b5c69d3773
526aac3f4080a1fe8edbcfbe1490147b961ba53e5943a0968f985421561cd5cb
557e7845dab99ff76a9171993b52cd53f203fd9f178698c497fffc93dc4025e4
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
58263e94028eeae6ddede037bbdd48717e7c146fdbf9c7255c810045dd674654
5875e49a2696039a2ea407e4e0febb942e0f73bd973698d7ae2980f22f23c0b2
590d0785d3845aa9f2318d878915524ae006262251ffe20e4e7f2909f563a7cf
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5999f41df4177292f0ab09f090c9cc1accab1fdc47f5641c71438221b4dbbe89
5a4d1e092996d70e15b9668def9258b62aae5832226900e05eee116e7bee90d1
5ad815788081a7b54b50ab09b8afe49c154f2976fc26db9c647987ec6d176c00
5d1ed9066f61ede258db789a11321ba2573348dbc439f1b5c5b3bab073f70ffd
5e0a21250317405f5c346190a17c3f72e4f443c243261ce20916a185ccbc802e
5e931479c354d56499d738167bd6082bdb76a1f45be784f6fc5052891e886309
5ea995481d7dfddb5307f94aedabe955e8bdd9ba40b925007532997185cd35c6
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
5f786db2d21a4e9accd632866a82cccd061a7f0ef558288471ba8559dd05a6fe
6005e56ab3043d83726d25b0d17458e35b72355a81ca3230cc9de9058ee8b1f0
60280b8ab4c8d489c74567c55e14945b935c2f5937855f808163ee40a65f065f
6054746292d3567c660857d4e7ed6153dadda2b3d602245f4612deef4dba2bd7
605b14697226eeb0be6b2c11db8206b70f4c8681c3f921e4ceca4793ce1a95ce
60d6f54a66ebe87375c7adc0572eb4901ec94da3fda9c178d6a45237642db272
6181563c99588058803ee902907792de673ecad25d9890f610b2c1bfcd573388
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61e8658c6688a28ad8c219fc04c44f3b1b6782aa2a47783cc47d6a3ffa807be4
6211dbc5c4ca03303f91b12a087431bff9606a65e65d084f028c6f8bb2585df8
6295305ab6f5031fb1e5de69a1b1a9d27cf7516655f89cb73a49913a9a13c136
62fc63c1926399ef54ee3db4ab817db33ff9a9cc298e30658b08c7958e392f81
63e9a0058f74fed8eebe7be41e119de0a17cff86be74f63f438731b1f3e11bab
65ecaacea233cbd58cd42e885e80df77cbc92fc6cfd6e85f1d0e9d2852e1e7ed
661eab5f8a15d4e3c5ef8a60c8c3ebb1266c01095295f2e960efe521bd1dce96
66b51eab2951a9cdf008f3c19150c3014e0b2e1fdea478e382812d15db1fc474
682b9a643ebc5c5b7f54f802fe82d4d9117b6cdff3479110b81afdccfd6148c2
68bbfd292da6691b26f765303ada45545f16aa21f8a9e02e239fb5e57ffe6c13
6921c4ba179bc7669521b1ce2ea9be93fcce81a5de388da7e906ff6722417a2b
692fab6756ac1cdb625795b5fb15d0e6581617cbccbc8a9419890725eb4e0fd0
697016751229f2b7cbeb1cff1be034ce7743422b838861c7f9ae5c9aed624010
69abc825203e800438f446ea4630d271aa25a61595b5195213485e8c44d102ac
6aa973649c1c6508588e17d4dfe3e76e7c5f514a1f9a58382597415ce653f9f0
6b5fa0a317a106f1989b011c28a334fa544940efc848d72912d2007c1b3222d6
6b66b48ce554fd29476b7d420d191826cfe13b84834c66a338de278d8658bcaa
