ez3c.tw Open in urlscan Pro
2606:4700:3036::ac43:d98a Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://ez3c.tw/
Effective URL:
https://ez3c.tw/
Submission Tags: tranco_l324
Submission: On November 23 via api (November 23rd 2021, 7:54:39 am UTC) from DE — Scanned from DE

Summary HTTP 222 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 49 IPs in 8 countries across 38 domains to perform 222 HTTP transactions. The main IP is 2606:4700:3036::ac43:d98a, located in United States and belongs to CLOUDFLARENET, US. The main domain is ez3c.tw.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 17th 2021. Valid for: a year.

This is the only time ez3c.tw was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 10	2606:4700:303... 2606:4700:3036::ac43:d98a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	103.231.212.226 103.231.212.226	18229 (CTRLS-AS-...) (CTRLS-AS-IN CtrlS Datacenters Ltd.)
1	2620:1ec:bdf::44 2620:1ec:bdf::44	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
6	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
21	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
3	172.104.98.174 172.104.98.174	63949 (LINODE-AP...) (LINODE-AP Linode)
2	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
5	2606:4700:303... 2606:4700:3036::ac43:aa6b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.244.138.40 35.244.138.40	15169 (GOOGLE) (GOOGLE)
19	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::200d	15169 (GOOGLE) (GOOGLE)
2 7	2a00:1450:400... 2a00:1450:4001:811::2004	15169 (GOOGLE) (GOOGLE)
1	13.75.71.72 13.75.71.72	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
6 37	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
1	34.96.103.78 34.96.103.78	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
3	207.46.146.168 207.46.146.168	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2600:9000:215... 2600:9000:2156:f800:7:6b7b:1000:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:400c:c1b::9b	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	137.116.169.173 137.116.169.173	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
25	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::2006	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
2	2620:116:800d... 2620:116:800d:21:8c6e:cf2c:8d6:9fb5	16509 (AMAZON-02) (AMAZON-02)
1 1	52.89.234.250 52.89.234.250	16509 (AMAZON-02) (AMAZON-02)
2 2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
3 3	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
3 3	198.47.127.19 198.47.127.19	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
4 8	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
4 6	37.252.172.250 37.252.172.250	29990 (ASN-APPNEX) (ASN-APPNEX)
1	138.201.84.252 138.201.84.252	24940 (HETZNER-AS) (HETZNER-AS)
1 4	144.76.91.199 144.76.91.199	24940 (HETZNER-AS) (HETZNER-AS)
3	2a00:1450:400... 2a00:1450:4001:828::2006	15169 (GOOGLE) (GOOGLE)
1 2	142.250.184.230 142.250.184.230	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
1	51.75.147.170 51.75.147.170	16276 (OVH) (OVH)
2 2	104.76.200.221 104.76.200.221	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8100:f976:bfd0:751d:6023	16509 (AMAZON-02) (AMAZON-02)
1	142.250.13.154 142.250.13.154	15169 (GOOGLE) (GOOGLE)
1	143.204.98.27 143.204.98.27	16509 (AMAZON-02) (AMAZON-02)
2	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
1 1	151.101.66.49 151.101.66.49	54113 (FASTLY) (FASTLY)
1 1	159.122.14.34 159.122.14.34	36351 (SOFTLAYER) (SOFTLAYER)
1	66.155.71.25 66.155.71.25	13768 (COGECO-PEER1) (COGECO-PEER1)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
2 2	3.122.152.23 3.122.152.23	16509 (AMAZON-02) (AMAZON-02)
2 2	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
3	143.204.98.28 143.204.98.28	16509 (AMAZON-02) (AMAZON-02)
222	49

10 2606:4700:3036::ac43:d98a (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

ez3c.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 103.231.212.226 (India)

ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN)
PTR: static-103-231-212-226.ctrls.in

sdk.truepush.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:bdf::44 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

a.breaktime.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i1.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.104.98.174 (Tokyo, Japan)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1708-174.members.linode.com

an.9ez.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3036::ac43:aa6b (United States)

ASN13335 (CLOUDFLARENET, US)

power.adhacker.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.138.40 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 40.138.244.35.bc.googleusercontent.com

alliance.breaktime.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:811::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.75.71.72 (Central, Hong Kong)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

powerads.breaktime.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 142.250.186.34 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.103.78 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 78.103.96.34.bc.googleusercontent.com

campaign.breaktime.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 207.46.146.168 (Central, Hong Kong)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

catalyst.breaktime.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2156:f800:7:6b7b:1000:93a1 (United States)

ASN16509 (AMAZON-02, US)

sdki.truepush.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c1b::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 137.116.169.173 (Central, Hong Kong)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

article.adhacker.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.89.234.250 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-89-234-250.us-west-2.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.227.252.103 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 198.47.127.19 (United States) 3 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.138 (Frankfurt am Main, Germany) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2.18.234.21 (Frankfurt am Main, Germany) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 37.252.172.250 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 138.201.84.252 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.252.84.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 144.76.91.199 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.199.91.76.144.clients.your-server.de

hal900018.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.230 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f6.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.75.147.170 (France)

ASN16276 (OVH, FR)
PTR: ns3133977.ip-51-75-147.eu

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.76.200.221 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-76-200-221.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8100:f976:bfd0:751d:6023 (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.13.154 (United States)

ASN15169 (GOOGLE, US)
PTR: we-in-f154.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.27 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-27.fra50.r.cloudfront.net

choices.truste.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.122.14.34 (United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: 22.0e.7a9f.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.25 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.122.152.23 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-152-23.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.156.0.31 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 143.204.98.28 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-28.fra50.r.cloudfront.net

choices.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
55	doubleclick.net 7 redirects googleads.g.doubleclick.net securepubads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net static.doubleclick.net 5994599.fls.doubleclick.net bid.g.doubleclick.net googleads4.g.doubleclick.net	691 KB
49	googlesyndication.com pagead2.googlesyndication.com 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com tpc.googlesyndication.com	354 KB
21	wp.com i0.wp.com	684 KB
18	google.com 2 redirects apis.google.com accounts.google.com www.google.com adservice.google.com	135 KB
10	ez3c.tw 1 redirects ez3c.tw	328 KB
8	casalemedia.com 4 redirects dsum-sec.casalemedia.com	7 KB
7	gstatic.com ssl.gstatic.com www.gstatic.com fonts.gstatic.com	95 KB
7	breaktime.com.tw a.breaktime.com.tw alliance.breaktime.com.tw powerads.breaktime.com.tw campaign.breaktime.com.tw catalyst.breaktime.com.tw	33 KB
6	adnxs.com 4 redirects ib.adnxs.com	6 KB
6	adhacker.online power.adhacker.online article.adhacker.online	25 KB
5	ampproject.org cdn.ampproject.org	103 KB
5	redintelligence.net 1 redirects hal9000.redintelligence.net hal900018.redintelligence.net	11 KB
5	googleapis.com fonts.googleapis.com ajax.googleapis.com	35 KB
5	googletagservices.com www.googletagservices.com	172 KB
5	truepush.com sdk.truepush.com sdki.truepush.com	22 KB
3	trustarc.com choices.trustarc.com	15 KB
3	pubmatic.com 3 redirects image6.pubmatic.com	1 KB
3	openx.net 3 redirects rtb.openx.net	603 B
3	google.de adservice.google.de	1 KB
3	9ez.me an.9ez.me	25 KB
2	yahoo.com 2 redirects ups.analytics.yahoo.com	878 B
2	bidswitch.net 2 redirects x.bidswitch.net	2 KB
2	addthis.com 2 redirects e.dlx.addthis.com	1 KB
2	rubiconproject.com 2 redirects pixel.rubiconproject.com	916 B
2	rlcdn.com 2 redirects id.rlcdn.com	889 B
2	everesttech.net 2 redirects pixel.everesttech.net sync-tm.everesttech.net	910 B
2	quantserve.com cms.quantserve.com	674 B
2	2mdn.net s0.2mdn.net	449 KB
2	facebook.com www.facebook.com	313 B
2	facebook.net connect.facebook.net	113 KB
2	google-analytics.com www.google-analytics.com	20 KB
2	googletagmanager.com www.googletagmanager.com	76 KB
1	ctnsnet.com 1 redirects gcm.ctnsnet.com	511 B
1	sitescout.com pixel-sync.sitescout.com	191 B
1	simpli.fi 1 redirects um.simpli.fi	714 B
1	truste.com choices.truste.com	10 KB
1	innovid.com ag.innovid.com	297 B
1	contentspread.net cdn.contentspread.net	52 KB
222	38

	Domain	Requested by
25	cm.g.doubleclick.net	6 redirects ez3c.tw 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com googleads.g.doubleclick.net
25	tpc.googlesyndication.com	1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com googleads.g.doubleclick.net ez3c.tw cdn.ampproject.org
21	i0.wp.com	ez3c.tw
19	pagead2.googlesyndication.com	www.googletagmanager.com 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com googleads.g.doubleclick.net bid.g.doubleclick.net www.googletagservices.com
12	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net ez3c.tw
10	ez3c.tw	1 redirects ez3c.tw
9	googleads.g.doubleclick.net	pagead2.googlesyndication.com ez3c.tw 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
8	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
7	www.google.com	2 redirects apis.google.com 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com tpc.googlesyndication.com
6	ib.adnxs.com	4 redirects googleads.g.doubleclick.net
6	apis.google.com	ez3c.tw apis.google.com accounts.google.com
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	fonts.gstatic.com	fonts.googleapis.com
5	1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
5	www.googletagservices.com	www.googletagmanager.com 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
5	power.adhacker.online	a.breaktime.com.tw www.googletagmanager.com
4	hal900018.redintelligence.net	1 redirects 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com hal900018.redintelligence.net
4	fonts.googleapis.com	client 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com securepubads.g.doubleclick.net
4	adservice.google.com	securepubads.g.doubleclick.net 5994599.fls.doubleclick.net
3	choices.trustarc.com	choices.truste.com
3	static.doubleclick.net	1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
3	image6.pubmatic.com	3 redirects
3	rtb.openx.net	3 redirects
3	catalyst.breaktime.com.tw	a.breaktime.com.tw
3	adservice.google.de	securepubads.g.doubleclick.net
3	an.9ez.me	ez3c.tw an.9ez.me
3	sdk.truepush.com	ez3c.tw sdki.truepush.com
2	ups.analytics.yahoo.com	2 redirects
2	x.bidswitch.net	2 redirects
2	googleads4.g.doubleclick.net	bid.g.doubleclick.net
2	e.dlx.addthis.com	2 redirects
2	5994599.fls.doubleclick.net	1 redirects ez3c.tw
2	pixel.rubiconproject.com	2 redirects
2	id.rlcdn.com	2 redirects
2	cms.quantserve.com	1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
2	s0.2mdn.net	1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
2	www.facebook.com	ez3c.tw
2	connect.facebook.net	ez3c.tw connect.facebook.net
2	www.google-analytics.com	ez3c.tw www.google-analytics.com
2	sdki.truepush.com	sdk.truepush.com
2	www.googletagmanager.com	ez3c.tw
1	gcm.ctnsnet.com	1 redirects
1	pixel-sync.sitescout.com	1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
1	um.simpli.fi	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	choices.truste.com	1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
1	bid.g.doubleclick.net	1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
1	ag.innovid.com	1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
1	cdn.contentspread.net	hal900018.redintelligence.net
1	ajax.googleapis.com	hal900018.redintelligence.net
1	hal9000.redintelligence.net	1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
1	pixel.everesttech.net	1 redirects
1	www.gstatic.com	1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
1	article.adhacker.online	a.breaktime.com.tw
1	stats.g.doubleclick.net	www.google-analytics.com
1	campaign.breaktime.com.tw	power.adhacker.online
1	ssl.gstatic.com	accounts.google.com
1	powerads.breaktime.com.tw	power.adhacker.online
1	accounts.google.com	apis.google.com
1	alliance.breaktime.com.tw	a.breaktime.com.tw
1	a.breaktime.com.tw	ez3c.tw
222	61

This site contains links to these domains. Also see Links.

Domain
bit.ly
www.facebook.com
twitter.com
software.easylife.tw
faye.tw
www.soft4fun.net
drugs.pixnet.net
www.sakingdom.com
seo.soft4fun.net
myip.easylife.tw
invoice.easylife.tw

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-17` - `2022-07-16`	a year	crt.sh
*.truepush.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-13` - `2022-09-13`	a year	crt.sh
*.breaktime.com.tw Gandi Standard SSL CA 2	`2021-07-16` - `2022-08-10`	a year	crt.sh
*.apis.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
an.9ez.me R3	`2021-08-23` - `2021-11-21`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
accounts.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
sdki.truepush.com Amazon	`2021-09-24` - `2022-10-23`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-09-01` - `2021-11-30`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.adhacker.online Gandi Standard SSL CA 2	`2021-07-16` - `2022-08-10`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
redintelligence.net R3	`2021-10-21` - `2022-01-19`	3 months	crt.sh
contentspread.net R3	`2021-10-04` - `2022-01-02`	3 months	crt.sh
*.innovid.com RapidSSL RSA CA 2018	`2020-02-07` - `2022-04-07`	2 years	crt.sh
*.truste.com Amazon	`2021-02-16` - `2022-03-17`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.sitescout.com RapidSSL RSA CA 2018	`2020-01-15` - `2022-02-02`	2 years	crt.sh
*.trustarc.com Go Daddy Secure Certificate Authority - G2	`2020-05-21` - `2022-07-17`	2 years	crt.sh

This page contains 23 frames:

Primary Page: https://ez3c.tw/
Frame ID: ABC8A9281D3FB5F3C17AB0D37DFB0DB5
Requests: 82 HTTP requests in this frame

Frame: https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&annotation=none&hl=zh-TW&origin=https%3A%2F%2Fez3c.tw&url=https%3A%2F%2Fez3c.tw%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Frame ID: 87043CD3DDFB5F7821BA924AF5F34F83
Requests: 2 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fez3c.tw&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Frame ID: 132B95FEF648A0FDAE626A6A407EE1EF
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20190131/zrt_lookup.html
Frame ID: 01F88EDA56A84EB2804B8D02219E8B76
Requests: 1 HTTP requests in this frame

Frame: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 2E5667293CB012BEF6FBB734988EA124
Requests: 1 HTTP requests in this frame

Frame: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: F7E7C05744ABC014CFE65D1DC04DF8CA
Requests: 17 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 2EFEF6091600847756E528B587829870
Requests: 9 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 11CFEB43B294AA36D56F15702EC0FDA8
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 82D03AB17A9770688C799594EA851F78
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9EBE3DBD3CF0B54DA77A2A2E94640294
Requests: 2 HTTP requests in this frame

Frame: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: F0B5C798E92BAEFB0D91956831330330
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYtKK9lQEwAQ&v=APEucNU7xLtW6hpAeWQMPiTzuJyMazwwM03pdhUMDYiAIPo1OpJBy0mES7gFH8PX5ZvwXrHW6-eGTw6Fi1bgRFSfHs4raGfXY-QGHz5iP5K01TKIQBBZgai2EUpzaE9cYpBoecGbQU8e9NTZLSQM7fOyIR-7iFJ1gEz1saEqya7M7Z7502d_HRA
Frame ID: 7C159104B5CF1AB1A492BAD290800C69
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 09447045E92099C1A6980765FB0BAEB9
Requests: 3 HTTP requests in this frame

Frame: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 3B889F7633F71A32EAC0C697BB17577D
Requests: 12 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=COSBneuArvQCFczkUQodhm0KrA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=831704947435.9006
Frame ID: 2677A6D6D3F7948E5B23BCE6E8E370D5
Requests: 2 HTTP requests in this frame

Frame: https://hal900018.redintelligence.net/request_content.php?s=41823400036284800710616011787018&a=e0f38d08
Frame ID: 44648C1532C49ED61745DE6E68958AFE
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 939873154EFE8599984657E828B4B918
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 3DD413DCFD1822DB01A239DC812F16B2
Requests: 2 HTTP requests in this frame

Frame: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 375723A2B47351CF4272E9B600B5E246
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJW2SxDHxKr-AhiChIa6ATAB&v=APEucNWH87eRVQzYmlugw77w8kt4PFHy_sM1YeJsdcaCdJypk8zYGSrC7v86FqYWVSmdP0WU1IDloxBPQvuVa5OJp48A4JJYy8iZ-rtmr8cvgxAg_1T5VdbiqqCTjDsWnRVWJkEaOXJ8gkUo-OcsBBtSJQJgeW5zIHbCFXnsCOZhK2hV4xcDuk0
Frame ID: E36703B15D8DFA83648F889F41BA6CED
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 209C35D7722EEE509665FBAEE15F69B8
Requests: 3 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs
Frame ID: BDC6C9AD557F587421FEAF723FEDAB42
Requests: 19 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 04D6D49E7B8D856D348609F462255266
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

哇哇3C日誌提供豐富的3C、軟體、美食旅遊資訊綠色工廠 2.0

Page URL History Show full URLs

http://ez3c.tw/ HTTP 301
https://ez3c.tw/ Page URL

Page Statistics

222
Requests

86 %
HTTPS

47 %
IPv6

38
Domains

61
Subdomains

49
IPs

8
Countries

3450 kB
Transfer

6702 kB
Size

46
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://bit.ly/2LonBud
Title: 虛擬主機推薦

Search URL Search Domain Scan URL

URL: https://bit.ly/2w3w2kS
Title: 台灣 VPS 推薦

Search URL Search Domain Scan URL

URL: https://www.facebook.com/easylife.tw

Search URL Search Domain Scan URL

URL: https://twitter.com/csliu

Search URL Search Domain Scan URL

URL: https://software.easylife.tw/
Title: 免費軟體資源

Search URL Search Domain Scan URL

URL: https://faye.tw/
Title: 羊吠吠的。黑色。白色。黑色

Search URL Search Domain Scan URL

URL: https://www.soft4fun.net/
Title: 硬是要學

Search URL Search Domain Scan URL

URL: http://drugs.pixnet.net/blog
Title: 藥師吉米

Search URL Search Domain Scan URL

URL: http://www.sakingdom.com/
Title: 剎有其食

Search URL Search Domain Scan URL

URL: http://seo.soft4fun.net/
Title: 硬是要SEO！

Search URL Search Domain Scan URL

URL: http://myip.easylife.tw/
Title: MyIP服務網

Search URL Search Domain Scan URL

URL: http://invoice.easylife.tw/
Title: 統一發票對獎網

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://ez3c.tw/ HTTP 301
https://ez3c.tw/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 107

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPJI4BYiL12AB4gEj6HyAjNNQ7FCegGth1P2ncmFZxw7WaeZJmz03gwV21ZknkyCi6yixZhXAGO3mEAONml9sgF6OHnnzLA&google_gid=CAESEFQxayp__aboB3Nu5lykSsw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVp5ZU9nQUFBRFJna0ZFcQ&google_push=AYg5qPJI4BYiL12AB4gEj6HyAjNNQ7FCegGth1P2ncmFZxw7WaeZJmz03gwV21ZknkyCi6yixZhXAGO3mEAONml9sgF6OHnnzLA

Request Chain 108

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPLRQAIylc-8PMUCGHTmov3x2ZnrdrEc9PahQRdxF4-lfCRefAd89bjWgK3wWSWmnOyX5VIjCv0Y6CDXjRA4u16DArah4XM&google_gid=CAESEMrWla0CaxL87qTq91cblNI&google_cver=1 HTTP 307
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCLq88owGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BWWc1cVBMUlFBSXlsYy04UE1VQ0dIVG1vdjN4MlpucmRyRWM5UGFoUVJkeEY0LWxmQ1JlZkFkODlialdnSzN3V1NXbW5PeVg1VklqQ3YwWTZDRFhqUkE0dTE2REFyYWg0WE0 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwbXJoYVlkMUQteEV0ZWluZldZRUFyN2VGWW1jLUI2d2NIdUdYelZMS2M4VQ==&google_push

Request Chain 109

https://rtb.openx.net/sync/dds?google_gid=CAESENXcvZz7d4xprnR0JhZNoUk&google_cver=1&google_push=AYg5qPKZPyyACT1DiEj5TMvUlyO60xMFMsnuTvH6L6PGro52veYrDGICNqJPkvra96uNtRv8zCUVm8pncqwH7X8VyohTLFJUN9jg HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESENXcvZz7d4xprnR0JhZNoUk&google_cver=1&google_push=AYg5qPKZPyyACT1DiEj5TMvUlyO60xMFMsnuTvH6L6PGro52veYrDGICNqJPkvra96uNtRv8zCUVm8pncqwH7X8VyohTLFJUN9jg&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKZPyyACT1DiEj5TMvUlyO60xMFMsnuTvH6L6PGro52veYrDGICNqJPkvra96uNtRv8zCUVm8pncqwH7X8VyohTLFJUN9jg&google_hm=puCAE4HRxRk0RImPnKzG5A==

Request Chain 110

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEEq6GpewpMlzC_w0bC55cJA&google_cver=1&google_push=AYg5qPLAuA7eLWnOtwyeqJpJZinhtgy3fgogDEh7U7mcaHh1p8vW8NRY1DKFnEDEvy-uLcZVAQFkOWXuQoMwAld5d4G0mBRTK7FD HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEEq6GpewpMlzC_w0bC55cJA&google_cver=1&google_push=AYg5qPLAuA7eLWnOtwyeqJpJZinhtgy3fgogDEh7U7mcaHh1p8vW8NRY1DKFnEDEvy-uLcZVAQFkOWXuQoMwAld5d4G0mBRTK7FD&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=XnrBQi6CQf-aD3eItUsdDg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLAuA7eLWnOtwyeqJpJZinhtgy3fgogDEh7U7mcaHh1p8vW8NRY1DKFnEDEvy-uLcZVAQFkOWXuQoMwAld5d4G0mBRTK7FD

Request Chain 111

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEi7d7EOF-t0pSqt-zqnUo0&google_cver=1&google_push=AYg5qPK-D0guup3HxqibaV4C-OER4U4rd9ayBo-qStet9FMJyV59pkyNVHXXVykX-eGInsb980HWlkUsgcjfdH_BNjBSm0-F8-g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dCU1lBUFItOC1GTFUx&google_push=AYg5qPK-D0guup3HxqibaV4C-OER4U4rd9ayBo-qStet9FMJyV59pkyNVHXXVykX-eGInsb980HWlkUsgcjfdH_BNjBSm0-F8-g

Request Chain 112

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtHnfVBNtca26 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtHnfVBNtca26&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtHnfVBNtca26&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtHnfVBNtca26&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtHnfVBNtca26&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtHnfVBNtca26&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtHnfVBNtca26&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtHnfVBNtca26&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtHnfVBNtca26&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtHnfVBNtca26&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtHnfVBNtca26&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtHnfVBNtca26&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtHnfVBNtca26&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtHnfVBNtca26&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtHnfVBNtca26&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtHnfVBNtca26&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtHnfVBNtca26&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtHnfVBNtca26&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtHnfVBNtca26&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtHnfVBNtca26&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtHnfVBNtca26&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg

Request Chain 130

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG539ynz_Kqgrjg4ZbLLPzo&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG539ynz_Kqgrjg4ZbLLPzo&google_cver=1&C=1

Request Chain 131

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YZyeOtSTlHOeZas3qo9IsAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG539ynz_Kqgrjg4ZbLLPzo&google_cver=1

Request Chain 132

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEB_JvECIJtHqf3FWsEMqSTk&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEB_JvECIJtHqf3FWsEMqSTk%26google_cver%3D1

Request Chain 133

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTY2NDE5MDU1MzM2MTQ0NzUyMA%3D%3D

Request Chain 139

https://hal900018.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=743de9e98e&subid=&uid=bb81dab89c64d09c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCmG7wOZ6cYaGiLs6NrAS0xJXoBLXN-YNXzN65q-UM8C4QASCY8tMHYJX6p4KwB8gBCakCSfQh7IjZsj6oAwGqBOABT9Delh8yuVg006FW92ZvwV8UUzh2Q9LoK0mOTWLG5nQvpyjee7f-wq0SgHJemUazTDIIud_eIgtLs2cz1zW7USTbILyd_IMPN7ZTlsllly3mustPd6LzoGfPsx2DBg_XKpuw2lPz3D4f0PcY4J68ChOqmtc5QHXmm-eLGj_hR8zxmP5uVNMzgD6kvqqYUg5WRtKIqL6LcEwmJyyJhls5JKWwUEZqG_5SQBRXvsGEi3YLXAUI6L4eae9OdQSv_zGq5-snv62jrClyMMy2XSMS4fL0qjsCcA-JzJ7hDgwKn6zABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKAZgLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRoaEApEE7ZwUDfmZGUGwZoWg%26sig%3DAOD64_2DG1b7DqrvRBbgJ_jA4FJ7mJbRcw%26client%3Dca-pub-9418887123196030%26dbm_c%3DAKAmf-C4j3ndBW4_F53TQPwaeHASZqxVjbYUNBydF5bDy5K9f4_PHt3oudThkpp5vbxHdYVI0xGA2HVGPpUn2I7UsXMe8sjAwGWWWKh3_UQD2gNc0fC4Sf1B6Ml0zeQPOEOcUsJT3N4AGwHlNA3Y8MO6HgnsLSuJ_Q%26cry%3D1%26dbm_d%3DAKAmf-BDZG7LXv69lcTKvYwMkS7VI0BTRttwD9Fv8qsZkPQspra5GssYFktz-5DhMywAnM1tAVz9cX-n47BZi8TN1Uj5a3IMVPt6dVAZg3T_76pCXJ3NAV6KsOoesY7Av7cz4zCdGADpgBiCoiIMATSCOsx-Na7QRqzjMOa_7iJsGTbQlvP3cOpzUsf6C5x3bdGvpTepA7e4ESLDzoKMQb_7iA7bVvEVGJfSqchlg2F1RfTld2mC9M0nNmO1b_SeHkOb_YbgOTV-04IcKrPk1HqnFiibCRbwnOKMTdbJmMJlXv3GPhHTlNkdfaKoWCth3utdB4AlTBU-uftYiX7qLXcFufUyxWxfd9Z4ZxCGiaDIV6I2zxna9XV9ObB1INAf4R7Mym03Iy6YiFVkS95NZGe2C_2l9P8HedBTCLNtMrWcqnas5N2QKvRWHy7fcwruqsR7_PzfQayq%26adurl%3D&documentReferer=https%3A%2F%2Fez3c.tw%2F&ancestorOrigins=https%3A%2F%2Fez3c.tw&random=1412981112930&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900018.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=743de9e98e&subid=&uid=bb81dab89c64d09c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCmG7wOZ6cYaGiLs6NrAS0xJXoBLXN-YNXzN65q-UM8C4QASCY8tMHYJX6p4KwB8gBCakCSfQh7IjZsj6oAwGqBOABT9Delh8yuVg006FW92ZvwV8UUzh2Q9LoK0mOTWLG5nQvpyjee7f-wq0SgHJemUazTDIIud_eIgtLs2cz1zW7USTbILyd_IMPN7ZTlsllly3mustPd6LzoGfPsx2DBg_XKpuw2lPz3D4f0PcY4J68ChOqmtc5QHXmm-eLGj_hR8zxmP5uVNMzgD6kvqqYUg5WRtKIqL6LcEwmJyyJhls5JKWwUEZqG_5SQBRXvsGEi3YLXAUI6L4eae9OdQSv_zGq5-snv62jrClyMMy2XSMS4fL0qjsCcA-JzJ7hDgwKn6zABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKAZgLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRoaEApEE7ZwUDfmZGUGwZoWg%26sig%3DAOD64_2DG1b7DqrvRBbgJ_jA4FJ7mJbRcw%26client%3Dca-pub-9418887123196030%26dbm_c%3DAKAmf-C4j3ndBW4_F53TQPwaeHASZqxVjbYUNBydF5bDy5K9f4_PHt3oudThkpp5vbxHdYVI0xGA2HVGPpUn2I7UsXMe8sjAwGWWWKh3_UQD2gNc0fC4Sf1B6Ml0zeQPOEOcUsJT3N4AGwHlNA3Y8MO6HgnsLSuJ_Q%26cry%3D1%26dbm_d%3DAKAmf-BDZG7LXv69lcTKvYwMkS7VI0BTRttwD9Fv8qsZkPQspra5GssYFktz-5DhMywAnM1tAVz9cX-n47BZi8TN1Uj5a3IMVPt6dVAZg3T_76pCXJ3NAV6KsOoesY7Av7cz4zCdGADpgBiCoiIMATSCOsx-Na7QRqzjMOa_7iJsGTbQlvP3cOpzUsf6C5x3bdGvpTepA7e4ESLDzoKMQb_7iA7bVvEVGJfSqchlg2F1RfTld2mC9M0nNmO1b_SeHkOb_YbgOTV-04IcKrPk1HqnFiibCRbwnOKMTdbJmMJlXv3GPhHTlNkdfaKoWCth3utdB4AlTBU-uftYiX7qLXcFufUyxWxfd9Z4ZxCGiaDIV6I2zxna9XV9ObB1INAf4R7Mym03Iy6YiFVkS95NZGe2C_2l9P8HedBTCLNtMrWcqnas5N2QKvRWHy7fcwruqsR7_PzfQayq%26adurl%3D&documentReferer=https%3A%2F%2Fez3c.tw%2F&ancestorOrigins=https%3A%2F%2Fez3c.tw&random=1412981112930&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 152

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=831704947435.9006 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=COSBneuArvQCFczkUQodhm0KrA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=831704947435.9006

Request Chain 161

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPJByUGxI9-xpx0v4mvSUg7-ylgN5rruLDap_mqrWAwTojMUGeFwbX4hz0wYcJrYCpOrAta0cJZn9CbnUEqeYF0EyPGBVx0&google_gid=CAESEKa8zooyqyQh0GCZNSKbO0U&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPJByUGxI9-xpx0v4mvSUg7-ylgN5rruLDap_mqrWAwTojMUGeFwbX4hz0wYcJrYCpOrAta0cJZn9CbnUEqeYF0EyPGBVx0&google_gid=CAESEKa8zooyqyQh0GCZNSKbO0U&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTExMjMwNzU0MzUwMDAxMzgyOTc4OTgzMQ%3D%3D&google_push=AYg5qPJByUGxI9-xpx0v4mvSUg7-ylgN5rruLDap_mqrWAwTojMUGeFwbX4hz0wYcJrYCpOrAta0cJZn9CbnUEqeYF0EyPGBVx0

Request Chain 162

https://rtb.openx.net/sync/dds?google_gid=CAESENXcvZz7d4xprnR0JhZNoUk&google_cver=1&google_push=AYg5qPJgzFqqfQgwfs86WC_ftGuhrB62k15L8hchVoIUkeEY_Ozfw1BDtFvArhpW6OIkJg2cpJUkUbNGmiKhmyOX1P0uHKWDdWc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJgzFqqfQgwfs86WC_ftGuhrB62k15L8hchVoIUkeEY_Ozfw1BDtFvArhpW6OIkJg2cpJUkUbNGmiKhmyOX1P0uHKWDdWc&google_hm=puCAE4HRxRk0RImPnKzG5A==

Request Chain 163

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEEq6GpewpMlzC_w0bC55cJA&google_cver=1&google_push=AYg5qPKbgxNoAW7U350_VxYkQQF9oejOQl0IZIslGUZnYAoYQh5wMzdbeLJNbOA9iD5CxEu3fOCb-SqpvwwU1zHCjnRQMnNpXmk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=XnrBQi6CQf-aD3eItUsdDg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKbgxNoAW7U350_VxYkQQF9oejOQl0IZIslGUZnYAoYQh5wMzdbeLJNbOA9iD5CxEu3fOCb-SqpvwwU1zHCjnRQMnNpXmk

Request Chain 164

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEi7d7EOF-t0pSqt-zqnUo0&google_cver=1&google_push=AYg5qPJXN5tpmXbsP857fQ0k2ghAD1qtFXTPOIdnkG4vtzJcKO1UHaYmvorHca0oiB08XxtnuVifobIFaC4CTPRZbLJq2a_QWFI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dCU1lCR1MtMUItRzJKTQ==&google_push=AYg5qPJXN5tpmXbsP857fQ0k2ghAD1qtFXTPOIdnkG4vtzJcKO1UHaYmvorHca0oiB08XxtnuVifobIFaC4CTPRZbLJq2a_QWFI

Request Chain 165

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2Up2tXLQa-I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2Up2tXLQa-I&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2Up2tXLQa-I&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2Up2tXLQa-I&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2Up2tXLQa-I&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2Up2tXLQa-I&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2Up2tXLQa-I&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2Up2tXLQa-I&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2Up2tXLQa-I&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2Up2tXLQa-I&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2Up2tXLQa-I&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2Up2tXLQa-I&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2Up2tXLQa-I&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2Up2tXLQa-I&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2Up2tXLQa-I&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2Up2tXLQa-I&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2Up2tXLQa-I&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2Up2tXLQa-I&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2Up2tXLQa-I&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2Up2tXLQa-I&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2Up2tXLQa-I&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg

Request Chain 168

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 182

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG539ynz_Kqgrjg4ZbLLPzo&google_cver=1

Request Chain 183

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YZyeOzw-CvHKBG65WPqalQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG539ynz_Kqgrjg4ZbLLPzo&google_cver=1

Request Chain 184

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEB_JvECIJtHqf3FWsEMqSTk&google_cver=1

Request Chain 185

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjcxOTI5MDI3MDQwOTAxNDM4Ng%3D%3D

Request Chain 210

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEF8_52jy4qLsCjhHLoQura8&google_cver=1&google_push=AYg5qPI51h_Xc6eJk_pu3QiKd1MM8YUxsAbdeV6rrBlUjw6Llf39b-azTPUtoDgkHPVVdloREycxxpJB9VPfUcGu52L2Sh866fI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEF8_52jy4qLsCjhHLoQura8&google_push=AYg5qPI51h_Xc6eJk_pu3QiKd1MM8YUxsAbdeV6rrBlUjw6Llf39b-azTPUtoDgkHPVVdloREycxxpJB9VPfUcGu52L2Sh866fI

Request Chain 211

https://um.simpli.fi/gp_match?google_gid=CAESED6dnzuuFJKuNYxRqsDORz0&google_cver=1&google_push=AYg5qPJcZnrpH9l_SgEQLEPDqpMPXJiu6vxCVN_xufL89-066vnxh7Qa2xA_fV6DGkkbC4eDaLeoenlGNFP45oogt8PZwC4NbZI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C1DD65FACDC44AEB8A8FD8B82F4DF6B1&google_push=AYg5qPJcZnrpH9l_SgEQLEPDqpMPXJiu6vxCVN_xufL89-066vnxh7Qa2xA_fV6DGkkbC4eDaLeoenlGNFP45oogt8PZwC4NbZI

Request Chain 213

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEJocLPhR2FcIswJrg81IC7c&google_cver=1&google_push=AYg5qPJO5WeaHY8WPw5twEPRf8gnLywAl--kIhME1hjlUS1URdEhm9k9l72Bz0O7vY2BhOLwbZfG-jLQRtS8TM5KgzUxCX1yA3c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJO5WeaHY8WPw5twEPRf8gnLywAl--kIhME1hjlUS1URdEhm9k9l72Bz0O7vY2BhOLwbZfG-jLQRtS8TM5KgzUxCX1yA3c&google_hm=MoOQfItkQC6e0ALFDxTcj04

Request Chain 214

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEFglkecr-6jOab8fnILHOAw&google_cver=1&google_push=AYg5qPLpq4zmyB5ibX9L1vY07BXngPmwcVvXJ1Trcjjk9-0BmgVLgiPSdhNjCfslWlY8Zro1gquX28hNNF0tgSgpjjOlkRL_sDY HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEFglkecr-6jOab8fnILHOAw&google_cver=1&google_push=AYg5qPLpq4zmyB5ibX9L1vY07BXngPmwcVvXJ1Trcjjk9-0BmgVLgiPSdhNjCfslWlY8Zro1gquX28hNNF0tgSgpjjOlkRL_sDY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPLpq4zmyB5ibX9L1vY07BXngPmwcVvXJ1Trcjjk9-0BmgVLgiPSdhNjCfslWlY8Zro1gquX28hNNF0tgSgpjjOlkRL_sDY&google_hm=YCcuMrb1Q5qDYqYtPBay9w==

Request Chain 215

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwRtXINkjERg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwRtXINkjERg&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwRtXINkjERg&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwRtXINkjERg&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwRtXINkjERg&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwRtXINkjERg&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwRtXINkjERg&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwRtXINkjERg&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwRtXINkjERg&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwRtXINkjERg&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwRtXINkjERg&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwRtXINkjERg&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwRtXINkjERg&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwRtXINkjERg&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwRtXINkjERg&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwRtXINkjERg&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwRtXINkjERg&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwRtXINkjERg&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwRtXINkjERg&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwRtXINkjERg&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwRtXINkjERg&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1

Request Chain 216

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEHylxotPs2a1x0Mlz9T3JaM&google_cver=1&google_push=AYg5qPK3BAGqWO5cFzBewiMULS2jbbMrG3Yk__fuUWi8pq2YAlqlerLvCjwQkInDUR_e2b97HS7dMkKNdon9U94HjVXTuwJlGHEi HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEHylxotPs2a1x0Mlz9T3JaM&google_cver=1&google_push=AYg5qPK3BAGqWO5cFzBewiMULS2jbbMrG3Yk__fuUWi8pq2YAlqlerLvCjwQkInDUR_e2b97HS7dMkKNdon9U94HjVXTuwJlGHEi&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1YTlRPeHhGRTJ1SE1PT09kNGxualcyR3RZUGRTRlhqQ35B&google_push=AYg5qPK3BAGqWO5cFzBewiMULS2jbbMrG3Yk__fuUWi8pq2YAlqlerLvCjwQkInDUR_e2b97HS7dMkKNdon9U94HjVXTuwJlGHEi

Request Chain 218

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

222 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
ez3c.tw/
Redirect Chain

http://ez3c.tw/
https://ez3c.tw/

46 KB
11 KB

999ms
981ms

Document
text/html

2606:4700:3036::ac43:d98a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ez3c.tw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:d98a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: 61ead988d9376b912755ac1fcd6acb02289cc3a147d9a9348746292924d3bc10

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Tue, 23 Nov 2021 07:54:31 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding Accept-Encoding,User-Agent
x-powered-by: PHP/5.6.40
x-varnish: 48816386
age: 0
via: 1.1 varnish (Varnish/6.3)
x-cache-status: HIT
x-page-speed: Powered By ngx_pagespeed
cache-control: max-age=0, no-cache
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pptjUOk8QwLrWUEUA7lModUlYDqaGxhd9zzuDL3iRHNaJNYk9Bf%2BmrW5q%2BqDnMStThfcK0WjIGKkXEHK%2FF5jYkqHYEwavjRvaPJwCd0nOGx%2BRLQvlCWdqQCbrAfXP4AqJ%2BiWg37%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6b28d4764c9f4e5c-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

Date: Tue, 23 Nov 2021 07:54:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
location: https://ez3c.tw/
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5j64JvEOwWiJm0H0AqVjeofGkvYV5u20JSyHnYV1tMbLfSb7V44kIQxHqm3DMQy6wFycvbvyBOF2%2BEcVJBnpvioiI1BomntCNhLwmfqd4WPedbtgLW%2Bi1ekHA2PoKGQ7rHrKk9km"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 6b28d4732f4005f1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 useful.css
ez3c.tw/css/ 374 KB
57 KB 18ms
17ms Stylesheet
text/css 2606:4700:3036::ac43:d98a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ez3c.tw/css/useful.css
Requested by: Host: ez3c.tw
URL: https://ez3c.tw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:d98a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c16630f9dd1f60ba0372d78e2547922c1128227ae2ca29286a0b5ae194a1af3d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:31 GMT
via: 1.1 varnish (Varnish/6.3)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1184622
cf-polished: origSize=384833
x-cache-status: MISS
content-type: text/css
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 22 Apr 2019 08:39:49 GMT
server: cloudflare
etag: W/"5df41-5871a694c7880-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Ilfuktc58mq0R7DHXh9SA2VONK%2B8hngbHbmZDyqBU4ArEONJ3le7pRdU%2FFUS6fuNfqIp4GGnffUdi6%2Ff%2Fa0xrH8rFwIb%2F4wtZUeBxZ%2FW1tmGSeYuf4%2FYEnfzzWHW1Y%2BqUCCMeIL"}],"group":"cf-nel","max_age":604800}
x-varnish: 188121266
expires: Thu, 09 Dec 2021 13:38:27 GMT
cache-control: max-age=2592000
cf-ray: 6b28d47c8fdc4e5c-FRA
cf-bgj: minify

GET
H2 200 custom.css
ez3c.tw/css/ 10 KB
3 KB 14ms
14ms Stylesheet
text/css 2606:4700:3036::ac43:d98a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ez3c.tw/css/custom.css
Requested by: Host: ez3c.tw
URL: https://ez3c.tw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:d98a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b657be18160d7729c28d6b4d3e0206b0d0cd23b37c0a0ab110451bd477c5c9a1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:31 GMT
via: 1.1 varnish (Varnish/6.3)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1184622
cf-polished: origSize=12731
x-cache-status: MISS
content-type: text/css
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Fri, 25 Jun 2021 13:06:29 GMT
server: cloudflare
etag: W/"31bb-5c596ced10f58-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j2RySAzHs7AqNAOkwX1YOmyMzNRdN2dWtN%2BXPiuFwQyWWoZyfhvslSkvdzfLfHiBKhAAz%2FjS8uaTriFs9qB133H%2Br%2FNwm%2B3ADvkvaz2wuKjjBCxrzES81dvciHAMjYnFB3X22YTX"}],"group":"cf-nel","max_age":604800}
x-varnish: 158040958
expires: Thu, 09 Dec 2021 11:08:40 GMT
cache-control: max-age=2592000
cf-ray: 6b28d47c8fdd4e5c-FRA
cf-bgj: minify

GET
H/1.1 200
OK app.js Show response
sdk.truepush.com/sdk/v2/ 1 KB
1 KB 669ms
166ms Script
application/javascript 103.231.212.226
CTRLS-AS-IN CtrlS...