6d044b489cee90571b34dc4af276c9a51acf12f4bc8ad08ad80e63e188009ef1
6d7924cacc646fb891905ad15db0c492f2ba62e0667c0820f201b2c2ec88f494
6d7b90c0434242c2d1abcac7162ca8a7933530b32c27b57914b85bb7cee060a4
6d912f6c7822b065a9b779aca5c09890f3147fc5497120cadd98fe38f72b40ff
6de741cb338be473e912b88bc0671ceacbd1c7f23dbb7c447620e5d44c7b2d59
6e4f4b756ed81fbbc582b7ec80e143ac8387b8f26084993f3a66faa9ecf50fbe
6ea604a09ebb479804dd62cdaa3832a11e5b1c30f0adc79e30c90674e2731ef6
6efd980b83731f2512ae8f800cc58a98c96c186f19e4296cb18315867df5da67
6f368aa8ed1ff20a7f45f67285eb393b6b164a71826955217eaac1aa54c31980
6f90329882763ff4af8c8f6114bfb54b8f613d857340498819aeff41bea9db24
6f9788d7e66abe87bcc3b3da018a88a09a3092be671c3f7b87ca1ee8eee2b1d5
6fabf76746e0e6fe2e14da5f9d17d0c322eb78d5fb71592baa45208538fb4eee
703f50216781274475e93fc99fdd060d1a9ede2dd3aaba71751a6a191f905011
70c09574abb2e590eccb0b0014aa078b83c3c05ebd27ee4009417c0192cc4d68
71257a1fbdfd6c1fde42c80c549cc3230be093a42a8252b0181c7cb0764fa344
737ff8288b917ed5912b360b6a9fbe86dbb0a5861175cbe7a2282222258770d0
74386de796cc277257914a7ec958687c7e3b2175c0c4ebb910d61ddf4e99bc35
75301440d78f5146f9670713bb5f3686f549d7260717e5b2874a66026fad04a3
76082bc94bf489d00e825e984c3974d4b233663c99990bbc4ac6f2e1852941e1
776e4f1df9d2192c5ea5f749f99722a1a99946a7cd899af459dcf130592cf686
77c27eb0417a857a0bb259b6bd9027c07da1d3d1b044c13c546fa37fb916ecf4
77cc89d5dfeb07aa776d08555622300a718dc1720399e6cbd8cddcee828f114f
77e009ea468cd4811912a2e00f689d51d480e9ea53cbac44b711243f80e2d4bc
78f2e942751c41dc0755bc5f381f8d3181ac7f7b805f140fe2afddd16b3b60d1
790d85367eebba77271b554e30607cb15c27e8c0511db1195bcaa1c587fdbc79
7919ce47b95b64307c3053fb364120d83f76258e318f606e9d21a9979d620df5
79e66558ee620ce57bc0a6be17a96c32074065e763b49f0be5551799623943a4
7a26780461fa5b189686ca3891aeed135a2c599eecb4d1c80a6b0f3b2e91bf55
7b248862812e0c1e74de9065718956e41485a8bf2d6315e2e52e8caa0f926f4f
7d0045314684d37447b37f42a67c55caaf3d04c98a68cb75a760ed799899a965
7ef5f7dcf7a5c67a176d0fe031fbe89a148b107b891d200eb51500326eb79c00
80be3290b4f41a47a2302767a077962a38ceb824d00f23cc5fe781e4504443f1
80ed952c4c5c2eb27b629006236caa7b3cc094085418a2e8b6ffa29e0c16817c
815061e2fd0ba411deebcd25e999158eaedf768d16eb0742f48586db901be7a0
820e169ce24824066d9973fd4b6561aae9dcd6dbef6435da905d5a1d6482997c
828392cd2a6e1b35bdb02cbe1e5591b5d8c799caf26342a2e1da42cd8f8d571c
8312c8587febfbe160bc6d63995216a8c04609c32d62bf89dff1b2a20c82af42
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8355bcb3d0e0289799a2aa478da4c819779cc49ef3938dea217aee1473e1d21b
8399ecae2e9491d2f4a971d9cd42f799d2ee364ac132ea8bf007421adfba845d
83a38b28b67b7b73105898c2f8a757e1637bd81d9ff2f940e47da25c9250de62