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.truepush.com/sdk/v2/app.js

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

103.231.212.226 , India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),

Reverse DNS

static-103-231-212-226.ctrls.in

Software

Resource Hash

e34da8bcc5cecbb4fd81779f88a5d113ee7109562ee83074e20379d85277cc12

Security Headers

Name	Value
Content-Security-Policy	img-src * data:
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Security-Policy: img-src * data:
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
X-DNS-Prefetch-Control: off
Vary: Origin, Accept-Encoding
X-XSS-Protection: 0
Accept-Ranges: bytes
Referrer-Policy: no-referrer
Last-Modified: Sun, 29 Dec 2019 12:23:48 GMT
X-Frame-Options: SAMEORIGIN
Date: Tue, 23 Nov 2021 07:54:32 GMT
Expect-CT: max-age=0
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, max-age=0
Transfer-Encoding: chunked
ETag: W/"466-16f519ccce7"
Access-Control-Allow-Credentials: true

GET
H2 200 au.js Show response
a.breaktime.com.tw/js/ 121 KB
31 KB 138ms
13ms Script
text/javascript 2620:1ec:bdf::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.breaktime.com.tw/js/au.js?spj=NUVaODI1TTFKR1JIVkVPNldVMktZSzBQV1BQUEw1
Requested by: Host: ez3c.tw
URL: https://ez3c.tw/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::44 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 230652178330f5e462a1ab5c01b64f5dc8be8cbdf9f6693ba7e067ab78e32649

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
x-ms-meta-nick: test
content-encoding: br
etag: 0x8D9993492EB8DA3
x-azure-ref-originshield: 0752cYQAAAADdtq6OuNPTTK3RK9M9yU6sQU1TMDRFREdFMTkxNQA4YWFkZGQ1OS0zZWJjLTQyNzEtYWQxMS0wZDMwM2ViNGJjZjQ=
content-md5: UPP5Z39+HprFjgGX7xabhQ==
x-cache: TCP_HIT
x-ms-lease-status: unlocked
last-modified: Wed, 27 Oct 2021 10:28:53 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
date: Tue, 23 Nov 2021 07:54:31 GMT
x-azure-ref: 0N56cYQAAAAB8+jfqtR1cSqgIXDXQAePDRlJBRURHRTEwMTUAOGFhZGRkNTktM2ViYy00MjcxLWFkMTEtMGQzMDNlYjRiY2Y0
content-type: text/javascript
x-ms-request-id: 1df48998-b01e-0017-0d3f-e04d28000000
cache-control: public, max-age=300
x-ms-version: 2009-09-19

GET
H2 200 platform.js Show response
apis.google.com/js/ 52 KB
21 KB 56ms
31ms Script
application/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/platform.js

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

36a79135803869f257cae495ca43ee3d321aaaa2ea929856859444522d64cca8

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-bbHMm+Xf2hJqafiMlK/jpQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
etag: "ab30921c980527979f1cb8c5e858f5b2"
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"}]}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-bbHMm+Xf2hJqafiMlK/jpQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"
expires: Tue, 23 Nov 2021 07:54:31 GMT

GET
H3 200 ez3c_logo.png
ez3c.tw/images/ 8 KB
9 KB 20ms
17ms Image
image/png 2606:4700:3036::ac43:d98a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ez3c.tw/images/ez3c_logo.png
Requested by: Host: ez3c.tw
URL: https://ez3c.tw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:d98a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 13e77b91347f86480149b780bf2a79dc36a39c1a9cd61441bb95f39f07b38580

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:31 GMT
via: 1.1 varnish (Varnish/6.3)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 473754
x-cache-status: MISS
cf-ray: 6b28d47cccf94de8-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 8510
last-modified: Sat, 04 Apr 2020 10:53:02 GMT
server: cloudflare
etag: "213e-5a274d67d5f80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9OaqgeMGwaCLG7BYbin8aHELSFFNRpV7wguAP9qA4fEdIH9ES%2FEi%2BLU%2F6WRhwLfNC1agFQ4GYfc5JW%2FcOIlR6bnDYXymjXwgzZctSNJhwOZCl0%2FTGI5gWIH6PKFrc%2Bml%2F0tuadvN"}],"group":"cf-nel","max_age":604800}
x-varnish: 23472067
cache-control: max-age=29030400
accept-ranges: bytes
content-type: image/png
expires: Wed, 19 Oct 2022 20:17:40 GMT

GET
H2 200 01_MouseJiggle.png
i0.wp.com/host.easylife.tw/pics/202111/MouseJiggle/ 46 KB
46 KB 25ms
6ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/host.easylife.tw/pics/202111/MouseJiggle/01_MouseJiggle.png?resize=429,225

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

96fbc41b75ac8ae32dab31504804d5f5072478d8998c33977366ea51eebad222

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 23 Nov 2021 07:54:31 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Nov 2021 06:02:07 GMT
server: nginx
etag: "a529b764587925ca"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://host.easylife.tw/pics/202111/MouseJiggle/01_MouseJiggle.png>; rel="canonical"
content-length: 47196
expires: Thu, 23 Nov 2023 18:02:07 GMT

GET
H2 200 01_artflow.jpg
i0.wp.com/host.easylife.tw/pics/author/allen/202111/Artfolw/ 9 KB
9 KB 35ms
16ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/host.easylife.tw/pics/author/allen/202111/Artfolw/01_artflow.jpg?resize=429,225

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

2d6d2f0d6f3108228d1288f7a02149d8f1aa0ff8ede7e15fc4d37ea5c6b23427

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Tue, 23 Nov 2021 07:54:31 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Nov 2021 02:53:55 GMT
server: nginx
etag: "b07120286b4f4619"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://host.easylife.tw/pics/author/allen/202111/Artfolw/01_artflow.jpg>; rel="canonical"
content-length: 9490
expires: Thu, 23 Nov 2023 14:53:55 GMT

GET
H2 200 01_Iconduck.png
i0.wp.com/host.easylife.tw/pics/author/allen/202105/Iconduck/ 4 KB
5 KB 35ms
16ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/host.easylife.tw/pics/author/allen/202105/Iconduck/01_Iconduck.png?resize=429,225

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

f353470584807f405c45ef867d5eccb1b1bdd14288384d8ff192dbf09207ee5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Tue, 23 Nov 2021 07:54:31 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Nov 2021 02:53:55 GMT
server: nginx
etag: "061994ab1f5e5541"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://host.easylife.tw/pics/author/allen/202105/Iconduck/01_Iconduck.png>; rel="canonical"
content-length: 4572
expires: Thu, 23 Nov 2023 14:53:55 GMT

GET
H2 200 first2.png
i0.wp.com/host.easylife.tw/pics/author/yohnu1/202111/Speedpdf/ 17 KB
17 KB 25ms
7ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/host.easylife.tw/pics/author/yohnu1/202111/Speedpdf/first2.png?resize=429,225

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

a5aff79eed89a168c40dd92a3442a6580d25ccd6a20855d1d7f3c6b02e26073d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Tue, 23 Nov 2021 07:54:31 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Nov 2021 02:53:56 GMT
server: nginx
etag: "1a8e48f3557d53f0"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://host.easylife.tw/pics/author/yohnu1/202111/Speedpdf/first2.png>; rel="canonical"
content-length: 17320
expires: Thu, 23 Nov 2023 14:53:56 GMT

GET
H2 200 first.png
i0.wp.com/host.easylife.tw/pics/author/yohnu1/202111/iMute/ 40 KB
40 KB 29ms
11ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/host.easylife.tw/pics/author/yohnu1/202111/iMute/first.png?resize=429,225

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

055953a53aba79b35307f8bd102eec21b0b281bf57d9e7c104eb485df994f61a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 23 Nov 2021 07:54:31 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Nov 2021 02:53:56 GMT
server: nginx
etag: "fc0e4cd1737c2a71"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://host.easylife.tw/pics/author/yohnu1/202111/iMute/first.png>; rel="canonical"
content-length: 41130
expires: Thu, 23 Nov 2023 14:53:56 GMT

GET
H2 200 first3.png
i0.wp.com/host.easylife.tw/pics/author/yohnu1/202111/Starbucks/ 99 KB
99 KB 34ms
16ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/host.easylife.tw/pics/author/yohnu1/202111/Starbucks/first3.png?resize=429,225

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

c6a555d5e06b0644ffd1007a75ce878d0af20e5263b6a83573301aa4a53db044

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 23 Nov 2021 07:54:31 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Nov 2021 13:37:01 GMT
server: nginx
etag: "90b12ffbb62a6801"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://host.easylife.tw/pics/author/yohnu1/202111/Starbucks/first3.png>; rel="canonical"
content-length: 101164
expires: Thu, 23 Nov 2023 01:37:01 GMT

GET
H2 200 first.png
i0.wp.com/host.easylife.tw/pics/author/yohnu1/202111/iPhoneAccountRecovery/ 59 KB
59 KB 19ms
17ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/host.easylife.tw/pics/author/yohnu1/202111/iPhoneAccountRecovery/first.png?resize=429,225

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

e02bace25720e8fee14c21ab0ff5ddedb755323502e4ff0431bcf889cf33c90a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 23 Nov 2021 07:54:31 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Nov 2021 01:23:26 GMT
server: nginx
etag: "7d88ca841217782f"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://host.easylife.tw/pics/author/yohnu1/202111/iPhoneAccountRecovery/first.png>; rel="canonical"
content-length: 60136
expires: Wed, 22 Nov 2023 13:23:26 GMT

GET
H2 200 first.png
i0.wp.com/host.easylife.tw/pics/author/yohnu1/202111/isharing/ 36 KB
36 KB 20ms
18ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/host.easylife.tw/pics/author/yohnu1/202111/isharing/first.png?resize=429,225

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

65f0b0de8351a09d3a6ec9994413c2afab36cd2f9559456c65767156b36646cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 23 Nov 2021 07:54:31 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Nov 2021 01:23:26 GMT
server: nginx
etag: "c8ec1de75ce054a4"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://host.easylife.tw/pics/author/yohnu1/202111/isharing/first.png>; rel="canonical"
content-length: 36986
expires: Wed, 22 Nov 2023 13:23:26 GMT

GET
H2 200 first.png
i0.wp.com/host.easylife.tw/pics/author/yohnu1/202111/MediaCreationTool/ 53 KB
53 KB 30ms
28ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/host.easylife.tw/pics/author/yohnu1/202111/MediaCreationTool/first.png?resize=429,225

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

7612df0e0c7882cb1fbb3f6807d3cc1693a12956d89b37c1742c57da869aca7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Tue, 23 Nov 2021 07:54:31 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Nov 2021 01:23:25 GMT
server: nginx
etag: "db887d9e85845d69"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://host.easylife.tw/pics/author/yohnu1/202111/MediaCreationTool/first.png>; rel="canonical"
content-length: 54482
expires: Wed, 22 Nov 2023 13:23:25 GMT

GET
H2 200 01_HDVideoConverterFactoryPro.png
i0.wp.com/host.easylife.tw/pics/202002/HDVideoConverterFactoryPro/ 25 KB
25 KB 28ms
26ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/host.easylife.tw/pics/202002/HDVideoConverterFactoryPro/01_HDVideoConverterFactoryPro.png?resize=429,225

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

c1f3dc6e29b99851cde4f5e44b0e13b20ada0f94ef19fab1c8eb48bff8036981

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Tue, 23 Nov 2021 07:54:31 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Nov 2021 01:23:30 GMT
server: nginx
etag: "699b8b75e00cecf3"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://host.easylife.tw/pics/202002/HDVideoConverterFactoryPro/01_HDVideoConverterFactoryPro.png>; rel="canonical"
content-length: 25228
expires: Wed, 22 Nov 2023 13:23:30 GMT

GET
H2 200 AdwCleaner.png
i0.wp.com/host.easylife.tw/files/ 21 KB
22 KB 29ms
27ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/host.easylife.tw/files/AdwCleaner.png?resize=429,225

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

d395b769c7820ff85696a06afce74d80646512e8c18c90e1278c8e4ab2e8f5b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 23 Nov 2021 07:54:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 21 Nov 2021 00:17:10 GMT
server: nginx
etag: "a9b2cb66220924b5"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://host.easylife.tw/files/AdwCleaner.png>; rel="canonical"
content-length: 21964
expires: Tue, 21 Nov 2023 12:17:10 GMT

GET
H2 200 01_IcoFont.jpg
i0.wp.com/host.easylife.tw/pics/author/allen/202111/IcoFont/ 10 KB
10 KB 30ms
28ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/host.easylife.tw/pics/author/allen/202111/IcoFont/01_IcoFont.jpg?resize=429,225

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

fff9f90157f74d962a11cb0cdb2b9d1316ba4ebf4049d027cd56cff72dba548b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Tue, 23 Nov 2021 07:54:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 21 Nov 2021 00:17:10 GMT
server: nginx
etag: "32ca72f12f832a22"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://host.easylife.tw/pics/author/allen/202111/IcoFont/01_IcoFont.jpg>; rel="canonical"
content-length: 10354
expires: Tue, 21 Nov 2023 12:17:10 GMT

GET
H2 200 01_RecMaster.png
i0.wp.com/host.easylife.tw/pics/202003/RecMaster/ 20 KB
20 KB 31ms
29ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/host.easylife.tw/pics/202003/RecMaster/01_RecMaster.png?resize=429,225

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

11b091cc4eacaead13a59a443edbb0b0d3e1440804668fd77e72c514e7dd83d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 23 Nov 2021 07:54:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 21 Nov 2021 00:17:10 GMT
server: nginx
etag: "a371045f2c8b7675"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://host.easylife.tw/pics/202003/RecMaster/01_RecMaster.png>; rel="canonical"
content-length: 19994
expires: Tue, 21 Nov 2023 12:17:10 GMT

GET
H2 200 01_ProtectedFolder.png
i0.wp.com/host.easylife.tw/pics/201806/ProtectedFolder/ 86 KB
87 KB 30ms
29ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/host.easylife.tw/pics/201806/ProtectedFolder/01_ProtectedFolder.png?resize=429,225

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

7706a1ea2aa153a4cac470858e533ce726fea694cad2ed8b644ae6e048a44325

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 23 Nov 2021 07:54:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 21 Nov 2021 00:17:10 GMT
server: nginx
etag: "b541c7bda48e8edb"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://host.easylife.tw/pics/201806/ProtectedFolder/01_ProtectedFolder.png>; rel="canonical"
content-length: 88440
expires: Tue, 21 Nov 2023 12:17:10 GMT

GET
H2 200 01_WinXHDFriday.png
i0.wp.com/host.easylife.tw/pics/202111/WinXHDFriday/ 64 KB
64 KB 31ms
30ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/host.easylife.tw/pics/202111/WinXHDFriday/01_WinXHDFriday.png?resize=429,225

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

aba50422c3d485e5d87b92f9454be174b64b05fe637517d5dc689f0b9b76edda

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 23 Nov 2021 07:54:31 GMT
x-content-type-options: nosniff
last-modified: Sat, 20 Nov 2021 00:21:38 GMT
server: nginx
etag: "13c810682c47d393"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://host.easylife.tw/pics/202111/WinXHDFriday/01_WinXHDFriday.png>; rel="canonical"
content-length: 65520
expires: Mon, 20 Nov 2023 12:21:38 GMT

GET
H2 200 01_MouseJiggle.png
i0.wp.com/host.easylife.tw/pics/202111/MouseJiggle/ 16 KB
16 KB 30ms
28ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/host.easylife.tw/pics/202111/MouseJiggle/01_MouseJiggle.png?resize=204,150

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

9de8cb84aab4ed112ba924debdcec7b2b2554ef39790699c124e6339ef574d87

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 23 Nov 2021 07:54:31 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Nov 2021 05:56:53 GMT
server: nginx
etag: "93436490cd40a3e3"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://host.easylife.tw/pics/202111/MouseJiggle/01_MouseJiggle.png>; rel="canonical"
content-length: 16372
expires: Thu, 23 Nov 2023 17:56:53 GMT

GET
H2 200 01_artflow.jpg
i0.wp.com/host.easylife.tw/pics/author/allen/202111/Artfolw/ 4 KB
4 KB 31ms
29ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/host.easylife.tw/pics/author/allen/202111/Artfolw/01_artflow.jpg?resize=204,150

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

a0c682848883ffbc697f6d5b20b3160899d6ede535ffa542c75964d2a50b61b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Tue, 23 Nov 2021 07:54:31 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Nov 2021 02:09:09 GMT
server: nginx
etag: "5715a3272e51f014"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://host.easylife.tw/pics/author/allen/202111/Artfolw/01_artflow.jpg>; rel="canonical"
content-length: 4092
expires: Thu, 23 Nov 2023 14:09:09 GMT

GET
H2 200 01_Iconduck.png
i0.wp.com/host.easylife.tw/pics/author/allen/202105/Iconduck/ 2 KB
3 KB 32ms
30ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/host.easylife.tw/pics/author/allen/202105/Iconduck/01_Iconduck.png?resize=204,150

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

cca55582fffc70dc5c7304785d5443b1837c9a7a74a7845dd5e5a963110aefde

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Tue, 23 Nov 2021 07:54:31 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Nov 2021 02:09:09 GMT
server: nginx
etag: "7660f3f5d5572606"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://host.easylife.tw/pics/author/allen/202105/Iconduck/01_Iconduck.png>; rel="canonical"
content-length: 2522
expires: Thu, 23 Nov 2023 14:09:09 GMT

GET
H2 200 first2.png
i0.wp.com/host.easylife.tw/pics/author/yohnu1/202111/Speedpdf/ 7 KB
7 KB 32ms
30ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/host.easylife.tw/pics/author/yohnu1/202111/Speedpdf/first2.png?resize=204,150

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

f96c787067a53233c7755f94dd496a1596a3c296edef82cce271106a9e789af1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Tue, 23 Nov 2021 07:54:31 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Nov 2021 02:09:09 GMT
server: nginx
etag: "183a8ee94edcb954"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://host.easylife.tw/pics/author/yohnu1/202111/Speedpdf/first2.png>; rel="canonical"
content-length: 7434
expires: Thu, 23 Nov 2023 14:09:09 GMT

GET
H2 200 first.png
i0.wp.com/host.easylife.tw/pics/author/yohnu1/202111/iMute/ 21 KB
21 KB 32ms
31ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/host.easylife.tw/pics/author/yohnu1/202111/iMute/first.png?resize=204,150

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

a9d32569717c711d16fd1fad7cb01cf758d10ecd8de39d338a02fe65fdc347b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 23 Nov 2021 07:54:31 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Nov 2021 02:09:09 GMT
server: nginx
etag: "047b4babaa5a45f7"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://host.easylife.tw/pics/author/yohnu1/202111/iMute/first.png>; rel="canonical"
content-length: 21486
expires: Thu, 23 Nov 2023 14:09:09 GMT

GET
H2 200 first3.png
i0.wp.com/host.easylife.tw/pics/author/yohnu1/202111/Starbucks/ 40 KB
40 KB 33ms
31ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/host.easylife.tw/pics/author/yohnu1/202111/Starbucks/first3.png?resize=204,150

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

e2342b44bde3e9ef025765b66924a81d4c3e4bd387c6ae04d1822835828386e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 23 Nov 2021 07:54:31 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Nov 2021 13:37:02 GMT
server: nginx
etag: "bf3ad81390414ddc"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://host.easylife.tw/pics/author/yohnu1/202111/Starbucks/first3.png>; rel="canonical"
content-length: 40526
expires: Thu, 23 Nov 2023 01:37:02 GMT

GET
H3 200 email-decode.min.js Show response
ez3c.tw/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 12ms
11ms Script
application/javascript 2606:4700:3036::ac43:d98a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ez3c.tw/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::ac43:d98a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 19 Nov 2021 01:22:51 GMT
server: cloudflare
etag: W/"6196fc6b-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tip3t5M3gF%2FThxgYWKFtlb2%2Ba49HUCeQa%2BulWdiziHbAoRGKdusGWC8KpEsY5B4fkJ1lASWAjkI73XETta8rVVIV25PBXpDoJ3rwHBCjpjvzF3duN1Aho2DzMwivThAAuLC8qG5y"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b28d47cac924de8-FRA
vary: Accept-Encoding
expires: Thu, 25 Nov 2021 07:54:31 GMT

GET
H/1.1 200
OK index.php Show response
an.9ez.me/ 488 B
967 B 1350ms
513ms Script
text/javascript 172.104.98.174
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL

https://an.9ez.me/index.php?module=Counter&action=live&id=2&type=js

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

172.104.98.174 Tokyo, Japan, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

li1708-174.members.linode.com

Software

Tengine / PHP/5.5.30

Resource Hash

5d4bb7a48d44669abe68bd5ce8c93c6e8da5994ba90a1bbba1f704439bbe673f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 23 Nov 2021 07:54:33 GMT
Server: Tengine
X-Powered-By: PHP/5.5.30
Strict-Transport-Security: max-age=63072000
X-Matomo-Request-Id: 7a07a
Content-Type: text/javascript
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Content-Length: 488
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H3 200 bundle.min.js Show response
ez3c.tw/js/ 502 KB
144 KB 29ms
29ms Script
application/x-javascript 2606:4700:3036::ac43:d98a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ez3c.tw/js/bundle.min.js
Requested by: Host: ez3c.tw
URL: https://ez3c.tw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:d98a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe38c0ddbac843778296d690916388ad33ba4faf8a7ab77cd6e2539c33b1a876

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:31 GMT
via: 1.1 varnish (Varnish/6.3)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1184615
x-cache-status: MISS
content-type: application/x-javascript
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 01 Aug 2016 09:42:16 GMT
server: cloudflare
etag: W/"7d763-538ff6a5f4e00-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Ob5Cmzp9Ba6bGXG22QPhfi%2F2ZDejnPJOt9iGc68nqCqquR4yTemI2KC3a4JzE5%2BowaNwUYR4Jk67fIBW5al77gBP5tSpMKCGeJkDkUIrrakvPXczBGf%2BGccj0WgxTS3iqhlE4jy"}],"group":"cf-nel","max_age":604800}
x-varnish: 151521137
cache-control: max-age=2592000
cf-ray: 6b28d47cccfc4de8-FRA
expires: Thu, 09 Dec 2021 11:08:41 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 114 KB
35 KB 62ms
31ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M57QVPW

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

20c22cb555440afed2238ca105078ad33a7faa88cd28314bcde40d1fb889c603

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:31 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35790
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 23 Nov 2021 07:54:31 GMT

GET
H3 200 eye.svg
ez3c.tw/images/design-time/ 1 KB
1 KB 973ms
973ms Image
image/svg+xml 2606:4700:3036::ac43:d98a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ez3c.tw/images/design-time/eye.svg
Requested by: Host: ez3c.tw
URL: https://ez3c.tw/css/custom.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:d98a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a80e0f0695037adf252b2759fa918d09691bfd1c23e6f65cbae0842e1906b117

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/css/custom.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:32 GMT
via: 1.1 varnish (Varnish/6.3)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache-status: REVALIDATED
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-varnish: 3112984
last-modified: Thu, 17 Mar 2016 13:12:42 GMT
server: cloudflare
etag: W/"53e-52e3e62ae6680-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uqgyt%2FnohbOXM%2Bpa077jXrv6EiGp9Fi2yB5KkVzSM%2FE%2FURts%2BetF5g270d%2Fh7re2Qu8W2L%2FUEn%2F03zxARs6xi8a3oKVV2Yk5QsS409YlqodeuUPgFQsoqsZW9ApJpbtfikTomSO4"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400, s-maxage=10
cf-ray: 6b28d47cdcfe4de8-FRA
expires: Mon, 15 Nov 2021 17:28:44 GMT