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
859a6a8e2a4864ed098175375612b277c2c33d6e6d43fcf543a1885af0ab51fe
863ad739bb9402363d8f11aa86e044ddfa80fd927de18b09814259f152fdf01f
863ea7e4aef0f9a8125785769124866975ed402b68f8b198070acaa9834a7c8f
86c6f7d21a742a6a8f742c76a92f06945f95ee5d4a688d2d3f7b34a62cb8eb48
8823ea38784d0074a289936b69c06984f58d713df6876137c0d0ca5e888a506c
88594132b00910cf410d97bcc8862225d25a0ae3528b773515a25360882596cd
8881c1dcb43b1df341f951f421dadca3eefa0c964283e59f3d3927e85f3a6ed8
88e93d5a10c5ebe9b3637d612334bd0bcafc87f9b24d3aa8554102b3b22a5029
893d6e3ee154ba5cafbb90c33ce8cd4253e517a22d0d44a8990809cc53fa3505
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8c6e72ee524a5beb9bf4c616f50d29b0d69b4bd6d4161dd2d531961c61705ca5
8daec1beb5269a615001dabca2e3805c2e137863f9dc7d4da6e86ddbd42a8c01
902d8042557f4134a7cfe46454bb389075985c3758bd48a9f96acafa4a0a432c
90cc8579d328b1937bb9cd2ff41057b7ea03db5adfa87ca1380503f1032944f1
90fef9d0acae0cc250d08d7b98da896c6c0dc6bb33999ffce7819fad76e5ff02
917fb5500ab45c11f7d0ee7043d22b5a2a5f532703323f7d1aed5b732df9fd64
92263d0f770102081b68c681400d9924f854f81c19df3f2caa03935202fa829c
92583fc8f4db98e31bed1a6a083bc7e22659c44b202c8cb50b06190af6673519
9273e5379701f3409da682e18dd20d6a91def7325d765eff86a7b41a3bee792e
948198a9265c42c52bba934a850c9adb30ce915097b3928d189e73154b4e1874
948dfd7372d70c12a80472d86b4033d93adbb52d02d4585d519416c4f4b4be62
96c293e6618c3f300e4f39859c6d5cad961fc68874597365cddcb8fddc1f05d9
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
9762534abd6c963a095bbc47c6d84a2aaa1ea90e9cdf2dbfb4d08c32396134ec
97a09a2ef08cf6f7a8e3ce982c8747321d4db26cf3d3854772d2c2443215ec9b
988956ea96ff762b093da48e22de94011c5399269521820b0b51d23395ce03a1
989bb47057732be8eafd61e6bde7f3e8481068a1e396e75da443ed9be6cfc168
99a4048a29462dc43fc205f41fb3b3d57c4ea2725bd0b25af5e9004e02c8e74f
99a7c62b9ba19d6f3cfa729f396c27593659542702682b73ba87eff5d69a8755
99d22e206a5ac6e477ce8a4466d3f01ab5db135dc1fdb8a75b9bf8f0d10a28d6
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9bdede35405067c7cecb26fac81e2ec8b100a8a914696c95dc2121df9a9a3bdb
9c2fcb7d287acd55ced19b71605de51bb39908a81fdc28df3e87da3d43e54ccc
9c72e71ef67572cb63d1fc8761a55e6cdafbfda9f1201c9aeb731dd68305438a
9f70a0ad90fd3a1b077772550ea7977209cf59333f63aff8c63d631f406935f8
9f8bae50462873e199984cc7074ccdd15688fde3a50c544f6c19fe64c243e2ec
9f98697897845b218e8353fca80f94186b29cc13f6485d2d30ea67df0ffe42df
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
9ffa61667e677214bbf9bd395ccbeca73dc6f1dbcf6f02869318db4b701fbb28