GET
H3 200 fontawesome-webfont.woff2
ez3c.tw/assets/font-awesome-4.4.0/fonts/ 63 KB
64 KB 251ms
251ms Font
application/octet-stream 2606:4700:3036::ac43:d98a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ez3c.tw/assets/font-awesome-4.4.0/fonts/fontawesome-webfont.woff2?v=4.4.0
Requested by: Host: ez3c.tw
URL: https://ez3c.tw/css/useful.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:d98a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019

Request headers

Referer: https://ez3c.tw/css/useful.css
Origin: https://ez3c.tw
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:32 GMT
via: 1.1 varnish (Varnish/6.3)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache-status: REVALIDATED
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 64464
last-modified: Tue, 01 Sep 2015 20:10:32 GMT
server: cloudflare
etag: "fbd0-51eb52463fe00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=79lyJjJc6YT8ZM1Ko244%2B8vbLkZBPT%2B%2B7OEjWeKbPj5V2d5KvjZ3%2BixoQNoNeypMVWKR1zqkbQfd2soPLPsr9so9MXKzoYA%2BfQpU5iA3P8zvx3Tua2W%2Byc1%2FI%2BQILlLGWT%2BGrkeM"}],"group":"cf-nel","max_age":604800}
x-varnish: 35913920
cache-control: max-age=14400, s-maxage=10
accept-ranges: bytes
cf-ray: 6b28d47cdd094de8-FRA
expires: Mon, 22 Nov 2021 00:44:34 GMT

GET
H3 200 Material-Design-Icons.woff2
ez3c.tw/font/material-design-icons/ 37 KB
37 KB 260ms
259ms Font
application/octet-stream 2606:4700:3036::ac43:d98a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ez3c.tw/font/material-design-icons/Material-Design-Icons.woff2
Requested by: Host: ez3c.tw
URL: https://ez3c.tw/css/useful.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:d98a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3f7ed104af117a8b17fb513ff0c084c86e5ed476665e3a6342e0fb06cf1bbd9

Request headers

Referer: https://ez3c.tw/css/useful.css
Origin: https://ez3c.tw
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:32 GMT
via: 1.1 varnish (Varnish/6.3)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache-status: REVALIDATED
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 37396
last-modified: Mon, 06 Apr 2015 09:36:58 GMT
server: cloudflare
etag: "9214-5130b0a10e280"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dbgPN55vjfsTCqZ%2Fj%2FH0zYiZNsqmT6fKV0Dik2Q04HXzj4GzfEsnn3I91KU2bOjlLsQlUAixnPzcy3BujweygHsmAWvXBOrM1azVv9L6TB3EmoRcnYqO1YNz79l7qtDViFFVMaBY"}],"group":"cf-nel","max_age":604800}
x-varnish: 1032469655
cache-control: max-age=14400, s-maxage=10
accept-ranges: bytes
cf-ray: 6b28d47cdd0c4de8-FRA
expires: Mon, 22 Nov 2021 00:44:30 GMT

GET
H3 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/ 148 KB
50 KB 27ms
10ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/platform.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a98d3f21c2cef2241e0ce7f4cc7fd5dd01596a3f813f5f0665efdd8496844d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 16:12:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 488520
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51670
x-xss-protection: 0
last-modified: Sat, 30 Oct 2021 15:20:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding, Origin
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 17 Nov 2022 16:12:31 GMT

GET
H3 200 cb=gapi.loaded_1 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/ 96 KB
33 KB 24ms
8ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_1

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/platform.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cc6b66cc42418608faeed8ae5f6fb3cd8f559f9dcf0be3d7a340c5351847a65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 16:08:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 488760
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33908
x-xss-protection: 0
last-modified: Sat, 30 Oct 2021 15:20:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding, Origin
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 17 Nov 2022 16:08:31 GMT

GET
H3 404 fastbutton Show response
apis.google.com/u/0/se/0/_/+1/ Frame 8704 2 KB
2 KB 16ms
8ms Document
text/html 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&annotation=none&hl=zh-TW&origin=https%3A%2F%2Fez3c.tw&url=https%3A%2F%2Fez3c.tw%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Requested by: Host: apis.google.com
URL: https://apis.google.com/js/platform.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: ac15d1868a55adcea61641c78efbb86feda3a65882f21bfe9fedd7348fb54be8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/

Response headers

content-type: text/html; charset=UTF-8
referrer-policy: no-referrer
content-length: 1585
date: Tue, 23 Nov 2021 07:54:31 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 gl.js Show response
power.adhacker.online/general/ 47 KB
14 KB 54ms
19ms Script
application/javascript 2606:4700:3036::ac43:aa6b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://power.adhacker.online/general/gl.js?spj=NUVaODI1TTFKR1JIVkVPNldVMktZSzBQV1BQUEw1
Requested by: Host: a.breaktime.com.tw
URL: https://a.breaktime.com.tw/js/au.js?spj=NUVaODI1TTFKR1JIVkVPNldVMktZSzBQV1BQUEw1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:aa6b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 25aff3a4b54bd174fe81fb7e421890b6523ab063aa1d45f53fbfc8e26b477926

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-goog-hash: crc32c=zuyjyQ==, md5=87aaNnqmB8cStvUFeYoKew==
date: Tue, 23 Nov 2021 07:54:32 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5231
x-guploader-uploadid: ADPycdtKyLR2e24t5WfkvkshSE9Q8oNfL_eoNrqZj1gAjcFLaflvvNIjrhB29MmxBRhVMApAtB3WKKWLZwun8fQ1aen4ogVl2w
x-goog-storage-class: REGIONAL
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-goog-meta-
last-modified: Mon, 02 Aug 2021 01:10:47 GMT
server: cloudflare
etag: W/"f3b69a367aa607c712b6f505798a0a7b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y9Q7nLqM1w%2F3atJUVU7zvUkerpcU81wyqIBDdQpypj18gtPOe3ua6rtyDH0HU74oEh3BIqqD8LN8eOa4NJR8ebqVbp29jbblkTT4hj0ytle7sSv0uGxzI53Ag%2Bsx7ZEFGn0X5aN7DzQcJ%2FcXg%2B%2Fi%2FtB9KD4%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1627866647639755
access-control-allow-origin: *
content-type: application/javascript
access-control-expose-headers: Content-Type
cache-control: public, max-age=1800
x-goog-stored-content-length: 12929
cf-ray: 6b28d47e3aafd6cd-FRA
expires: Tue, 23 Nov 2021 08:24:32 GMT

GET
H2 200 / Show response
alliance.breaktime.com.tw/api/check/service/NUVaODI1TTFKR1JIVkVPNldVMktZSzBQV1BQUEw1/ez3c.tw/ 150 B
397 B 351ms
323ms Fetch
application/json 35.244.138.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://alliance.breaktime.com.tw/api/check/service/NUVaODI1TTFKR1JIVkVPNldVMktZSzBQV1BQUEw1/ez3c.tw/

Requested by

Host: a.breaktime.com.tw
URL: https://a.breaktime.com.tw/js/au.js?spj=NUVaODI1TTFKR1JIVkVPNldVMktZSzBQV1BQUEw1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.244.138.40 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

40.138.244.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

b5f09463fe5d9155d8c5dc7a01a77f94f13b934c98d6abca8ce5d46e76295ea3

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:32 GMT
via: 1.1 varnish (Varnish/5.0), 1.1 google
vary: Accept, Accept-Language, Cookie
age: 0
x-cache: Miss
alt-svc: clear
content-length: 150
server: nginx
x-frame-options: SAMEORIGIN
allow: GET, HEAD, OPTIONS
content-language: zh-hant
x-varnish: 79810257
access-control-allow-origin: *
accept-ranges: bytes
content-type: application/json
x-cache-hits: 0

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 143 KB
51 KB 57ms
35ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M57QVPW

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

146dadbae382b771da516da9f824e93d54c58460a3ac951f85d719b1a29f283d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51252
x-xss-protection: 0
server: cafe
etag: 11432647447335936077
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 23 Nov 2021 07:54:32 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 77 KB
27 KB 37ms
15ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M57QVPW

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3ab98a11303695462aaa63309ffa207915c6ec8c6f514c6193cfa57c6796d8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1052 / 59 of 1000 / last-modified: 1637622309"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26861
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 23 Nov 2021 07:54:32 GMT

GET
H2 200 pmp_ads_cfg.js Show response
power.adhacker.online/pmp/ 2 KB
2 KB 18ms
15ms Script
text/javascript 2606:4700:3036::ac43:aa6b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://power.adhacker.online/pmp/pmp_ads_cfg.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M57QVPW
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:aa6b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f8a634394502852cfaf9def88f0780fc60df9fa9482b75db9a418d39553f744b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-goog-hash: crc32c=ZP1k7A==, md5=BOTC+mWVAVhKJngFUdSwNQ==
date: Tue, 23 Nov 2021 07:54:32 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 834
x-guploader-uploadid: ADPycdv5CNWEmXRDrTyaNX5cMEogkhkqePvNz1Qi08PUnOXoMyz6wTKzkDiyy-STWfZC7SDCKue2T5eNzB_AIhmRwL6hWF34hw
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 28 Dec 2020 03:30:31 GMT
server: cloudflare
etag: W/"04e4c2fa659501584a26780551d4b035"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XBNwMHmIdYVrUksv7XYvz%2B%2Fhfda3OFcxpNxhHccAW5rr0np%2Bx%2FwHXwH517hmwd03v89F54Mhlj9DSMlZb6M2ixejmXyTpUb0kahTnAVwyRVpcbXXR8rYLX16ePUBkjXEIhUTNkTsI5pm9NnQJKnuyX%2F%2FYm0%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1609126231202031
access-control-allow-origin: *
content-type: text/javascript
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
x-goog-stored-content-length: 1755
cf-ray: 6b28d47e3ab2d6cd-FRA
expires: Tue, 23 Nov 2021 08:54:32 GMT

GET
H2 200 postmessageRelay Show response
accounts.google.com/o/oauth2/ Frame 132B 565 B
856 B 38ms
15ms Document
text/html 2a00:1450:4001:82b::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fez3c.tw&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6c34c29159e84f975593adf20279d25858e123b313a9d9d91f4b4bb9985f316e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-G2im7cHz1gpB0YTpXiOZ9A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 23 Nov 2021 07:54:32 GMT
content-security-policy: script-src 'report-sample' 'nonce-G2im7cHz1gpB0YTpXiOZ9A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 googlelogo_color_150x54dp.png
www.google.com/images/branding/googlelogo/1x/ Frame 8704 3 KB
4 KB 37ms
16ms Image
image/png 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png

Requested by

Host: apis.google.com
URL: https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&annotation=none&hl=zh-TW&origin=https%3A%2F%2Fez3c.tw&url=https%3A%2F%2Fez3c.tw%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://apis.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:32 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3170
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 23 Nov 2021 07:54:32 GMT

GET
H2 200 config Show response
powerads.breaktime.com.tw/v1/bt/ 232 B
450 B 612ms
203ms Fetch
application/json 13.75.71.72
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://powerads.breaktime.com.tw/v1/bt/config?domain=ez3c.tw&pid=NUVaODI1TTFKR1JIVkVPNldVMktZSzBQV1BQUEw1&device=desktop

Requested by

Host: power.adhacker.online
URL: https://power.adhacker.online/general/gl.js?spj=NUVaODI1TTFKR1JIVkVPNldVMktZSzBQV1BQUEw1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

13.75.71.72 Central, Hong Kong, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5514b0e495dae2c040f946c4a3772c25ef78d93b6bdcf6cfc185335e35aa944c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:32 GMT
vary: Origin
content-type: application/json
access-control-allow-origin: https://ez3c.tw
cache-control: s-maxage=0, max-age=0
access-control-allow-credentials: true
strict-transport-security: max-age=15724800; includeSubDomains
content-length: 232

GET
H2 200 796779910-postmessagerelay.js Show response
ssl.gstatic.com/accounts/o/ Frame 132B 10 KB
5 KB 27ms
7ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.gstatic.com/accounts/o/796779910-postmessagerelay.js

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fez3c.tw&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04082cfaa14c7a04a29bf53810bda0de1aa03910090a4aeffb198f4e8bbf70d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 22:48:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32755
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4295
x-xss-protection: 0
last-modified: Mon, 15 Nov 2021 19:09:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="federated-signon-mpm-access"
vary: Accept-Encoding
report-to: {"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 22 Nov 2022 22:48:37 GMT

GET
H3 200 rpc:shindig_random.js Show response
apis.google.com/js/ Frame 132B 13 KB
5 KB 26ms
26ms Script
application/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/rpc:shindig_random.js?onload=init

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dc10eb4c3193b2a9e85d3e011075c703c98d79e86dee2c8647311db2f1dfeb4b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-lGlul6tTXS6X6WHgAstsFg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
etag: "3fc975e12af4bcde7e44fdb36bca1117"
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"}]}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-lGlul6tTXS6X6WHgAstsFg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"
expires: Tue, 23 Nov 2021 07:54:32 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211111/r20190131/ Frame 01F8 11 KB
5 KB 32ms
9ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211111/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5cedd5abd94d64b07e3779451d057665572b89caa8b445a5e9efa42bad9c4274

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 22 Nov 2021 09:43:00 GMT
expires: Mon, 06 Dec 2021 09:43:00 GMT
content-type: text/html; charset=UTF-8
etag: 16478831307880631077
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4883
x-xss-protection: 0
age: 79892
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 pubads_impl_2021111601.js Show response
securepubads.g.doubleclick.net/gpt/ 344 KB
116 KB 44ms
22ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118471
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 09:34:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 23 Nov 2021 07:54:32 GMT

GET
H2 200 campaign Show response
campaign.breaktime.com.tw/ 25 B
313 B 301ms
271ms XHR
application/json 34.96.103.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://campaign.breaktime.com.tw/campaign?url=https://ez3c.tw/

Requested by

Host: power.adhacker.online
URL: https://power.adhacker.online/pmp/pmp_ads_cfg.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.103.78 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

78.103.96.34.bc.googleusercontent.com

Software

nginx/1.13.2 /

Resource Hash

08b6b4397d4c9e815835e6019591402a48a8b32de5192723c9c4f9db0113ca82

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:32 GMT
via: 1.1 google
x-content-type-options: nosniff, nosniff
alt-svc: clear
server: nginx/1.13.2
x-frame-options: DENY
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-xss-protection: 1; mode=block
expires: 0

GET
H3 200 pmp_ads.js Show response
power.adhacker.online/pmp/ 993 B
1 KB 28ms
16ms Script
text/javascript 2606:4700:3036::ac43:aa6b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://power.adhacker.online/pmp/pmp_ads.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M57QVPW
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:aa6b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a5123ebcdf73f832310531a03ba253496737d1d005b3d4e41fc5a7d4f6179677

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-goog-hash: crc32c=9Dah1Q==, md5=thTCe7v1Lc8hGhxnXW1D6g==
date: Tue, 23 Nov 2021 07:54:32 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 953
x-guploader-uploadid: ADPycdsgJB5kYrQ7awRAAiz4mzm7_fglI7qeKBBVg3dKJRDjiqJtidz6bftiTHpow4zriQS-58OkIBPAUXPxtBb6wQk
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 28 Dec 2020 03:30:28 GMT
server: cloudflare
etag: W/"b614c27bbbf52dcf211a1c675d6d43ea"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y8To1%2BppCVlHjA8VgJ%2FKQWOvZQSSwNWMOgpXGce4bpwVPJiyc5Zgi4dB5bH9awjgLH6iQ1IicxAB%2FCQTFcLTy5%2BBrmrU1E%2F40A53PK0nbyWXOcxgXVifimXyrVDnGuycBNFeks4u06Im3JzLK64G5a1YE00%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1609126228631610
access-control-allow-origin: *
content-type: text/javascript
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
x-goog-stored-content-length: 993
cf-ray: 6b28d47ee8887025-FRA
expires: Tue, 23 Nov 2021 08:54:32 GMT

GET
H3 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/ Frame 132B 51 KB
18 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/rpc:shindig_random.js?onload=init

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8a6f2a85533d8b0a3572be5fa46cb09629d8f54f28bf40c52e0878d68caa046

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 14:24:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 494975
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18237
x-xss-protection: 0
last-modified: Sat, 30 Oct 2021 15:20:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding, Origin
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 17 Nov 2022 14:24:57 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 37ms
16ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ez3c.tw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 23 Nov 2021 07:54:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 38ms
16ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ez3c.tw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 23 Nov 2021 07:54:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 436 B
257 B 58ms
44ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2743095906003780&correlator=3441109094852702&output=ldjh&impl=fifs&eid=44752586%2C31063182&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211123&iu_parts=109446932%2CAll_Float&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ists=1&didk=256808626&prev_scp=zi-web%3Dez3c.tw%26zi-path%3D%252F&cookie_enabled=1&bc=31&abxe=1&lmt=1637654072&dt=1637654072233&dlt=1637654071746&idt=464&frm=20&biw=1600&bih=1200&oid=2&adxs=0&adys=3834&adks=451821501&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fez3c.tw%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x3834&msz=1600x0&ga_vid=436402978.1637654072&ga_sid=1637654072&ga_hid=792242286&ga_fc=false&fws=4&ohw=1600&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

7b7f6080daa3424a7ee06128fd34192c8541bff380eb6c5715a078b9baa08e86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:32 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 227
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ez3c.tw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2E56 6 KB
4 KB 50ms
15ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Tue, 23 Nov 2021 07:54:32 GMT
expires: Wed, 23 Nov 2022 07:54:32 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 GTM-M57QVPW.js Show response
power.adhacker.online/ps/excl/ 72 B
972 B 14ms
14ms Script
text/plain 2606:4700:3036::ac43:aa6b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://power.adhacker.online/ps/excl/GTM-M57QVPW.js
Requested by: Host: a.breaktime.com.tw
URL: https://a.breaktime.com.tw/js/au.js?spj=NUVaODI1TTFKR1JIVkVPNldVMktZSzBQV1BQUEw1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:aa6b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d6fac87a6c47841000f3671db689a4ff243d8e674199d6bc236c7a32e143648e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-goog-hash: crc32c=KZhPgg==, md5=YaE4khw5RGCh0MObAhMbfg==
date: Tue, 23 Nov 2021 07:54:32 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5298
x-guploader-uploadid: ADPycdtsb0LiQA6FrsAYb4Q8lrtQshwg3Tvs5-I7FWwmYYUoRhcxbJYPCtYj2xvvX1fley3HANgZhRjWvPVoWelyztQ
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sun, 07 Nov 2021 13:00:25 GMT
server: cloudflare
etag: W/"61a138921c394460a1d0c39b02131b7e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dK8UPhC1760AemfMCVMQrWXqS9F%2BQ3bkGFdaNcIU1emJ%2B3fdkAQAirCDkxDrrS8ZoUi5clQZD5Qd22BTAlU3piKq17XLbpjFAInpCBatOqjpvR6o9aElHAoRHmQjyTSR7DgLA4OBbnEt1dXUdP79dUgkcp0%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1636030828157565
access-control-allow-origin: *
content-type: text/plain
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
x-goog-stored-content-length: 72
cf-ray: 6b28d4803b267025-FRA
expires: Tue, 23 Nov 2021 08:54:32 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 115 KB
40 KB 34ms
19ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W9CRLDW

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2a6ffa1c4a0c1c63f259a4a578fd398b47fee7705b2a292c3dec64e71c381d88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:32 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41009
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 06:30:42 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 23 Nov 2021 07:54:32 GMT

GET
H/1.1 200
OK cat_trid Show response
catalyst.breaktime.com.tw/v1/ 83 B
568 B 588ms
194ms Fetch
application/json 207.46.146.168
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://catalyst.breaktime.com.tw/v1/cat_trid
Requested by: Host: a.breaktime.com.tw
URL: https://a.breaktime.com.tw/js/au.js?spj=NUVaODI1TTFKR1JIVkVPNldVMktZSzBQV1BQUEw1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 207.46.146.168 Central, Hong Kong, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.13.12 /
Resource Hash: 7c288b056d63c25eaaeaef83209c998c9818cf44e3f25a873fb9213c94de3b77

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 07:54:32 GMT
Server: nginx/1.13.12
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://ez3c.tw
Cache-Control: s-maxage=0, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 83

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 31ms
16ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ez3c.tw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 23 Nov 2021 07:54:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 32ms
17ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ez3c.tw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 23 Nov 2021 07:54:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 421 B
245 B 41ms
41ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2743095906003780&correlator=3441109094852702&output=ldjh&impl=fifs&eid=44752586%2C31063182&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211123&iu_parts=21721238339%2CAll_Float&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ists=1&didk=2857072084&prev_scp=ZiWeb%3Dez3c.tw%26ZiPath%3D%252F%26ZiPartner%3DPPY6H18&cookie=ID%3Df370b22736d2308d-222a47c1eccb0012%3AT%3D1637654072%3AS%3DALNI_MYW0ERzIrHv5P7wy1FAifm7rSCFtw&bc=31&abxe=1&lmt=1637654072&dt=1637654072415&dlt=1637654071746&idt=464&frm=20&biw=1600&bih=1200&oid=2&adxs=0&adys=0&adks=2519500136&ucis=2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fez3c.tw%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x3834&msz=1600x0&ga_vid=436402978.1637654072&ga_sid=1637654072&ga_hid=792242286&ga_fc=false&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

31f341d9512d92e86272796cd2e7af38853c8a9799e6da4eb23a07fb94670fef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:32 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 214
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ez3c.tw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 423 B
245 B 43ms
43ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2743095906003780&correlator=3441109094852702&output=ldjh&impl=fifs&eid=44752586%2C31063182&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211123&iu_parts=21721238339%2CYPA_a_Fl_SD&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ists=1&didk=2741699991&prev_scp=ZiWeb%3Dez3c.tw%26ZiPath%3D%252F%26ZiPartner%3DPPY6H18&cookie=ID%3Df370b22736d2308d-222a47c1eccb0012%3AT%3D1637654072%3AS%3DALNI_MYW0ERzIrHv5P7wy1FAifm7rSCFtw&bc=31&abxe=1&lmt=1637654072&dt=1637654072417&dlt=1637654071746&idt=464&frm=20&biw=1600&bih=1200&oid=2&adxs=0&adys=0&adks=3890521010&ucis=3&ifi=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fez3c.tw%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x3834&msz=1600x0&ga_vid=436402978.1637654072&ga_sid=1637654072&ga_hid=792242286&ga_fc=false&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

9e6244f235eec2d2a33b83f45f5486ec84902863a8e8a664a0b3e9c571f05dec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:32 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 214
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ez3c.tw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 version.json Show response
sdki.truepush.com/sdk/ 176 B
568 B 45ms
7ms XHR
application/json 2600:9000:2156:f800:7:6b7b:1000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sdki.truepush.com/sdk/version.json
Requested by: Host: sdk.truepush.com
URL: https://sdk.truepush.com/sdk/v2/app.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:f800:7:6b7b:1000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 53b432abc7b7bca1b37ea5a8eff17f1cf42c6bfee994afdac382516816eba433

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 19 Nov 2021 16:08:10 GMT
via: 1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
last-modified: Mon, 07 Dec 2020 13:02:02 GMT
server: AmazonS3
age: 315982
etag: "1750846158a87898512de997f08483cc"
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=300
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 176
x-amz-cf-id: IL-j2vywVi3Gx_CT7GVSxlQTwpJgttqIDYJcCEuN5e3sARGnGwKPRw==

GET
H2 200 main.js Show response
sdki.truepush.com/sdk/v2.0.3/ 79 KB
19 KB 25ms
9ms Script
application/javascript 2600:9000:2156:f800:7:6b7b:1000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sdki.truepush.com/sdk/v2.0.3/main.js
Requested by: Host: sdk.truepush.com
URL: https://sdk.truepush.com/sdk/v2/app.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:f800:7:6b7b:1000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42e4b568436b29320d64d25114e0c6681f90282220ce6424bf116d7409397e5c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 15:21:57 GMT
content-encoding: gzip
last-modified: Wed, 21 Apr 2021 12:15:13 GMT
server: AmazonS3
age: 837156
etag: "6369b5c5aba753aa8b3a30edadc685f9"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
cache-control: max-age=864000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 18730
x-amz-cf-id: lTATqpz2LNMeZysF9fXXAmNu-y1rKmIypMeoc47pPB4gXFjAoCeEdQ==

POST
H/1.1 200
OK truepushSDKPlatfromDetails Show response
sdk.truepush.com/api/v2/ 1 KB
2 KB 170ms
170ms XHR
application/json 103.231.212.226
CTRLS-AS-IN CtrlS...

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.truepush.com/api/v2/truepushSDKPlatfromDetails

Requested by

Host: sdki.truepush.com
URL: https://sdki.truepush.com/sdk/v2.0.3/main.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

103.231.212.226 , India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),

Reverse DNS

static-103-231-212-226.ctrls.in

Software

Resource Hash

b882b5c106010cd0fe50a1490773c30b4fd259542f7d4c3105289f99218eba57

Security Headers

Name	Value
Content-Security-Policy	img-src * data:
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://ez3c.tw/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/json

Response headers

Content-Security-Policy: img-src * data:
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
X-DNS-Prefetch-Control: off
Vary: Origin, X-HTTP-Method-Override, Accept-Encoding
X-XSS-Protection: 0
Referrer-Policy: no-referrer
X-Frame-Options: SAMEORIGIN
Date: Tue, 23 Nov 2021 07:54:33 GMT
Expect-CT: max-age=0
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://ez3c.tw
Transfer-Encoding: chunked
ETag: W/"4b1-iiqnxy63uUro/Hro9mN+kOTO9Rs"
Access-Control-Allow-Credentials: true

OPTIONS
H/1.1 204
No Content truepushSDKPlatfromDetails
sdk.truepush.com/api/v2/ Frame 0
0 687ms
172ms Preflight 103.231.212.226
CTRLS-AS-IN CtrlS...

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk.truepush.com/api/v2/truepushSDKPlatfromDetails
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 103.231.212.226 , India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS: static-103-231-212-226.ctrls.in
Software: / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://ez3c.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

X-Powered-By: Express
Access-Control-Allow-Origin: https://ez3c.tw
Vary: Origin, Access-Control-Request-Headers
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Headers: content-type
Content-Length: 0
Date: Tue, 23 Nov 2021 07:54:33 GMT

POST
H/1.1 200
OK footprint Show response
catalyst.breaktime.com.tw/v1/ 55 B
348 B 204ms
203ms Fetch
application/json 207.46.146.168
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://catalyst.breaktime.com.tw/v1/footprint
Requested by: Host: a.breaktime.com.tw
URL: https://a.breaktime.com.tw/js/au.js?spj=NUVaODI1TTFKR1JIVkVPNldVMktZSzBQV1BQUEw1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 207.46.146.168 Central, Hong Kong, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.13.12 /
Resource Hash: f7c4759ccb1e0352982c142a1ffa635b3d02cdbe43ef21f0e57761c638536de2

Request headers

Referer: https://ez3c.tw/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/json

Response headers

Date: Tue, 23 Nov 2021 07:54:33 GMT
Server: nginx/1.13.12
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://ez3c.tw
Cache-Control: s-maxage=0, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 55

OPTIONS
H/1.1 200
OK footprint
catalyst.breaktime.com.tw/v1/ Frame 0
0 574ms
191ms Preflight
application/json 207.46.146.168
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://catalyst.breaktime.com.tw/v1/footprint
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 207.46.146.168 Central, Hong Kong, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.13.12 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://ez3c.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Date: Tue, 23 Nov 2021 07:54:33 GMT
Content-Type: application/json
Content-Length: 0
Connection: keep-alive
Server: nginx/1.13.12
Allow: POST, OPTIONS
Access-Control-Allow-Origin: https://ez3c.tw
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
Vary: Origin
Cache-Control: s-maxage=0, max-age=0

GET index.php
an.9ez.me/ 0
0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 1170
date: Tue, 23 Nov 2021 07:35:03 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 23 Nov 2021 09:35:03 GMT

GET
H/1.1 200
OK matomo.js Show response
an.9ez.me/ 69 KB
23 KB 485ms
485ms Script
application/x-javascript 172.104.98.174
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL

https://an.9ez.me/matomo.js

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

172.104.98.174 Tokyo, Japan, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

li1708-174.members.linode.com

Software

Tengine /

Resource Hash

0995371a359a4a701d66f8b183de6144de9a042e5bac84b6f920968f51567742

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 07:54:33 GMT
Content-Encoding: gzip
Last-Modified: Sat, 12 Sep 2020 20:15:48 GMT
Server: Tengine
ETag: "1131c-5af2377987ca5-gzip"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Connection: keep-alive
Strict-Transport-Security: max-age=63072000
Accept-Ranges: bytes
Content-Length: 23672

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 22ms
7ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 25965
x-xss-protection: 0
pragma: public
x-fb-debug: B0fOLO6T2eRJf1ek+bUROCgazUBRp7YrDbZ/m2R8F0iucQRqaPU70JQl2DCs/BWR/rFjkQbkEC1JnYzSSj3+Sg==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Tue, 23 Nov 2021 07:54:33 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ez3c.tw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 23 Nov 2021 07:54:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ez3c.tw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 23 Nov 2021 07:54:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 72 KB
24 KB 555ms
555ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2743095906003780&correlator=3441109094852702&output=ldjh&impl=fifs&eid=44752586%2C31063182&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211123&iu_parts=109446932%2CHome_InList&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C320x100%7C428x575%7C336x280%7C728x90%7C300x250%7C1x1%7C320x50&fluid=height&didk=3073057671&prev_scp=zi-web%3Dez3c.tw%26zi-path%3D%252F&cookie=ID%3Df370b22736d2308d%3AT%3D1637654072%3AS%3DALNI_MaUu5n_LaBkDWMTOs72bXpn51qngQ&bc=31&abxe=1&lmt=1637654073&dt=1637654073231&dlt=1637654071746&idt=464&frm=20&biw=1600&bih=1200&oid=2&adxs=585&adys=2157&adks=133098305&ucis=4&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fez3c.tw%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1410x3690&msz=469x40&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=436402978.1637654072&ga_sid=1637654072&ga_hid=792242286&ga_fc=false&fws=4&ohw=469&btvi=2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

ff6102ad6aade68f0e2f51c40d4433889b5d4f973514048ff08f5f60437f6f2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:33 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24900
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ez3c.tw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
10 KB 1371ms
1370ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2743095906003780&correlator=3441109094852702&output=ldjh&impl=fifs&eid=44752586%2C31063182&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211123&iu_parts=109446932%2CAll_footer&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C970x250%7C320x50%7C970x90%7C1x1%7C320x100%7C300x250%7C336x280%7C728x90&fluid=height&didk=2451517437&prev_scp=zi-web%3Dez3c.tw%26zi-path%3D%252F&cookie=ID%3Df370b22736d2308d%3AT%3D1637654072%3AS%3DALNI_MaUu5n_LaBkDWMTOs72bXpn51qngQ&bc=31&abxe=1&lmt=1637654073&dt=1637654073235&dlt=1637654071746&idt=464&frm=20&biw=1600&bih=1200&oid=2&adxs=1042&adys=4353&adks=1409383417&ucis=5&ifi=5&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fez3c.tw%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=408x0&msz=408x0&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=436402978.1637654072&ga_sid=1637654072&ga_hid=792242286&ga_fc=false&fws=4&ohw=1600&btvi=3&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

b66531f1f48140c6a74307de8df2e5d3e514061c66a6da3f189ec928c443db69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10042
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ez3c.tw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 70 KB
24 KB 1619ms
1619ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2743095906003780&correlator=3441109094852702&output=ldjh&impl=fifs&eid=44752586%2C31063182&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211123&iu_parts=109446932%2CHome_InList&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C320x100%7C428x575%7C336x280%7C728x90%7C300x250%7C1x1%7C320x50&fluid=height&didk=3073057668&prev_scp=zi-web%3Dez3c.tw%26zi-path%3D%252F&cookie=ID%3Df370b22736d2308d%3AT%3D1637654072%3AS%3DALNI_MaUu5n_LaBkDWMTOs72bXpn51qngQ&bc=31&abxe=1&lmt=1637654073&dt=1637654073238&dlt=1637654071746&idt=464&frm=20&biw=1600&bih=1200&oid=2&adxs=115&adys=3387&adks=133098306&ucis=6&ifi=6&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fez3c.tw%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1410x3690&msz=469x40&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=436402978.1637654072&ga_sid=1637654072&ga_hid=792242286&ga_fc=false&fws=4&ohw=469&btvi=4&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

aec49c5dedcde3e6b7173f710df1cbada33c72f8d57de85e8fd9cc91b5da3170

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPiohuuArvQCFYSCgwcdq40KZw&gqi=&layout=/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPiohuuArvQCFYSCgwcdq40KZw&gqi=&layout=/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24360
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Tue, 23 Nov 2021 07:54:34 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ez3c.tw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 24 KB
11 KB 1897ms
1897ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2743095906003780&correlator=3441109094852702&output=ldjh&impl=fifs&eid=44752586%2C31063182&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211123&iu_parts=109446932%2CAll_List_Header&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C320x100%7C1x1%7C300x250%7C1000x100%7C320x50%7C336x280%7C970x250%7C970x90&fluid=height&didk=2088145472&prev_scp=zi-web%3Dez3c.tw%26zi-path%3D%252F&cookie=ID%3Df370b22736d2308d%3AT%3D1637654072%3AS%3DALNI_MaUu5n_LaBkDWMTOs72bXpn51qngQ&bc=31&abxe=1&lmt=1637654073&dt=1637654073241&dlt=1637654071746&idt=464&frm=20&biw=1600&bih=1200&oid=2&adxs=95&adys=292&adks=1164308100&ucis=7&ifi=7&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fez3c.tw%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1410x0&msz=1410x0&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=436402978.1637654072&ga_sid=1637654072&ga_hid=792242286&ga_fc=false&fws=4&ohw=1410&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

d2afa0ccf121465b291b716fcab64571577ef36f8e5d265db44741abca883a7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11157
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ez3c.tw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 49 KB
12 KB 2040ms
2039ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2743095906003780&correlator=3441109094852702&output=ldjh&impl=fifs&eid=44752586%2C31063182&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211123&iu_parts=109446932%2CHome_InList&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C320x100%7C428x575%7C336x280%7C728x90%7C300x250%7C1x1%7C320x50&fluid=height&didk=3073057670&prev_scp=zi-web%3Dez3c.tw%26zi-path%3D%252F&cookie=ID%3Df370b22736d2308d%3AT%3D1637654072%3AS%3DALNI_MaUu5n_LaBkDWMTOs72bXpn51qngQ&bc=31&abxe=1&lmt=1637654073&dt=1637654073244&dlt=1637654071746&idt=464&frm=20&biw=1600&bih=1200&oid=2&adxs=1055&adys=927&adks=133098304&ucis=8&ifi=8&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fez3c.tw%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1410x3690&msz=469x40&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=436402978.1637654072&ga_sid=1637654072&ga_hid=792242286&ga_fc=false&fws=4&ohw=469&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

0670c75945a5bd740db64abc7b2e53e0cc4061879f6c4185565b9f6c867fa6f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11865
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ez3c.tw
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 28ms
14ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=792242286&t=pageview&_s=1&dl=https%3A%2F%2Fez3c.tw%2F&ul=en-us&de=UTF-8&dt=%E5%93%87%E5%93%873C%E6%97%A5%E8%AA%8C%20%E6%8F%90%E4%BE%9B%E8%B1%90%E5%AF%8C%E7%9A%843C%E3%80%81%E8%BB%9F%E9%AB%94%E3%80%81%E7%BE%8E%E9%A3%9F%E6%97%85%E9%81%8A%E8%B3%87%E8%A8%8A%20%E7%B6%A0%E8%89%B2%E5%B7%A5%E5%BB%A0%202.0&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IAhAAEABAAAAAC~&jid=1043607600&gjid=1644039392&cid=436402978.1637654072&tid=UA-93634600-1&_gid=632782820.1637654073&_r=1&_slc=1&z=454709394

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ez3c.tw/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:33 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://ez3c.tw
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 2063301370572593 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 251ms
242ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/2063301370572593?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9b5af2d645b4d3c1a49b23dd3327c04fc68fbf98ba1ce76c2254808ebb2771c2

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: ZGt+DGmwMFNg76yNZSUml0XXiozrhsEb69Mh3dUUPYUkv7AjF7o1EhA8H51WoJfxKXaO72gAHe2aWryHDrkQEA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 07:54:33 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
433 B 42ms
14ms XHR
text/plain 2a00:1450:400c:c1b::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-93634600-1&cid=436402978.1637654072&jid=1043607600&gjid=1644039392&_gid=632782820.1637654073&_u=IAhAAEAAAAAAAC~&z=1674929783

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c1b::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ez3c.tw/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 23 Nov 2021 07:54:33 GMT
content-type: text/plain
access-control-allow-origin: https://ez3c.tw
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ 5 KB
1 KB 37ms
16ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Nunito+Sans:400,600,700

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2b34ba999a4a33421f0b959dfd5df6ce1a549d72475c039457eb91d9794cf4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 07:14:50 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 23 Nov 2021 07:54:33 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 23 Nov 2021 07:54:33 GMT

GET
H/1.1 200
OK matomo.php
an.9ez.me/ 43 B
281 B 573ms
573ms Image
image/gif 172.104.98.174
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.9ez.me/matomo.php?action_name=%E5%93%87%E5%93%873C%E6%97%A5%E8%AA%8C%20%E6%8F%90%E4%BE%9B%E8%B1%90%E5%AF%8C%E7%9A%843C%E3%80%81%E8%BB%9F%E9%AB%94%E3%80%81%E7%BE%8E%E9%A3%9F%E6%97%85%E9%81%8A%E8%B3%87%E8%A8%8A%20%E7%B6%A0%E8%89%B2%E5%B7%A5%E5%BB%A0%202.0&idsite=2&rec=1&r=183364&h=7&m=54&s=33&url=https%3A%2F%2Fez3c.tw%2F&_id=eab43343f61a70cd&_idts=1637654074&_idvc=1&_idn=1&_refts=0&_viewts=1637654074&send_image=1&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=0&java=0&gears=0&ag=0&cookie=1&res=1600x1200&gt_ms=982&pv_id=feOpnE

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

172.104.98.174 Tokyo, Japan, ASN63949 (LINODE-AP Linode, LLC, US),

Reverse DNS

li1708-174.members.linode.com

Software

Tengine / PHP/5.5.30

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 07:54:34 GMT
Server: Tengine
X-Powered-By: PHP/5.5.30
Strict-Transport-Security: max-age=63072000
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 43

GET
H2 200 /
www.facebook.com/tr/ 44 B
295 B 23ms
7ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2063301370572593&ev=PageView&dl=https%3A%2F%2Fez3c.tw%2F&rl=&if=false&ts=1637654073657&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1637654073656.2012609060&it=1637654073266&coo=false&exp=p1&rqm=GET

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:33 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Tue, 23 Nov 2021 07:54:33 GMT

GET
H3 200 container.html Show response
1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F7E7 6 KB
3 KB 22ms
7ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Tue, 23 Nov 2021 07:54:32 GMT
expires: Wed, 23 Nov 2022 07:54:32 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 async
article.adhacker.online/v1/content/ 37 B
0 708ms
192ms Fetch
application/json 137.116.169.173
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://article.adhacker.online/v1/content/async?url=https%3A%2F%2Fez3c.tw%2Fpage%2F1&partner_id=PPY6H18&page_id=e122cd884d6de359f662d03a18303eed7bafe17d

Requested by

Host: a.breaktime.com.tw
URL: https://a.breaktime.com.tw/js/au.js?spj=NUVaODI1TTFKR1JIVkVPNldVMktZSzBQV1BQUEw1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

137.116.169.173 Central, Hong Kong, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:34 GMT
x-content-type-options: nosniff
vary: Origin
content-type: application/json
access-control-allow-origin: https://ez3c.tw
cache-control: s-maxage=0, max-age=0, private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
strict-transport-security: max-age=15724800; includeSubDomains
content-length: 37

GET
H3 200 bttp.js Show response
power.adhacker.online/general/ 20 KB
8 KB 18ms
17ms Script
application/javascript 2606:4700:3036::ac43:aa6b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://power.adhacker.online/general/bttp.js
Requested by: Host: a.breaktime.com.tw
URL: https://a.breaktime.com.tw/js/au.js?spj=NUVaODI1TTFKR1JIVkVPNldVMktZSzBQV1BQUEw1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:aa6b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d806fbf706d44e3f70c84eb278b8eccfbb6f746a9da03fc8e8e8807c2d788f42