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1678d3756921a43e6e47bc8a1731145abefd0c6dae8f507d63407c32770f939
a1ca959d3153c9915831702ac6c4fd3006c2badb37f6e8328f740127b7962e83
a1ccc5e87860b7207f2731333226e73051edb6e19ac1a2ecca0acc3096776039
a1e78fb7e51d3b2d412350a14b9904c0025fe6914b1799329f198270a5597eea
a20d8bedb6e500ed592c818c928337990bb6fc4754e900977a044d5362c681a5
a3bc32571d65853e07135d61e528de1ab1ddaf12031898499c8530650956898b
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4a8cecd4878422212cf319ec2cceb9a7ffacd30f31ea5409c8c4575cd8a312b
a50f4fc208a1bd79225b231e7cef6298bb55efe887305b9b523807b7aba9434f
a534ab0659d0f6304fa9d97c1dc5d0fa7aa3752ea103c56647cdb06487ad7f45
a5ba2b447b32ab4dfa0a2a99e3859496bc3dd167a033f7c3b708ece4a7c4de62
a6fd8baabc0ac7193f41296a9d60010b647ed3864e35184ff769e5a9bae6de81
a863a77e9ee263a0ec9c1e792bb33ed0f663582b7369f472261df7b6040990c4
a911b617fa9c17296261746f2254a9e61b8b9cee6444e82025e58b4d819a03d0
a9a5399f89e7a6f86666c33da3ff6f08daa804463cc60490c2c6afb00ca34fcd
aa15ae8f47666c19f907572c8135b11a02dc34f1d3ce736b7cc6fd012a99263c
aaae67d76785ca3c10c3ec64930c48342d5ee67f49a7ce60854e38b80b7d0774
aaddea26d639384a48f5942d10306e4341fc10c9b28d7e11fdf189275e9b775c
ab2ad59f6a0d23aad6ef765f8f0c7888b8ae29c4ef00f2e7bd5f6e995590495c
ab37e58d19a0b1c89f97e8b2a054ce2934fb6c6fcb2730d2977036a617bfa740
ab8132133b0518d13a0ab93e98292ca51c97df49a858a260fda282409bf89cce
ac8f7efc880bf0528a9888e9709ddf74fa0eab9fe544142d04753e7643f4528c
ad2d64b487aa8224a5d6b987709758d109703ad3f550f53533475aefee5920ec
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
aee6ddb41d43502414b750d682c6c02cfb5ced519af4d9d3aa5bce26b38563dd
af8176bec25bdf12f86c5e39af1d45acb501af350e10d7fb7c6b2ce73d5ae6bd
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b0fd488b68149b3c76618ba4df7d621fd33b6be2a036cb4b6e86225c9ff79b12
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b16a30a98167fc4a1dda480dd5e6f1c4875dda76053db2d662715e45793c1da4
b4c11d6d3acb49caef88943624f63122c237b73b12235f42a9d336b5b6b6e6a9
b5ef2e200b14f403ac0e33204762b13f39642ac2de462a30c703a30f86193c80
b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79
b751d0ca54cb457ba9e4919aac3f4ae3fa9c44a6a0dc2f9bb3af3871623b27c7
b7733207cffdf30a54d5243350f4d55e696721a83a3022df349ce7ee17cbd3c2
b81fcf42ce76a67a6595d445766cc7e2721cc7f3644ea6fd97ca59d615e0af83
b86fb286eac373cbc81f520715a3d5a7b660c0ffed72a2c000b90844249dcd16
b8e58bb0b524378bbff142e22b536b5a9e5ee57a547256a99ebfa0f5e7973b1a
b9cc492ae8cf3d6775d039f56877730407deef9839c87f5248110613a5e52c32
b9d2c73ec1f8137a518b8345a65f02da3c8eca11bfbe989f1d3ca99559c5db72
ba39e79090f757f6ee238d60d3294600636abf6bdb216de76f4f0e427eed8681
bbead98319b2bee5757af35b4eacf615df3e45da2f69cb999cd4694a26bfb90f
bbf93496fc764f94c1a1cbc07f5752d94dfe30df6fb06e77e4be0479fcf19748
bc0410809e43dcc1d85142fa34872d9905812e6eca04588c70ce26399119667d
bc54379b6288f5970da471f0f64ca15f8c9e3a3819a0950608a45b7479d5a11f
bd954d2e5a86753af91258b8cf5e39cbae30241def15687ed2cf4942f3b7f42e
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
be0e19a5e393ce1ab70dd927ea2740f84f2e929bfbd16d808ed2efe6c49f9449
be0ec6c456c77b656bb531e87ccfba8a430b636afa06f2fdbe29a56e2cac78c5
bf88a5a2d322ea15ece8931b9fc3c81b7d751cb8301bb1b7ec0831de1338e648
bfa36b80412fedbec98205b35afd6764ca764124cf34b1a50ceea13c6433ac63
bfe5641a30aa9f838d2ec8c7a4ce57c85215abf31b9ed5a137455773f3112aa3
c04b6be769ad84324a5fc45305d9d4905741a014f42471415acc151fb49ea7b5
c1ee278b624720faca713fcdb71086f76cee6a7df456afcf097f98c3007b0d92
c1f5dad11bc1eaef854848901913d4b452c3c6ad1844df5a9d7578ed0e9ce887
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c2a1d39369355d39a6bb3406ae93ce7fab635897c92f9e35a005bd49651651d2
c2d5e84e2f7f0cce7e319db08ce4cbd3686efbebcfb96bf442b678809a983fd8
c32f037023186944ac51e43cf9a97f85eff4ad787658b494bd75ca365ede06e6
c5c441639c40ebe2d990a9e48ddf8abae666480ae9e0cfecd559d839428d44ee
c5df51e0b283e2ca9c6bfdd458a2b9848748843bdf94c4b4a66d9e8b14ec48e4
c62d3365b732e66b5b762c79e52e447a10de456d36c9313880b874f8fe828541
c6588d7bf15df0411498e4eff8f6f4c28bc984fc128f72c0ab8dc87d45f3b97e
c9407306c99aa592d3941041ee0a44d11e0aacc83ded152d46032753ea6ff71c
c9ae79b34c4bff8b3a8fa8ebbf08c75c53e7611601b0e49531f2d5e023be7c44
c9fa9b5fd2b7039ef13789f4a63f436e3c304f2dd0a37a414a25f0b31dac3d71
ca62079c67487abe469a97294d86960f779695de5c283add9379f49f916aaec9
cc689d14723b0e67544df62db9f3f1bad8bdbe21fd52f8cfe9de56c033588eb3
cc9cb457f26e6b8d81a37295c29fe66fe9fe2a8a175b24cc58380a0f4b1fe17a
cda3c421b62828768ee2741a35bef36bcfdb1199ee3eb987269f7d1ce2dd8876
cf6706bce36194d053434dba80d7fed9de26ae877147e30cb28d98c028572ddd
d083967126ab505435dc2d296e5887257c0b0025dd318f16e27f94c9d9df82bd
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d2156a30205c81818ef4988dda7c1687fce93d417d33ee57b31c6dfdcd4b7866
d234b02043d4b5c504111be64be2fde0772d196734819be2d7760346512d5022
d2c5746f31b0ed678e1e18b889124cb49ce185c8d16b06c783279243916500ea
d44484eca9f94a944633613c6cf68f118f46930673bf77dd6a5d00c493e3bda0
d4927e7d34aa6b11318cb5d9ac80f4ec1f933131556edd466f63d946d9c31069
d4c7d5a262d2eef57d137491a91c663c9465f84cda0893639fef8b33bb71ad59
d4c894096f098f182fce5e90521e0fdcb2cc9bd0d45739b7c03c69dd7a00e9a0
d5258761def0acb055bd92dd017d29caefa83fbe45f64ba95b7da9c5f794da4b