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-goog-hash: crc32c=KqZV5Q==, md5=TBrZsYnV8OwKaH5GS7DJhw==
date: Tue, 23 Nov 2021 07:54:33 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1491
x-guploader-uploadid: ADPycdtr5v2-MEBLCGsSBZnkaadfmkUSkcfLVmU2Gi-WVTe1NB-YpznAADUG2Ql67pHjKHCjKtiqixuYSxDsnPRk_Wx3ZtW6yw
x-goog-storage-class: REGIONAL
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-goog-meta-
last-modified: Mon, 26 Jul 2021 01:41:08 GMT
server: cloudflare
etag: W/"4c1ad9b189d5f0ec0a687e464bb0c987"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uKWMpVV65XRaU8N%2FydqdUJq2%2Fj27UZw9Wb9M6mvDrYwQPvbTMMUh7TbIr9sUXOw8cnr4znHI1DQjPSSwRDmSlKYRYoi8u7j9w%2B30UabP2g497EPtsWQ35IKaN0e2%2BRQoYPuZtBKk4SFDI0XrxKKUpbsIk80%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1627263668774739
access-control-allow-origin: *
content-type: application/javascript
access-control-expose-headers: Content-Type
cache-control: public, max-age=1800
x-goog-stored-content-length: 6780
cf-ray: 6b28d4894d7e7025-FRA
expires: Tue, 23 Nov 2021 08:24:33 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame F7E7 6 KB
669 B 30ms
15ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2ddefcdc9f260c5ffeb93fed110fe9d929028226f9a2d8a4934ea52b546e9640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 06:08:30 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 23 Nov 2021 07:54:33 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 23 Nov 2021 07:54:33 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame F7E7 1 KB
959 B 38ms
11ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:53:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 853
x-xss-protection: 0
server: cafe
etag: 7170004918125193417
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 07 Dec 2021 07:53:16 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame F7E7 0
0 31ms
30ms Fetch
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C63cOOZ6cYaqREPP33wO9lJj4AZa0rp1mqba2mcYOqtu_oNQBEAEgmPLTB2CV-qeCsAegAe7JlO8CyAEGqQJIZA0mWdqyPqgDAaoE3wFP0MhZLw8K3jVzq72WcadW3Nca6xA4Vv85EqTB2XOroCyezAGTokuOVzdxv1WcAWROrCNP0d5s8-u8gwJOi5ocM6eMjPHj0-q0qdATVVbDuiKoe0lBklxaQA7ogg9IcBsJ-rMNMCqOl3QcRnvuklVTXr86vwBh9WKf8hHrJHqbClVLA8b02wNyUl_atxx5X-xgOD7PLQcflZFYPb-Dc7b7068pOXb1ghuJDX35lnvB-11HGr4R3YMgXrs4U-mTm0n7D1qIQkjO21ndpHDI6yOQeT7BeYbosaAeofLTLeMXwASK8bWDwAPgBAOIBdrkrYw0kgUGCAMQAhgBkgUGCBsQAhgBkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAY3gAf6teuQAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcLEOLk_AEY8rTJsQHSCAkIgOGAEBABGB2ACgHICwGwE8XnpA3IE9i53d0D0BMA2BMNiBQB2BQB0BUBgBcBshceChwIABIUcHViLTk0MTg4ODcxMjMxOTYwMzAYpL8c&sigh=0ZLcMS882iU&uach_m=[UACH]&cid=CAQSPACNIrLM03LQk728zBDXphIj3v1IRfiy_VqQpOppP2Y66V0mlbnqm2_VkX9ySrKmRId3TIakb0w4_AZQyA&template_id=509&vt=10
Requested by: Host: ez3c.tw
URL: https://ez3c.tw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s04-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F7E7 42 B
63 B 42ms
27ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BQSu9y9ZCRa0iqlJsIkwnS1euA7TFkyVcn3w1upeIErgY1tHILA1LH9SwsjIHZsgevMV41AGfC1reu_8CRyJwLZi9pGWHUO9NpQrXp8sYueX7hjf8pr1hyz-qlzVHklA_3VQ_1hKLzLH81JsoaZe73YVq9AQ&dbm_d=AKAmf-ByggNzRZQ81td2_cyRVlEjsmHfDd-ij_3lMy2KYk4lR1frZErCnyDOVhHKmFbfmy1tT0CvV0trROkOZ_0_dJiI3OWd0La6SmAQxiBlCAXHHCOmawHnfMqXOrMpZu_wdBqaLSjm_sgXH73hQKAEnNkJp53CkupwLohidaJpdVLeXI2pJJpLJS9-0hBpqwtr6-drBn3joe2uqOVf1-QZMSP3M3dAyiNz--jAv1HVumlo34oYLBicwukCWlPpBzUCeAC91DMzjgt5oCuHeoIjFOc4oa_cOL5r4haTjlzBWvFMZ7azVJ4LzN6CkAiJb1LBN29pKH1i8SACmuG75M8cvkDYVqekBqOYwnP1r4akQh15fOE5GAz65YfBp_kOWb4UNdlf4Fj-igoC5HTFSdCMyEjZ5f6izep5jk9EZcWFVbbD1Lvhwsl_4n-aJlOk8Oo9ZdKVJ00FW9IrUudg7I4GbCJ-dpXWqlw6aYpLMuxaPcB87q_hljn92Fkfm6kRccWZVLVD3W3rq0ipPVAA80EjrupyL01XwA_ZHSBkiUmK6nCUGpK6xQzg5VV2lvxeTdHWrU9UEjyRQybLbIvEYD-FYuDDluXka8TrnWW7sPFHP9Gl3t_Y2dYUHBF_HpEg7o8EzBoRnnj-sOYrthfgBiO8jVhvWQa5cP6W_1ALaIxMEtPyus0_HTwWdMbFT2RBkuFhUJdQmSQol_0JgHwrx1CV2c5whtZKyuh7IKILgz__WT5sM0pA20aSeC11qaZoiJSiSe40wY2oMdfKkQzKZTl45O1srhCvlT-9VBawNta5i8rKOj2z5XKOOozw8aAdloimD1tWxs2LvMgSBZR43Q9Gm8sHpWYmY5jAi28LWRAliqA2ko36dcidRfiBteyWgBbAhn8Zpf0FIxnHXj-wOhzZRZrFIlzEJKoCUtktBPWg4gjpOmN79cHDYp8jHOEjzUaMU-4rjs0I2X65wv6Sy-tXfM9laUb3r8mrhJCArcPJimKkrr7EeZfUT8aE5G5XOAJSEnmADB4d8qO-rjq-PHWF0pzsocad1vXycQeGCf0pDNC3xPMvrsn2ubaJOI1VQGubydBsvprXlC-p2yId6EKSr1zvg7HuAVjImMig1LNGRbs7FFeDfixI-3pMYwJGJu1YSFGBoO5qfOrRepfYfDSXoU6s7TaPWwWCgNyX2UfKlVaD3cUhRTPIXS0ieLAYYGVXkRkNBUD1tNLRC9qs25HQttRpKIkRFuxdoskwCF-7R6VvQOKZMS6AYOF8rzRebWn4RRksVrsol9tYkJYbt5F5StOkhy0sckScZiGANKbz_yDsetPQgQQHbEDj8tYq3bRVANuC5w6qUQYuQFnzO-JknoeIc7HiOAWPQbQbop33KX8UcOrXfxiAI-KD9z3r7HWChwHPhjLZjK0dpCbLQRZnmHgTdWZ7dgc0Plt_dIb4l_SKWe95DUlBj3lVfvbxLhEtE9R_Rt5vj6SZbodZWjOUu0A3u8vBl_cLpgqwSma1-ZrSHdtWmUQWgW-MNsf5gcenhZ5Q41jnc17qppk-apDqikcXX3FvwV6FCtjcBbFEq9bN65zWWKiX38CDf7QYlCkY_IYEgcLK0rXRc_t0B5BGdJb12o70taSSAT3aY1WMOpwvxPQERy2KwYX1irXNLuVfbfZpIAyJVa4dH2ZiaYjRSeZ01C2phIEe1neaplzDEFxJTO4IB8vLuOe-lR5PQI109zQjg5wUpvxuOu1L60CsMjtAhzhvnJ5oUwUrnLVMqz_IJjAJbHl7r7gCHqUyi1H2avdgt4lQZERfvuqi6WeCXvVL3zztg8tYMjKYIvta641OWN0TCYGdAWfco1t2q1NvFfwIeQ5Xg1WvX5W8N7_v3QJGkgHwf7IIcraX4x8GzTpu_XhD-xgyg7iWfIAQFMxzMZOJE2gAWUYVXuwjfItg_9FF4zC0ReJTHIlasoYSbziUEXQCkaSuQUmtrmOr4WrReQNbUp9U1Og4oqYOVpsIlBKU1LwWnHXd93X9dyS4QdUGvtm_jG9HGPCc2z30G_i3VIQJb3nHs4poFRMMrZk0ZCop_lSBc4CF4VNRvDiOY_o6ONZYWVM2P6sW_DZF6wGyyJ0TTUBWFQPg9GbRADC_PeyQTexeLKQvOWWhSAAO7nD4adLpBRk5dN4bwG_uTh8tlv5a69y36WJ6s3LyPqV9sB99xh76zcSISNmmxDHH_tvWtTDf_KhxSslSMGuhcTCeRfQR4cxziJmBlh_C2DRWGh8c-ZLlEoTFC_grV8ZUDUNj2MUKW3SPamOAd48jmrCa46g7EVcEJHhf2YcKlRfYXAP6LtQ6RfA6ubwBohSR8mf1BRD5nYzL9U5cTnJfea9CNF_HK2lNw0hGspa9QENNNHgA-5Zz8DgQCz5hmhA6_eL3-_k-TErWViqGvJ220NS1umDoPQoPTZwwcHLQ9MeKCj2tfpkJuH_AQuN6LokAqwOA0p-G-ZLoGAlHZ_mYalcRVlFBVMZQ89HhgXS3fiiZNdWOfBu7HIozNTLZ4QGOIjPZSiMmLjiOhD8rpCAl2KDnMLU7HIRiqYKdwQhkbhYKPX8NtBghCK5a6GN1tAMcShkrNM3RzBUrdLRecioHZEAryWDI3D2ZA7x5PevW6jFdog7LyLXWw37QnAVBLBY56KSTrFIQ4y-3ufVc4ccnWJb0nIh_dB1NyhS8MqqizRwjhzMblYPVJf5YpWTLJvLbXiyN0d9yaKXEvwYuT2oJkeaXl2gFzSAq7Q5OpUGgnqNcel1TC0fNX9cNdrxU1crFxqS5C5v2mkIMddEoSK4kidSNQJyjbGll7Sl3gHGl5u8j2vZAMT-xWtjHPVdjwh0DRYAzFqKg2Ec&cid=CAASEuRolZi4uTG5jTsFRY2hBkgd0A

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame F7E7 19 KB
8 KB 30ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite_fy2019.js

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

65623c8434f7dadaba113a4521a101729ee3e6635e4412f2ccc99fbe6412d15e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:49:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 286
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7840
x-xss-protection: 0
server: cafe
etag: 9525834815172239946
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 07 Dec 2021 07:49:47 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame F7E7 2 KB
1 KB 36ms
12ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:47:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 431
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 07 Dec 2021 07:47:22 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F7E7 119 KB
36 KB 42ms
27ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 23 Nov 2021 07:54:33 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame F7E7 15 KB
6 KB 30ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:53:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6415
x-xss-protection: 0
server: cafe
etag: 16810888504096353422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 07 Dec 2021 07:53:17 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame F7E7 0
0 31ms
15ms Image
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSY31iIJKLJzIC-n6CfL5jf8J33lzi_7B9OvwNv4RJijBARd2_IRbfxxV2U3_60F1qHzcqSym97TA4hx97cLy_gSVnZHA
Requested by: Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H2 200 163b3e9c260ab6fd774ac5b5c6fd1d76.js Show response
www.gstatic.com/mysidia/ Frame F7E7 27 KB
12 KB 30ms
7ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/163b3e9c260ab6fd774ac5b5c6fd1d76.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de418fdfa1d02a219d049bb1cd8562182c4201c67f6b9d0e2f67f21a476e1096

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 18 Nov 2021 11:25:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 419316
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11360
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 04:29:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 16 Feb 2022 11:25:57 GMT

GET
H2 200 3969108703022365367
s0.2mdn.net/simgad/ Frame F7E7 429 KB
430 KB 30ms
8ms Image
image/jpeg 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/3969108703022365367?w=600&h=314

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

be1270137dbac98e3b3454d0228f472973182d113ad27140ed90a1d17a71374f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 20:20:20 GMT
x-content-type-options: nosniff
age: 560053
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 439661
x-xss-protection: 0
last-modified: Mon, 19 Apr 2021 11:45:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 16 Nov 2022 20:20:20 GMT

GET
DATA 200
OK truncated
/ Frame F7E7 287 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0312ad5376fa0248eaa064cb09032971612ac283488537c5e22375cd50b90080

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2EFE 1 KB
749 B 21ms
6ms Document
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 22 Nov 2021 13:26:12 GMT
expires: Tue, 23 Nov 2021 13:26:12 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 66501
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame F7E7 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8eafae90e922e80ecb3787faea43b951a5644f0d68243982b22ffdfc58ef6bba

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame F7E7 16 KB
16 KB 30ms
7ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 05:33:18 GMT
x-content-type-options: nosniff
age: 526876
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:21 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 17 Nov 2022 05:33:18 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame F7E7 15 KB
15 KB 33ms
13ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 11:22:37 GMT
x-content-type-options: nosniff
age: 505917
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 17 Nov 2022 11:22:37 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame F7E7 15 KB
15 KB 33ms
14ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 15:45:42 GMT
x-content-type-options: nosniff
age: 490132
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 17 Nov 2022 15:45:42 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 2EFE 35 B
464 B 36ms
12ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEDrlqYkkqq8kpYHnaUNK1Tc&google_cver=1&google_push=AYg5qPJzBFCftmHyH_Dpa93JtNNnk2qUrT_X1KDB8skzgO9jsmSkzrP8--s-7f42Bi12NAceEo1aDWn8ZekI0TLW_jNTa8SO-1c

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:34 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2EFE
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPJI4BYiL12AB4gEj6HyAjNNQ7FCegGth1P2ncm...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVp5ZU9nQUFBRFJna0ZFcQ&google_push=AYg5qPJI4BYiL12AB4gEj6HyAjNNQ7FCegGth1P2ncmFZxw7WaeZJmz03gwV21ZknkyCi6yixZhXAGO3mEAONml9sgF6OHnnzLA

170 B
188 B

31ms
30ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVp5ZU9nQUFBRFJna0ZFcQ&google_push=AYg5qPJI4BYiL12AB4gEj6HyAjNNQ7FCegGth1P2ncmFZxw7WaeZJmz03gwV21ZknkyCi6yixZhXAGO3mEAONml9sgF6OHnnzLA

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVp5ZU9nQUFBRFJna0ZFcQ&google_push=AYg5qPJI4BYiL12AB4gEj6HyAjNNQ7FCegGth1P2ncmFZxw7WaeZJmz03gwV21ZknkyCi6yixZhXAGO3mEAONml9sgF6OHnnzLA
Date: Tue, 23 Nov 2021 07:54:34 GMT
Server: Apache
Connection: keep-alive
Content-Length: 390
Content-Type: text/html; charset=iso-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2EFE
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPLRQAIylc-8PMUCGHTmov3x2ZnrdrEc9PahQRdxF4-lfCRefAd89bjWgK3wWSWmnOyX5VIjCv0Y6CDXjRA4u16DArah4XM&google_gid=CAESEMrWla0CaxL87qTq91cblNI&goog...
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCLq88owGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BWWc1cVBMUlFBSXlsYy04UE1VQ0dIVG1vdjN4MlpucmRyRWM5UGFoUVJkeEY0LWxmQ1JlZkFkODlialdnSzN3V1NXbW5PeVg1VklqQ3YwWTZDRFhqUk...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwbXJoYVlkMUQteEV0ZWluZldZRUFyN2VGWW1jLUI2d2NIdUdYelZMS2M4VQ==&google_push

170 B
188 B

30ms
30ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwbXJoYVlkMUQteEV0ZWluZldZRUFyN2VGWW1jLUI2d2NIdUdYelZMS2M4VQ==&google_push

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 23 Nov 2021 07:54:34 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwbXJoYVlkMUQteEV0ZWluZldZRUFyN2VGWW1jLUI2d2NIdUdYelZMS2M4VQ==&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2EFE
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESENXcvZz7d4xprnR0JhZNoUk&google_cver=1&google_push=AYg5qPKZPyyACT1DiEj5TMvUlyO60xMFMsnuTvH6L6PGro52veYrDGICNqJPkvra96uNtRv8zCUVm8pncqwH7X8VyohTLFJUN9jg
https://rtb.openx.net/sync/dds?google_gid=CAESENXcvZz7d4xprnR0JhZNoUk&google_cver=1&google_push=AYg5qPKZPyyACT1DiEj5TMvUlyO60xMFMsnuTvH6L6PGro52veYrDGICNqJPkvra96uNtRv8zCUVm8pncqwH7X8VyohTLFJUN9jg&...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKZPyyACT1DiEj5TMvUlyO60xMFMsnuTvH6L6PGro52veYrDGICNqJPkvra96uNtRv8zCUVm8pncqwH7X8VyohTLFJUN9jg&google_hm=puCAE4HRxRk0RImPnKzG5A==

170 B
188 B

16ms
16ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKZPyyACT1DiEj5TMvUlyO60xMFMsnuTvH6L6PGro52veYrDGICNqJPkvra96uNtRv8zCUVm8pncqwH7X8VyohTLFJUN9jg&google_hm=puCAE4HRxRk0RImPnKzG5A==

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:33 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKZPyyACT1DiEj5TMvUlyO60xMFMsnuTvH6L6PGro52veYrDGICNqJPkvra96uNtRv8zCUVm8pncqwH7X8VyohTLFJUN9jg&google_hm=puCAE4HRxRk0RImPnKzG5A==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-request-id: dufs5b8vri79qts5b746692mk5p4uqe2

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2EFE
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=XnrBQi6CQf-aD3eItUsdDg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

16ms
15ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=XnrBQi6CQf-aD3eItUsdDg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLAuA7eLWnOtwyeqJpJZinhtgy3fgogDEh7U7mcaHh1p8vW8NRY1DKFnEDEvy-uLcZVAQFkOWXuQoMwAld5d4G0mBRTK7FD

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=XnrBQi6CQf-aD3eItUsdDg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLAuA7eLWnOtwyeqJpJZinhtgy3fgogDEh7U7mcaHh1p8vW8NRY1DKFnEDEvy-uLcZVAQFkOWXuQoMwAld5d4G0mBRTK7FD
date: Tue, 23 Nov 2021 07:54:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2EFE
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEi7d7EOF-t0pSqt-zqnUo0&google_cver=1&google_push=AYg5qPK-D0guup3HxqibaV4C-OER4U4rd9ayBo-qStet9FMJyV59pkyNVHXXVykX-eGInsb980H...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dCU1lBUFItOC1GTFUx&google_push=AYg5qPK-D0guup3HxqibaV4C-OER4U4rd9ayBo-qStet9FMJyV59pkyNVHXXVykX-eGInsb980HWlkUsgcjfdH_BNjBSm0-F8-g

170 B
188 B

16ms
15ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dCU1lBUFItOC1GTFUx&google_push=AYg5qPK-D0guup3HxqibaV4C-OER4U4rd9ayBo-qStet9FMJyV59pkyNVHXXVykX-eGInsb980HWlkUsgcjfdH_BNjBSm0-F8-g

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dCU1lBUFItOC1GTFUx&google_push=AYg5qPK-D0guup3HxqibaV4C-OER4U4rd9ayBo-qStet9FMJyV59pkyNVHXXVykX-eGInsb980HWlkUsgcjfdH_BNjBSm0-F8-g
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 2EFE
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_push=AY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtH...

0
0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 2EFE 0
78 B 29ms
28ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JINqcPs49X8GLfYrvvqdIIfwBjQbm22Vu9A76h9jA2KcXNiWgM-5H9lyY0v9XdTJmAXAYU

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:34 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 11CF 0
18 B 17ms
7ms Document
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://ez3c.tw
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/

Response headers

content-type: text/plain
access-control-allow-origin: https://ez3c.tw
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
date: Tue, 23 Nov 2021 07:54:34 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 12 KB
9 KB 34ms
20ms XHR
application/json 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021111601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

40c2785dfb386d6c3cea52f22c31c6c95d233c7898ffb2bf883263635522c37d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 23 Nov 2021 07:54:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9317
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 53ms
37ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Tue, 23 Nov 2021 07:54:34 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 82D0 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Tue, 23 Nov 2021 07:50:44 GMT
expires: Wed, 23 Nov 2022 07:50:44 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 230
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9EBE 783 B
535 B 17ms
16ms Document
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

731a157d3072a385b637c43baa5c36e4e6bdbd073bccee20d1cb2e7b2bcaf0b7

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-G8lrg38WzpNlW4/bjMMEsw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 23 Nov 2021 07:54:34 GMT
date: Tue, 23 Nov 2021 07:54:34 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-G8lrg38WzpNlW4/bjMMEsw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 W74_wbIuhH6bObXj0uCjode8PwiBrxgOKnAqo6ShAmY.js Show response
pagead2.googlesyndication.com/bg/ Frame 82D0 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/W74_wbIuhH6bObXj0uCjode8PwiBrxgOKnAqo6ShAmY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5bbe3fc1b22e847e9b39b5e3d2e0a3a1d7bc3f0881af180e2a702aa3a4a10266

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 13:45:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65349
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13296
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 22 Nov 2022 13:45:25 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9EBE 0
0 59ms
59ms Image
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021111601&jk=2743095906003780&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021111601&jk=2743095906003780&bg=!iYqlis7NAAZQLpa_UC47ACkAdvg8Wp8ktBYukvDbK9X6XpoR1Z6iCZfP-n52JQnUqrH92lvmQU438wIAAABGUgAAAApoAQcKAMtSENXQjHu5R5pINB-COyLbAr-nWgZjC-AtoBj9la4zfXK1QNSCQJPZVKKOK_Sw_X0DNIbzKk7EcAww6cqzsImm_g1tPBuiEEgWUjQ50aurRNVpQQu2ZRLHFWowruhlHOmfwaMzxc7HaKNS2DGYzsLV0am43L0RqX0_TsGxvQaUUvcM7oZKvStVGNoMWifjHD49O5XiHRNfOjrXAqzgAi-_iE4DtvkXP2iTKisnOIkzc8gNj0rd9rvvCNl2T2c3T7iLrI5SHgkET5rtW5kCcFN-KDXNqUIMP4ExaJtcsikkQbiflkAhXn6fXEPcdLX_ebvi3flgBBTUxsQNTtdCGM6wvSXwBBdpVhfCmxfR2pIbeAmrKNc5mRL1eRbjGV7ZD8BZ8_LUD3GNfTqw5iBo4g3qBhSVgRhAqcQenXc5hiyMacUuzfUtobRmDg2tuQgXZW6A2jCz1uwwYapLCWhQ8NVj9iZVl_LBWDsMuQCmwG78q4D2gBPKWspni8aezhbr3Y2tx9OA-ZE3qsUEsb_dzmGYcvQxDWYZG2NlrXnB6zkQ92G2wvlkzSl1IbTzKNlAEEUSDVnj8CT9d9fe-LwBDIrAMXh2FIgOMCdpQVtP3YbAfjjJOodd8BKPW1EU4BQVIsEa8YoxN2zVRSj3m0hqd0pDb5o7apxmPG8sPK6Y2_LmwrzfJ6g1tsfCnAr6acepDLy3X__qSFZ6QT_o6R2dV7jMz8F4JEwLRkZTvvaW1f42rKRljUuBOIFYldHlSb8xvsufu3oB-VCfgw-wJpCvU7Jst3hmgps-zPBkCj_q4oxQpr-VYcY1nI656zbhdJkg-3WhiHI-AyrkYHh-RNwEPtYxEoxkGXKsic22zPbrBG7ciXXna3ocziKFyiEsqtP9qWssq3DJhzo3LMh27e67K_UcHq1x39jup23FKIqF6bHAdZo3Vve9QBBjN47Sg25AaiQFzLUuXklGOZht9KsRYSgY6mSEZI60DGpfcsVBie4oKqGb8vWQmVXdpf23px6suOIJbtE0G8lfUzvJDxXxzUzXkOYbaxk0Br2gdm3Sfx1A2u0PvoB8g6jHfuEQLdEMTFINeVMHgNBX8GlVRgW4AQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F0B5 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Tue, 23 Nov 2021 07:54:32 GMT
expires: Wed, 23 Nov 2022 07:54:32 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7C15 624 B
297 B 17ms
17ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYtKK9lQEwAQ&v=APEucNU7xLtW6hpAeWQMPiTzuJyMazwwM03pdhUMDYiAIPo1OpJBy0mES7gFH8PX5ZvwXrHW6-eGTw6Fi1bgRFSfHs4raGfXY-QGHz5iP5K01TKIQBBZgai2EUpzaE9cYpBoecGbQU8e9NTZLSQM7fOyIR-7iFJ1gEz1saEqya7M7Z7502d_HRA