d58ce2267eaea07a8ef57e3d67f788889f547cd7f0f69a85c08e50e6be8d4cc5
d5d1543bd4168971599a3182c4df6f43ab78d80be3743ee02251def5de7eb948
d68b04847ddc49ad6d39d9e9a2eee8f76a7edac3e3ac41889b556abee0615112
d6b6b8c1eca0c4b1dc7bd41b30df4237ebe7dbcf91e2f884b0ca4953c6aafaa6
d6ffc492eea847471573fd94c017a8da3516e9f4511db876aa9221fdebdfe5d0
d756e23034e801ff1251e5c699ccea3c48c3682ca1dd34f347940e8321756552
d78d29f5701f639091176469cd9d5123e2bab2a737ab9850386512265a56c2cd
d7a1fe91badd3cd8bf3f142d4e8630cc94fb3811e9bbb3be5ab597a57a361eb3
d8a954a61020a5f26298a414f4ba3e0ef0d25cd98de2012014d5b01776fc5ceb
d9460efd0d58d26708a00e24810658caa07da309285cd09805d3599ab529d8e2
d9515e643b0c7f3716d74f10b4fbcfd7d46a063c07a1fb7e9eb1ab80e42bb370
da3eb7670eaa8f33cbec5f35ef157ae63ddaeaf3b839a6d453b074567a972f26
dc00d2dc19a9dd32d5f89ec3d68bfed90dd775a5fa638855b7fe00d6415f379b
dc5e7c26722069a2248d1ffd8529b9c6ff6275f1fb7bcf5ee8661f0c1afb120b
dcf530f1a470d3db533a58756e4b924ef5cf10a0a190ba7ae76678d3e85d16e4
dd14601ef05de262b86de19d4bb3d757350cd85ed018c83c8497981ca11a1f93
dde1862d4503d26b9d744368aebe02c9b197486f4b4413384d9c969358612b6d
de6f607bbca229055f003dfe1ef694ab5bf12ededcd4ee25cfd48f8e373a972c
deff40f630a3944e426b6647aa03bcf78a42d1fcea307a416591daf5493cfe78
df0b62593763a1faa65202d76c4dad0774189bc742452b7895ebda8534da0b1a
dfdc8cdbfb6ef2c348991664c9cb8d718fe775d9399b14c31dddc8b32cd84536
e1698c2b89cd839a02ef0ba003660e30c8165d8b7b59cd5f3a08d08e30ca61f5
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4107c12d8f69a16b5fd230739d3c6af5023b4dda683c5019f0a6ec93246c43c
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e46fa7ee227000e5803c3317aecd58d5f4fa151e367a94f24e9e814b9dad6330
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e777c8f93b54f59ff59df5656680494a2b46c4545a082ddf6d6363ba06bc1b89
e79cd35e4c98c9f78fc026019e6bbb8503223821407cfc5320c2478b7c6b0650
e83b21f64feea987080053a9cfbb4fb6bcff3210130f1884ba210269c6a68770
e8b13571b81b3a86de8b0956321cb2b0bd6a5d280bda347322737794ff824743
e8c15a8cf23c53c797491f2c9e5b3407be7cd3f4140e7487d2514e482aadea6b
e9a337c022e14f6447fba01a1cb31fa378d291a3b67aea4366d1199acd81d11e
ea3bda0286cf13ceda6fa3ab9a91d3d3910cff105b0092c818080cef4dbfa524
eabdb0023454ac1160ac14cb1dfc8ba73ea2e7e9fcf1a3349da8ebee5c8c021e
eb3c0ab5c18d69f1536139fc688e4efc05cce7a6f07aa77fc48d79173d7e56c1
eb6f97a395ad4471c1b3f5a3059404e91cbce9e4c464f99492fb94543ca6dbdb
ebaa515186f2f149e9a134e99c3442066a03e6526a5962ad9b252fb5fc0975bc
eca7464a94a258693d4dec59d01c8472577d265ad230e889d985cae3f3762636
ed08de1503cae2839b33b669a964a33af728abf5067f067c1e939d92b5e5caab