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Tue, 23 Nov 2021 07:54:34 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F0B5 24 KB
14 KB 49ms
49ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ARrKsRrb_H5sMW8WBWKstp201-iEGinMHN1FhTXmeoEX0VfPMDkawkE7_TkwBfIZ-aS0ZK6y50ebk8asVzky9OJ57gybGVELuXPB52c5OR_gGlr1u4nxiqNJ6mO0k5eWWZIbAc397UmlTI-YDerqxc1Ut9ZA&cry=1&dbm_d=AKAmf-B_1gr3o3Hr30RDEQJiy5sDqVP94oENIfOnnlAQnOfU6R8YloM1PxteT55pfCvEo9C3uxKSjNSKoD9VcG1Yqnvl9KYQIGjJDiq3eXzLxoh4eGH4dnE0qEHRl5gYtG2PhSf2ll0PeY8RW3KJBl4_sglBJ149UOlFpVLEw4tfTKnh59cL5qVOiU7zhHDf12VpvyWNaCjeuiyhARVxi0yjArzZVPbHumH1bgdbUHytUvQ_L2YxjYUcZuOHIZu2USUEXLCQP--ykkTksBRo7BQNBWSFKWZvqj4ZNizaYssEYxjJAsWvr1RH6Pqrk88tUzuVmm4Uda8_J4OfdTJjYleMchpZPQ38OvF5pRaLCwqBsglxWVdiODyMXvlXbTsF2nSObfR3_e6YGAB0MEoZPMT6EoXxP8fetRvmIzWhMRKkbntlMsQsYSdfXkU1UDHeyvuziHlkJd44AK_Fjb98s0LoniryKdqtYSWA7lObH3GrwGdPntqg0gwQlA8gmu9ba6R4IE2mXrgMa-zMGv3Z5TAlvrCqJpxRZA6Ytz-BWkGBLQhkTMtEj08U34QlFyZHjLTSFOFXjBRxQ0qDL32QEi0HRBt8UAgqKfj1Pr_hNjFHUdpnsZZGy09yk5VX_Up5_cU5BS24xD4WHXSfPHWjbfr5uKd0nKrrNEhIxoghP11k7LRrooTaukx7O8r7i0Pz-5z7QGyutkgfnrtoy-pFFX3fQ7wwSSxoIIjRvOZuUcFrbuvViGdFHvBKsRYhHILWNmTJZlnSoVGkZ0uWQZcOsiz1gwlxVEesMNEZHWOHV70Ye9PT45jkxThLB_lqFVHzE2FA1NKYn_N06SxoPEzwaLNGFFhKOZiEDws9HNEbcZoI6CAm2CNqzMsTMaFFP1zLmBg0d7T9x0F7notzsHxrPabgfNDz9_cyZPo-4Ivm31pwp12LgDWhcysEzTOSJpGQRpPVVg-MmGvbmxDP5LHZGV4kFlPvT5PUhSJTbN7hHmQ8uZFn6y_6tEiL-76JeHuHTzHtVR3I6INad1ZKt1BrO146vWHSElShKEpo9rtHA0vjB8v2Kd-ECUKefJoE-7sj1dFJj6s79RXDYj2Vma7a0PCm3H25SxzwzDDW_gqr20_9GnLI1yChoLIS2G59Z0bNd6P2vXMnGxQObVVA3gsALjnu9wh7UYEa5pXvIm1CZWmju1BueAsQ_quY2Swl4Bos3OyFfMwlVGgrvhOmaODyewm9zYotIwDzgl5v7l93lwVFWJSeLvCBi_f3lkRk6Q8d5Y36jUbCPdSdfEiRzpry5US8pVFlJ7KmziP-OzUDVb_kxIp4EUnd_C6CPgnNQEJbaxrV_POBLYZQ_Fbv_jubJZFU4MWQKvyoiB0amUThECgfIkqpX1jKhXQXWfbkpZHgiRpoRZJLnYt3HLKPGp_W0TUdi0yvJsiJMU4LTKoiPzKk7UqNRvO14oe1kHYjSFH1GmpPJge_MgP5Mu83UMG6WzuuYsUz6k71CTle2dFB5_80kuYXl4Wb2FbJ1y49ayXbLBODWsDr9ZZPioRA8RnBnkzskA4AtmfjOcqRWFMML1vTcloXrV3v6T1UMnfbIbxXwv5CtVnuLvTxddo-233nt02ZnQUyPnti_nkoUKHqr0ZphTZizYFGaSiFMJ85hfNTpsy8Dc2ZxUi7mzMrBwgTdHISjGYaiyiymuLgzTpHkTsoXHdRgj0fBnKY0qtWlr4ncQWbfG1RmpYdEjlGCSfGn5rHHIHWpFgUwOAN8k1BVmHTHnGFjGyJoydwbkxz0ZE4dke85HJfgYrOQZQPgDovrTuUfvnxo3JUayS26l_SAx23cAuGkX5hscDgaF0cXoGGPbMbamQfyAlZuOns5bJ943_97Cms5BtGbz8_2LEAyj7zjMXlm1Hjzg9Q_P6Q_zXz_n6dD0jBBXOX7uCLZrSrRkm3QYCiJe8Nsk_7CYzdidw7AooFPDNairq2DxVaLmXfTBcAAYDVEDYkkbbJeRZcWFqz4CozfY7nVRUXioK4v5sdHT71a3nz4DdhoNIlgbZvoJpB1rSfTz20zSHQ3vx0bNOVWsAsniG-cWBgXJgJTvbK-qVfcIaQVLp-eZqSWqYzHUdjJKR4HKjjlsAO5OZX9mwHnCnsp1NY7DbWD-TR8hnb1u1FBh4rkpO0OGMcNqsH6pghZww14T3c-d4z0zojDJJQb5pZl9942EQ1D8Xk2eecfjiVgENA0Z2LF6zDWNi4qg9QTxRJA3lUjElIgJLalOQhRs3rmBGdPOMp2dRB-wj8orPOoianbOQnZBBRZ-gmRjvTCTEpKA-ZrtZJTjTjE2aGG7U-y2usJiUJP8coA2C0FiO511DAnwm4L0HLR39Hd9ZWIGfn6WuyxOko9iKva57SKOJByjJ90tcHSlAuUi7tIX6mlTmPCUC2hSbipehQZpBMTv_jNiaTt3PWGlnQl9-yfIk_EVSVDU94pTbZyf9TJLlrsE6MIIW3RN59IY3R3YyWDoOYx24PwS7NZtoteSOYUyXReb5EBNbm0eDyzWDjEmCxohTnSm1_rqOJexXp_oAfMV-AM9n63Pb2OkCrKeH2_2Lau74A9Uz_2Xo0NmIFCze9oGfqu1_WNjcU4mk5Ya1kVbA8uFFJZteOIgxZ1g8kUEH8fPhqGwZQjrmjGPmRfkBodxF-LjLt1qWypo5vaUvCmCqgNBQqDQuQ3RquPm2V5-ezi4YDXyE9VNAlQbreHqX0y8Q8I0ABBhLHNQOAcUOoruQhD_Q4RjXYNQnT4eocPSq6SsRwV70CS8H_pnBSdkqxZYcWm0U2IYffjuufwkZSFVjKDtWy-FYT3VbF0T_KBoIOLEQVyG7lnCNnqzhXiSSyf4b7FpKaFx8xFACCHyJXVQVoLcl5xYPsrDDWTth0KJvR54Whhb4MaTmJ9Ly2YcgNFsaNwHqxfXeQaZbFGgbkI_sy5p880hOGVqetTKffiGTf00Bi_XDm32TmeBsI5H0E9hVr1_3paHKGGvyiGrZdcgvyUnGzByGCO4VUZBgBCWiAVcB86zTcWieixAagZOR6__bOIpFmrVDcbD7Rsdq64WWJcGhn-fBKnfMw55N5BsxkD5eSjKLh6-yHOB__FUUodndpNUk&cid=CAASEuRoaEApEE7ZwUDfmZGUGwZoWg&rfl=1%2Chttps%253A%252F%252Fez3c.tw%252F%240

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

40e884911366eb8d506ac291137c810e25c38ae0007faeb689c5c7c806de1128

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:34 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14806
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F0B5 42 B
63 B 39ms
39ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D0J0B1vxDMNpp754S-awZ5rdhv795Mzfsy0gz5Xx-wJYRJR5lBtaUEWu5sZOBUNZGcizgn2F75oAmWhGVmbg-QWHfkm2cbui2D5v3rLyV67KOfGYU

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame F0B5 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:50:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 260
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 07 Dec 2021 07:50:14 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F0B5 119 KB
36 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 23 Nov 2021 07:54:34 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame F0B5 15 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:44:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 625
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6415
x-xss-protection: 0
server: cafe
etag: 16810888504096353422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 07 Dec 2021 07:44:09 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame F0B5 0
0 14ms
14ms Image
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRkUjehKQLeyqcdRrCj4dtktkVU1t7aBOp1AjWP9v9Ljw7wvuWxMESBENWc8Rvj1WKuEorTgV5nv_5-O2OKlxbm-A7ZZw
Requested by: Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7C15
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG539ynz_Kqgrjg4ZbLLPzo&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG539ynz_Kqgrjg4ZbLLPzo&google_cver=1&C=1

43 B
1014 B

20ms
20ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG539ynz_Kqgrjg4ZbLLPzo&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYtKK9lQEwAQ&v=APEucNU7xLtW6hpAeWQMPiTzuJyMazwwM03pdhUMDYiAIPo1OpJBy0mES7gFH8PX5ZvwXrHW6-eGTw6Fi1bgRFSfHs4raGfXY-QGHz5iP5K01TKIQBBZgai2EUpzaE9cYpBoecGbQU8e9NTZLSQM7fOyIR-7iFJ1gEz1saEqya7M7Z7502d_HRA
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 23 Nov 2021 07:54:34 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 23 Nov 2021 07:54:34 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 23 Nov 2021 07:54:34 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG539ynz_Kqgrjg4ZbLLPzo&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Tue, 23 Nov 2021 07:54:34 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7C15
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YZyeOtSTlHOeZas3qo9IsAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG539ynz_Kqgrjg4ZbLLPzo&google_cver=1

43 B
894 B

13ms
13ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG539ynz_Kqgrjg4ZbLLPzo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYtKK9lQEwAQ&v=APEucNU7xLtW6hpAeWQMPiTzuJyMazwwM03pdhUMDYiAIPo1OpJBy0mES7gFH8PX5ZvwXrHW6-eGTw6Fi1bgRFSfHs4raGfXY-QGHz5iP5K01TKIQBBZgai2EUpzaE9cYpBoecGbQU8e9NTZLSQM7fOyIR-7iFJ1gEz1saEqya7M7Z7502d_HRA
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 23 Nov 2021 07:54:34 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 23 Nov 2021 07:54:34 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG539ynz_Kqgrjg4ZbLLPzo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 7C15
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEB_JvECIJtHqf3FWsEMqSTk&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEB_JvECIJtHqf3FWsEMqSTk%26google_cver%3D1

43 B
1 KB

26ms
26ms

Image
image/gif

37.252.172.250
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEB_JvECIJtHqf3FWsEMqSTk%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYtKK9lQEwAQ&v=APEucNU7xLtW6hpAeWQMPiTzuJyMazwwM03pdhUMDYiAIPo1OpJBy0mES7gFH8PX5ZvwXrHW6-eGTw6Fi1bgRFSfHs4raGfXY-QGHz5iP5K01TKIQBBZgai2EUpzaE9cYpBoecGbQU8e9NTZLSQM7fOyIR-7iFJ1gEz1saEqya7M7Z7502d_HRA

Protocol

HTTP/1.1

Server

37.252.172.250 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 23 Nov 2021 07:54:34 GMT
X-Proxy-Origin: 91.199.118.78; 91.199.118.78; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 4e74654b-d2d5-4db8-b6ab-013ef0f6d7f0
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 23 Nov 2021 07:54:34 GMT
X-Proxy-Origin: 91.199.118.78; 91.199.118.78; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: db7c1069-eb0e-4e30-9c94-421fae14ca44
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEB_JvECIJtHqf3FWsEMqSTk%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7C15
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTY2NDE5MDU1MzM2MTQ0NzUyMA%3D%3D

170 B
188 B

31ms
31ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTY2NDE5MDU1MzM2MTQ0NzUyMA%3D%3D

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 23 Nov 2021 07:54:34 GMT
X-Proxy-Origin: 91.199.118.78; 91.199.118.78; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 20c4ff98-bb85-4378-818b-1d82d07d11cc
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTY2NDE5MDU1MzM2MTQ0NzUyMA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame F0B5 24 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ARrKsRrb_H5sMW8WBWKstp201-iEGinMHN1FhTXmeoEX0VfPMDkawkE7_TkwBfIZ-aS0ZK6y50ebk8asVzky9OJ57gybGVELuXPB52c5OR_gGlr1u4nxiqNJ6mO0k5eWWZIbAc397UmlTI-YDerqxc1Ut9ZA&cry=1&dbm_d=AKAmf-B_1gr3o3Hr30RDEQJiy5sDqVP94oENIfOnnlAQnOfU6R8YloM1PxteT55pfCvEo9C3uxKSjNSKoD9VcG1Yqnvl9KYQIGjJDiq3eXzLxoh4eGH4dnE0qEHRl5gYtG2PhSf2ll0PeY8RW3KJBl4_sglBJ149UOlFpVLEw4tfTKnh59cL5qVOiU7zhHDf12VpvyWNaCjeuiyhARVxi0yjArzZVPbHumH1bgdbUHytUvQ_L2YxjYUcZuOHIZu2USUEXLCQP--ykkTksBRo7BQNBWSFKWZvqj4ZNizaYssEYxjJAsWvr1RH6Pqrk88tUzuVmm4Uda8_J4OfdTJjYleMchpZPQ38OvF5pRaLCwqBsglxWVdiODyMXvlXbTsF2nSObfR3_e6YGAB0MEoZPMT6EoXxP8fetRvmIzWhMRKkbntlMsQsYSdfXkU1UDHeyvuziHlkJd44AK_Fjb98s0LoniryKdqtYSWA7lObH3GrwGdPntqg0gwQlA8gmu9ba6R4IE2mXrgMa-zMGv3Z5TAlvrCqJpxRZA6Ytz-BWkGBLQhkTMtEj08U34QlFyZHjLTSFOFXjBRxQ0qDL32QEi0HRBt8UAgqKfj1Pr_hNjFHUdpnsZZGy09yk5VX_Up5_cU5BS24xD4WHXSfPHWjbfr5uKd0nKrrNEhIxoghP11k7LRrooTaukx7O8r7i0Pz-5z7QGyutkgfnrtoy-pFFX3fQ7wwSSxoIIjRvOZuUcFrbuvViGdFHvBKsRYhHILWNmTJZlnSoVGkZ0uWQZcOsiz1gwlxVEesMNEZHWOHV70Ye9PT45jkxThLB_lqFVHzE2FA1NKYn_N06SxoPEzwaLNGFFhKOZiEDws9HNEbcZoI6CAm2CNqzMsTMaFFP1zLmBg0d7T9x0F7notzsHxrPabgfNDz9_cyZPo-4Ivm31pwp12LgDWhcysEzTOSJpGQRpPVVg-MmGvbmxDP5LHZGV4kFlPvT5PUhSJTbN7hHmQ8uZFn6y_6tEiL-76JeHuHTzHtVR3I6INad1ZKt1BrO146vWHSElShKEpo9rtHA0vjB8v2Kd-ECUKefJoE-7sj1dFJj6s79RXDYj2Vma7a0PCm3H25SxzwzDDW_gqr20_9GnLI1yChoLIS2G59Z0bNd6P2vXMnGxQObVVA3gsALjnu9wh7UYEa5pXvIm1CZWmju1BueAsQ_quY2Swl4Bos3OyFfMwlVGgrvhOmaODyewm9zYotIwDzgl5v7l93lwVFWJSeLvCBi_f3lkRk6Q8d5Y36jUbCPdSdfEiRzpry5US8pVFlJ7KmziP-OzUDVb_kxIp4EUnd_C6CPgnNQEJbaxrV_POBLYZQ_Fbv_jubJZFU4MWQKvyoiB0amUThECgfIkqpX1jKhXQXWfbkpZHgiRpoRZJLnYt3HLKPGp_W0TUdi0yvJsiJMU4LTKoiPzKk7UqNRvO14oe1kHYjSFH1GmpPJge_MgP5Mu83UMG6WzuuYsUz6k71CTle2dFB5_80kuYXl4Wb2FbJ1y49ayXbLBODWsDr9ZZPioRA8RnBnkzskA4AtmfjOcqRWFMML1vTcloXrV3v6T1UMnfbIbxXwv5CtVnuLvTxddo-233nt02ZnQUyPnti_nkoUKHqr0ZphTZizYFGaSiFMJ85hfNTpsy8Dc2ZxUi7mzMrBwgTdHISjGYaiyiymuLgzTpHkTsoXHdRgj0fBnKY0qtWlr4ncQWbfG1RmpYdEjlGCSfGn5rHHIHWpFgUwOAN8k1BVmHTHnGFjGyJoydwbkxz0ZE4dke85HJfgYrOQZQPgDovrTuUfvnxo3JUayS26l_SAx23cAuGkX5hscDgaF0cXoGGPbMbamQfyAlZuOns5bJ943_97Cms5BtGbz8_2LEAyj7zjMXlm1Hjzg9Q_P6Q_zXz_n6dD0jBBXOX7uCLZrSrRkm3QYCiJe8Nsk_7CYzdidw7AooFPDNairq2DxVaLmXfTBcAAYDVEDYkkbbJeRZcWFqz4CozfY7nVRUXioK4v5sdHT71a3nz4DdhoNIlgbZvoJpB1rSfTz20zSHQ3vx0bNOVWsAsniG-cWBgXJgJTvbK-qVfcIaQVLp-eZqSWqYzHUdjJKR4HKjjlsAO5OZX9mwHnCnsp1NY7DbWD-TR8hnb1u1FBh4rkpO0OGMcNqsH6pghZww14T3c-d4z0zojDJJQb5pZl9942EQ1D8Xk2eecfjiVgENA0Z2LF6zDWNi4qg9QTxRJA3lUjElIgJLalOQhRs3rmBGdPOMp2dRB-wj8orPOoianbOQnZBBRZ-gmRjvTCTEpKA-ZrtZJTjTjE2aGG7U-y2usJiUJP8coA2C0FiO511DAnwm4L0HLR39Hd9ZWIGfn6WuyxOko9iKva57SKOJByjJ90tcHSlAuUi7tIX6mlTmPCUC2hSbipehQZpBMTv_jNiaTt3PWGlnQl9-yfIk_EVSVDU94pTbZyf9TJLlrsE6MIIW3RN59IY3R3YyWDoOYx24PwS7NZtoteSOYUyXReb5EBNbm0eDyzWDjEmCxohTnSm1_rqOJexXp_oAfMV-AM9n63Pb2OkCrKeH2_2Lau74A9Uz_2Xo0NmIFCze9oGfqu1_WNjcU4mk5Ya1kVbA8uFFJZteOIgxZ1g8kUEH8fPhqGwZQjrmjGPmRfkBodxF-LjLt1qWypo5vaUvCmCqgNBQqDQuQ3RquPm2V5-ezi4YDXyE9VNAlQbreHqX0y8Q8I0ABBhLHNQOAcUOoruQhD_Q4RjXYNQnT4eocPSq6SsRwV70CS8H_pnBSdkqxZYcWm0U2IYffjuufwkZSFVjKDtWy-FYT3VbF0T_KBoIOLEQVyG7lnCNnqzhXiSSyf4b7FpKaFx8xFACCHyJXVQVoLcl5xYPsrDDWTth0KJvR54Whhb4MaTmJ9Ly2YcgNFsaNwHqxfXeQaZbFGgbkI_sy5p880hOGVqetTKffiGTf00Bi_XDm32TmeBsI5H0E9hVr1_3paHKGGvyiGrZdcgvyUnGzByGCO4VUZBgBCWiAVcB86zTcWieixAagZOR6__bOIpFmrVDcbD7Rsdq64WWJcGhn-fBKnfMw55N5BsxkD5eSjKLh6-yHOB__FUUodndpNUk&cid=CAASEuRoaEApEE7ZwUDfmZGUGwZoWg&rfl=1%2Chttps%253A%252F%252Fez3c.tw%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:53:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 49
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9475
x-xss-protection: 0
server: cafe
etag: 15988442915344899701
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 07 Dec 2021 07:53:45 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame F0B5 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 19 Nov 2021 12:35:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 328762
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sat, 19 Nov 2022 12:35:12 GMT