ee73192a5a5191d40e77d898f1007158c85e20c2c49b2286832da2a3c55318f4
eead0db8ec1f452443dc79fb433a4603ea624db210b184c8fa911a4bdd6a7a91
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef1e231a2cac85a1ffb883a341f354b8a18f3ab3827c085bca5a2c0fdaa8806e
efcb6bc00136c60da14d59b3eeda421a00abd4ff6ea2077d75feafcfc060dcae
f063c682af117d2637793c4c4806ffee77fa3dffedd31bae31852d908fcacc0f
f17e5b1aca30d6d338bba03a4afbea01c33abebe9619a0510a37e80c6e8393f4
f208dcecc28d86728b8e2cbbeca279de158ac58a268896981d73856d1069b5a2
f5017b9c723e086637bbdccf5b66cfbfafb555e27d824e43c8eb64836d1c1036
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f653f82c4af64ae786aad3d9171cb7b5bb8c27b9e17214d5333bf418bda83eff
f6adb794eda0e31a163ed517d8e63d388dbb762031a189349c72af2bc37bb4f2
f7e5e1806505e164793f68d35ea2d03ab944ee97807526f794b949e31bebeecd
f7fb6ab699c85d3b65abcb1c06ebdf8106fc712d4b75761280241118b0b0bd17
f8af5357000fb0af2769cc91287035fd0e49efaad6c7b0881196873062c63b5b
f9ac5aa6cd3285ace792529bbd525469c1f9932feb2f5ad29bfea3d733a1bc1c
faf2c3fd638b5eed592c7bdc2108f34ac1416cd14207736e5c213dbf7cc5b5ee
faf2dec680d35cc65bb3a72fb2e2796f147677c1fbfa426d7463266c0756aaa2
fbb7112651e9e565abeaed6a98122e1d202dc585580ae57d31cee4a93eaa9580
fc5f67f3b8930a083aefe7479bcb7aeabcb090c8eebf1ec4268852c9d1c4a887
fc9162a2911d1b9508df47e9643484d4c63957933add975e7a5eb20885cd7cd1
fcad94dc5217edbe940f0e33215ac715a9675a2bfbed59e9804047791eb8f864
fce6aeeea26df65e2a93d50152c39dc68397f7d58f3daa3cfdf70ef0fd2c2143
fdb42a3889107a052e55d2dd45a0e9b938c20f4dcebca9297b0f7627a9b4f4c8
fe12ba8da3bc0afa2583777777a2f4c40c48bb05fbd1a8eb2f70ae3fa3eaf6e2
fe69a49fad971fa67de800b945e0f5898a4326cd3646b5aeaba0662d6e86350d
fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48
ff8f14a8686ce379a58f47538d98eadd91781d262702a827ba0842e5a9edeffa
ffcb2f66a90cb56f5e78b9246d4ba7720bef7bc209aa4faa1879d94213210b7b
ffdedcf6a343afb2b16c899b0417ce069c3ef62c60b0dec348df0e4be8c5795e

koraplus.com Open in urlscan Pro 2606:4700:10::ac43:1472 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

683 Requests

95 %HTTPS

56 %IPv6

35 Domains

57 Subdomains

42 IPs

11 Countries

9118 kBTransfer

19358 kBSize

28 Cookies

6 Outgoing links

Page URL History

Redirected requests

683 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 27 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

koraplus.com Open in urlscan Pro
2606:4700:10::ac43:1472 Public Scan

Screenshot
Live screenshot

Full Image

683
Requests

95 %
HTTPS

56 %
IPv6

35
Domains

57
Subdomains

42
IPs

11
Countries

9118 kB
Transfer

19358 kB
Size

28
Cookies

683 HTTP transactions
27 data transactions