GET
H/1.1 200
OK npoee1nv94vs Show response
hal9000.redintelligence.net/zone/ Frame F0B5 11 KB
4 KB 43ms
12ms Script
text/html 138.201.84.252
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/npoee1nv94vs?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCmG7wOZ6cYaGiLs6NrAS0xJXoBLXN-YNXzN65q-UM8C4QASCY8tMHYJX6p4KwB8gBCakCSfQh7IjZsj6oAwGqBOABT9Delh8yuVg006FW92ZvwV8UUzh2Q9LoK0mOTWLG5nQvpyjee7f-wq0SgHJemUazTDIIud_eIgtLs2cz1zW7USTbILyd_IMPN7ZTlsllly3mustPd6LzoGfPsx2DBg_XKpuw2lPz3D4f0PcY4J68ChOqmtc5QHXmm-eLGj_hR8zxmP5uVNMzgD6kvqqYUg5WRtKIqL6LcEwmJyyJhls5JKWwUEZqG_5SQBRXvsGEi3YLXAUI6L4eae9OdQSv_zGq5-snv62jrClyMMy2XSMS4fL0qjsCcA-JzJ7hDgwKn6zABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKAZgLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRoaEApEE7ZwUDfmZGUGwZoWg%26sig%3DAOD64_2DG1b7DqrvRBbgJ_jA4FJ7mJbRcw%26client%3Dca-pub-9418887123196030%26dbm_c%3DAKAmf-C4j3ndBW4_F53TQPwaeHASZqxVjbYUNBydF5bDy5K9f4_PHt3oudThkpp5vbxHdYVI0xGA2HVGPpUn2I7UsXMe8sjAwGWWWKh3_UQD2gNc0fC4Sf1B6Ml0zeQPOEOcUsJT3N4AGwHlNA3Y8MO6HgnsLSuJ_Q%26cry%3D1%26dbm_d%3DAKAmf-BDZG7LXv69lcTKvYwMkS7VI0BTRttwD9Fv8qsZkPQspra5GssYFktz-5DhMywAnM1tAVz9cX-n47BZi8TN1Uj5a3IMVPt6dVAZg3T_76pCXJ3NAV6KsOoesY7Av7cz4zCdGADpgBiCoiIMATSCOsx-Na7QRqzjMOa_7iJsGTbQlvP3cOpzUsf6C5x3bdGvpTepA7e4ESLDzoKMQb_7iA7bVvEVGJfSqchlg2F1RfTld2mC9M0nNmO1b_SeHkOb_YbgOTV-04IcKrPk1HqnFiibCRbwnOKMTdbJmMJlXv3GPhHTlNkdfaKoWCth3utdB4AlTBU-uftYiX7qLXcFufUyxWxfd9Z4ZxCGiaDIV6I2zxna9XV9ObB1INAf4R7Mym03Iy6YiFVkS95NZGe2C_2l9P8HedBTCLNtMrWcqnas5N2QKvRWHy7fcwruqsR7_PzfQayq%26adurl%3D
Requested by: Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.252 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.252.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: eb3cf3b351ada65840427ddebd38aae40ab819cec6c415c2484c02aee6bf27f4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 07:54:34 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3880
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 0944 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Fri, 19 Nov 2021 12:35:14 GMT
expires: Sat, 19 Nov 2022 12:35:14 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 328760
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 W74_wbIuhH6bObXj0uCjode8PwiBrxgOKnAqo6ShAmY.js Show response
pagead2.googlesyndication.com/bg/ Frame 0944 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/W74_wbIuhH6bObXj0uCjode8PwiBrxgOKnAqo6ShAmY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5bbe3fc1b22e847e9b39b5e3d2e0a3a1d7bc3f0881af180e2a702aa3a4a10266

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 13:45:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65349
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13296
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 22 Nov 2022 13:45:25 GMT

GET
H/1.1

200
OK

request.php Show response
hal900018.redintelligence.net/ Frame F0B5
Redirect Chain

https://hal900018.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=743de9e98e&subid=&uid=bb81dab89c64d09c&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900018.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=743de9e98e&subid=&uid=bb81dab89c64d09c&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

2 KB
1 KB

101ms
79ms

Script
application/x-javascript

144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900018.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=743de9e98e&subid=&uid=bb81dab89c64d09c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCmG7wOZ6cYaGiLs6NrAS0xJXoBLXN-YNXzN65q-UM8C4QASCY8tMHYJX6p4KwB8gBCakCSfQh7IjZsj6oAwGqBOABT9Delh8yuVg006FW92ZvwV8UUzh2Q9LoK0mOTWLG5nQvpyjee7f-wq0SgHJemUazTDIIud_eIgtLs2cz1zW7USTbILyd_IMPN7ZTlsllly3mustPd6LzoGfPsx2DBg_XKpuw2lPz3D4f0PcY4J68ChOqmtc5QHXmm-eLGj_hR8zxmP5uVNMzgD6kvqqYUg5WRtKIqL6LcEwmJyyJhls5JKWwUEZqG_5SQBRXvsGEi3YLXAUI6L4eae9OdQSv_zGq5-snv62jrClyMMy2XSMS4fL0qjsCcA-JzJ7hDgwKn6zABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKAZgLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRoaEApEE7ZwUDfmZGUGwZoWg%26sig%3DAOD64_2DG1b7DqrvRBbgJ_jA4FJ7mJbRcw%26client%3Dca-pub-9418887123196030%26dbm_c%3DAKAmf-C4j3ndBW4_F53TQPwaeHASZqxVjbYUNBydF5bDy5K9f4_PHt3oudThkpp5vbxHdYVI0xGA2HVGPpUn2I7UsXMe8sjAwGWWWKh3_UQD2gNc0fC4Sf1B6Ml0zeQPOEOcUsJT3N4AGwHlNA3Y8MO6HgnsLSuJ_Q%26cry%3D1%26dbm_d%3DAKAmf-BDZG7LXv69lcTKvYwMkS7VI0BTRttwD9Fv8qsZkPQspra5GssYFktz-5DhMywAnM1tAVz9cX-n47BZi8TN1Uj5a3IMVPt6dVAZg3T_76pCXJ3NAV6KsOoesY7Av7cz4zCdGADpgBiCoiIMATSCOsx-Na7QRqzjMOa_7iJsGTbQlvP3cOpzUsf6C5x3bdGvpTepA7e4ESLDzoKMQb_7iA7bVvEVGJfSqchlg2F1RfTld2mC9M0nNmO1b_SeHkOb_YbgOTV-04IcKrPk1HqnFiibCRbwnOKMTdbJmMJlXv3GPhHTlNkdfaKoWCth3utdB4AlTBU-uftYiX7qLXcFufUyxWxfd9Z4ZxCGiaDIV6I2zxna9XV9ObB1INAf4R7Mym03Iy6YiFVkS95NZGe2C_2l9P8HedBTCLNtMrWcqnas5N2QKvRWHy7fcwruqsR7_PzfQayq%26adurl%3D&documentReferer=https%3A%2F%2Fez3c.tw%2F&ancestorOrigins=https%3A%2F%2Fez3c.tw&random=1412981112930&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: ad3e012b606e8906e0106aa972ae26954d08d76f16e03bdd67bf4813ba0bd183

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 23 Nov 2021 07:54:34 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 41823400036284800710616011787018
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 895
Expires: Tue, 23 Nov 2021 07:54:34 +0100

Redirect headers

Pragma: no-cache
Date: Tue, 23 Nov 2021 07:54:34 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=743de9e98e&subid=&uid=bb81dab89c64d09c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCmG7wOZ6cYaGiLs6NrAS0xJXoBLXN-YNXzN65q-UM8C4QASCY8tMHYJX6p4KwB8gBCakCSfQh7IjZsj6oAwGqBOABT9Delh8yuVg006FW92ZvwV8UUzh2Q9LoK0mOTWLG5nQvpyjee7f-wq0SgHJemUazTDIIud_eIgtLs2cz1zW7USTbILyd_IMPN7ZTlsllly3mustPd6LzoGfPsx2DBg_XKpuw2lPz3D4f0PcY4J68ChOqmtc5QHXmm-eLGj_hR8zxmP5uVNMzgD6kvqqYUg5WRtKIqL6LcEwmJyyJhls5JKWwUEZqG_5SQBRXvsGEi3YLXAUI6L4eae9OdQSv_zGq5-snv62jrClyMMy2XSMS4fL0qjsCcA-JzJ7hDgwKn6zABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKAZgLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRoaEApEE7ZwUDfmZGUGwZoWg%26sig%3DAOD64_2DG1b7DqrvRBbgJ_jA4FJ7mJbRcw%26client%3Dca-pub-9418887123196030%26dbm_c%3DAKAmf-C4j3ndBW4_F53TQPwaeHASZqxVjbYUNBydF5bDy5K9f4_PHt3oudThkpp5vbxHdYVI0xGA2HVGPpUn2I7UsXMe8sjAwGWWWKh3_UQD2gNc0fC4Sf1B6Ml0zeQPOEOcUsJT3N4AGwHlNA3Y8MO6HgnsLSuJ_Q%26cry%3D1%26dbm_d%3DAKAmf-BDZG7LXv69lcTKvYwMkS7VI0BTRttwD9Fv8qsZkPQspra5GssYFktz-5DhMywAnM1tAVz9cX-n47BZi8TN1Uj5a3IMVPt6dVAZg3T_76pCXJ3NAV6KsOoesY7Av7cz4zCdGADpgBiCoiIMATSCOsx-Na7QRqzjMOa_7iJsGTbQlvP3cOpzUsf6C5x3bdGvpTepA7e4ESLDzoKMQb_7iA7bVvEVGJfSqchlg2F1RfTld2mC9M0nNmO1b_SeHkOb_YbgOTV-04IcKrPk1HqnFiibCRbwnOKMTdbJmMJlXv3GPhHTlNkdfaKoWCth3utdB4AlTBU-uftYiX7qLXcFufUyxWxfd9Z4ZxCGiaDIV6I2zxna9XV9ObB1INAf4R7Mym03Iy6YiFVkS95NZGe2C_2l9P8HedBTCLNtMrWcqnas5N2QKvRWHy7fcwruqsR7_PzfQayq%26adurl%3D&documentReferer=https%3A%2F%2Fez3c.tw%2F&ancestorOrigins=https%3A%2F%2Fez3c.tw&random=1412981112930&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Tue, 23 Nov 2021 07:54:34 +0100

GET
H3 200 container.html Show response
1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3B88 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Tue, 23 Nov 2021 07:54:32 GMT
expires: Wed, 23 Nov 2022 07:54:32 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0944 0
20 B 42ms
41ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BE3AWOp6cYbeAKIXJ3gPCww4AAAAAOAHgBAI&bg=!4eKl4qbNAAZQLpa_UC47ACkAdvg8WlB0DfeDDRAQckfGSINig32BuPZKTVuEiGPNAbEzTAJpTkiu1gIAAABdUgAAAA5oAQeZAsavgS2YUlsExiGJrTxocGLO1jXugGAOz3RdrKOEhJ0HRUkpM4Odp0zKWqbzGdtWj15NbubewZNp5jr24biNS49NE1O_MWV8I4VK0vgWArn7dzVEeD1Yc6M5zQh7YAuKdt5vYtf8UokmmrgNnTdZo12zg4_wD1vrkF4GTh_4ZBLs4be3v9dzeYmMNGgM8wjEVcaSZmPugzzSgDdv7ZHQMwt_h1aPrLdzgpMTQYQQWQmpS6rpP20ZAGcEuwinCg-Wx6IN6DYQQcVR4mzldFbrgfecG8A1zNT54fIFYlF9nQwcWUu1-bWpQmqSly2Xvn1v92RGNysP5IxAFiY9QFc83r2V2L4plk8zUsyIhgxJtZEGC8eXDYQVFCnLZifv80u2D1vcobhCOHuH6N2PGiT6KmLsdFmslnOMtNByDMfEBBJTVFVKCnbNtY0seb2BPUQNs5xpx3CitkQ05o1FKeEbyo8lwez9Ym8ZPyEUSehAkceyh1e-BhSzlRAxypeymczHTmhPGAgXiUjpvBrzv2DGemgEDWqvDoVZ08Zvb5_uqdGpXWX005DGy1cEK7e1QIJdh_nRYTDLBn4F9Xx8RKQ6QIvdJWzl-qsbeheLYu-AlnyljiHXReJc1t_vCXlWDMwXHLLX7s6iWJcHLo6k9_ieutkYjMQtYpA54SxJdMkMdsEISVf3dqtBbfijqZyfW8jtDPMiPrz3SDwALzjiuroh63QKKEZ-yd2lbmVK06FSbOlOc3tRhxTC23ZPoLlIbIuUfqr4XmIZOfuBID8ZELmZMj12-XWfKCP0_JUJGG_tO88Xnq45t-kF_sgjvKRulG_B0yGYxxLah7TnENJClhPRUgeEd-8yexf_vN5AV-HolK5APGhnq01EvOrdDByMTHrFM_xWfSTlyV7tn_Jf1k4Cw5VfFI_mCW_1A-KIvCDxxkuouHy1CniGKA

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ssrh.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 3B88 84 KB
29 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/ssrh.js

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9b5312cb2f154f2bd64ee8746195a63df254d10bfd107a61eec3d5d38dd48bff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 11:13:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74474
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30063
x-xss-protection: 0
server: cafe
etag: 16132151104434394549
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 23 Nov 2021 11:13:20 GMT

GET
H2 200 198810832547514306_2167554091110770384.jpeg
static.doubleclick.net/dynamic/5/40917098/ Frame 3B88 134 KB
134 KB 32ms
7ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.doubleclick.net/dynamic/5/40917098/198810832547514306_2167554091110770384.jpeg

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0a9b8dbc407b084f51df64bfba76b772b9541468cb7e618db028c6250832484

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 23:53:20 GMT
x-content-type-options: nosniff
age: 28874
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136878
x-xss-protection: 0
last-modified: Sun, 31 Oct 2021 05:42:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 22 Nov 2022 23:53:20 GMT

GET
H2 200 3580984920713681519_11606294599865839794.jpeg
static.doubleclick.net/dynamic/5/40917098/ Frame 3B88 145 KB
145 KB 53ms
28ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.doubleclick.net/dynamic/5/40917098/3580984920713681519_11606294599865839794.jpeg

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b22ddbae9612541b2987d1358c750e62d3ca417553b549a62bedf3c82ccc5e6f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 10:26:34 GMT
x-content-type-options: nosniff
age: 509280
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 148336
x-xss-protection: 0
last-modified: Sun, 31 Oct 2021 05:52:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 17 Nov 2022 10:26:34 GMT

GET
H2 200 1088015601890649296_14989483318269309075.jpeg
static.doubleclick.net/dynamic/5/40917098/ Frame 3B88 161 KB
161 KB 46ms
22ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.doubleclick.net/dynamic/5/40917098/1088015601890649296_14989483318269309075.jpeg

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f31aa684d6ac4068eb11eadfcff7b62fcefe09d4c27ccd390fda72a6ecb27993

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 10:28:57 GMT
x-content-type-options: nosniff
age: 509137
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 164873
x-xss-protection: 0
last-modified: Sun, 31 Oct 2021 05:42:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 17 Nov 2022 10:28:57 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame 3B88 19 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite_fy2019.js

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

65623c8434f7dadaba113a4521a101729ee3e6635e4412f2ccc99fbe6412d15e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:45:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 552
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7840
x-xss-protection: 0
server: cafe
etag: 9525834815172239946
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 07 Dec 2021 07:45:22 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 3B88 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:50:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 260
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 07 Dec 2021 07:50:14 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3B88 119 KB
36 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 23 Nov 2021 07:54:34 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 3B88 15 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:44:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 625
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6415
x-xss-protection: 0
server: cafe
etag: 16810888504096353422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 07 Dec 2021 07:44:09 GMT

GET
H3 200 8627559170804061178
tpc.googlesyndication.com/simgad/ Frame 3B88 36 KB
36 KB 8ms
7ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8627559170804061178

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89a13fc47508559e3db84e9ab60fdc897a56a1886e877b79d12c2fdce40a40a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 19 Nov 2021 06:29:42 GMT
x-content-type-options: nosniff
age: 350692
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36802
x-xss-protection: 0
last-modified: Wed, 02 Oct 2019 06:26:45 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 19 Nov 2022 06:29:42 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 3B88 0
0 38ms
37ms Fetch
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CBD6EOp6cYfijJISFjuwPq5uquAaYuKjNZsLz1ramDIy2g8bYERABILWx3GVglfqngrAHoAGFsurUA8gBCakCSfQh7IjZsj7gAgCoAwHIA5sEqgTVAU_QnkSozxQMy_t0tuFcRAapit3Q1a9_SqluOI2sCRTUPP1GRWK9i1mVzQMaeQ6yb9fg7ozPY73jdMHm_GGWYDbNXMSnlKNvoWFDqK8pI152-_WsfGMiBMBrwodrceQ6oMm8pJdpuFivpDfUumo8QOKeDBf1l46Sk_e15t--YfZtmV8dpOVAGfYF1neItYM32hjkk6hEOmIAj9HD77oEmN5X7voGLQSojdXA6uhZvVjumNeFWH9AYfaS1rdF0GJrCnjFZTI5AqbgyVfx_Xff-q044LsGWsAE_YG0heYB4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB-PNlSuoB47OG6gHk9gbqAfulrECqAf-nrECqAemvhvYBwDyBwQQzuUP0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0yNzQ5NTc1NDY4MzQxNTcxgAoDyAsB2BMNiBQB0BUBgBcBshceChwIABIUcHViLTc5NjgxNDY1MjU1OTc5NzYYpL8c&sigh=iQjFrO687fU&uach_m=[UACH]&template_id=494
Requested by: Host: ez3c.tw
URL: https://ez3c.tw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s04-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3

200

activityi;dc_pre=COSBneuArvQCFczkUQodhm0KrA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=831704947435.9006 Show response
5994599.fls.doubleclick.net/ Frame 2677
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=831704947435.9006?
https://5994599.fls.doubleclick.net/activityi;dc_pre=COSBneuArvQCFczkUQodhm0KrA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=831704947435.9006?

391 B
345 B

42ms
27ms

Document
text/html

142.250.184.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=COSBneuArvQCFczkUQodhm0KrA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=831704947435.9006?

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f6.1e100.net

Software

cafe /

Resource Hash

1a18370584b2073690668ef1982674be8d0566bd4b1de25f7031584e961fef5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 23 Nov 2021 07:54:35 GMT
expires: Tue, 23 Nov 2021 07:54:35 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 322
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 23 Nov 2021 07:54:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=COSBneuArvQCFczkUQodhm0KrA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=831704947435.9006?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK request_content.php Show response
hal900018.redintelligence.net/ Frame 4464 7 KB
3 KB 35ms
13ms Document
text/html 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900018.redintelligence.net/request_content.php?s=41823400036284800710616011787018&a=e0f38d08
Requested by: Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=743de9e98e&subid=&uid=bb81dab89c64d09c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCmG7wOZ6cYaGiLs6NrAS0xJXoBLXN-YNXzN65q-UM8C4QASCY8tMHYJX6p4KwB8gBCakCSfQh7IjZsj6oAwGqBOABT9Delh8yuVg006FW92ZvwV8UUzh2Q9LoK0mOTWLG5nQvpyjee7f-wq0SgHJemUazTDIIud_eIgtLs2cz1zW7USTbILyd_IMPN7ZTlsllly3mustPd6LzoGfPsx2DBg_XKpuw2lPz3D4f0PcY4J68ChOqmtc5QHXmm-eLGj_hR8zxmP5uVNMzgD6kvqqYUg5WRtKIqL6LcEwmJyyJhls5JKWwUEZqG_5SQBRXvsGEi3YLXAUI6L4eae9OdQSv_zGq5-snv62jrClyMMy2XSMS4fL0qjsCcA-JzJ7hDgwKn6zABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKAZgLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRoaEApEE7ZwUDfmZGUGwZoWg%26sig%3DAOD64_2DG1b7DqrvRBbgJ_jA4FJ7mJbRcw%26client%3Dca-pub-9418887123196030%26dbm_c%3DAKAmf-C4j3ndBW4_F53TQPwaeHASZqxVjbYUNBydF5bDy5K9f4_PHt3oudThkpp5vbxHdYVI0xGA2HVGPpUn2I7UsXMe8sjAwGWWWKh3_UQD2gNc0fC4Sf1B6Ml0zeQPOEOcUsJT3N4AGwHlNA3Y8MO6HgnsLSuJ_Q%26cry%3D1%26dbm_d%3DAKAmf-BDZG7LXv69lcTKvYwMkS7VI0BTRttwD9Fv8qsZkPQspra5GssYFktz-5DhMywAnM1tAVz9cX-n47BZi8TN1Uj5a3IMVPt6dVAZg3T_76pCXJ3NAV6KsOoesY7Av7cz4zCdGADpgBiCoiIMATSCOsx-Na7QRqzjMOa_7iJsGTbQlvP3cOpzUsf6C5x3bdGvpTepA7e4ESLDzoKMQb_7iA7bVvEVGJfSqchlg2F1RfTld2mC9M0nNmO1b_SeHkOb_YbgOTV-04IcKrPk1HqnFiibCRbwnOKMTdbJmMJlXv3GPhHTlNkdfaKoWCth3utdB4AlTBU-uftYiX7qLXcFufUyxWxfd9Z4ZxCGiaDIV6I2zxna9XV9ObB1INAf4R7Mym03Iy6YiFVkS95NZGe2C_2l9P8HedBTCLNtMrWcqnas5N2QKvRWHy7fcwruqsR7_PzfQayq%26adurl%3D&documentReferer=https%3A%2F%2Fez3c.tw%2F&ancestorOrigins=https%3A%2F%2Fez3c.tw&random=1412981112930&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: fc5e8c379c47a6c161eece78f90d40766ab2142a3ec5a587ee66d482d0aba9d6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/

Response headers

Date: Tue, 23 Nov 2021 07:54:34 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 23 Nov 2021 07:54:34 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2331
Connection: close
Content-Type: text/html; charset=utf-8

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9398 1 KB
749 B 7ms
6ms Document
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 22 Nov 2021 13:26:12 GMT
expires: Tue, 23 Nov 2021 13:26:12 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 66502
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame F0B5 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 516aff422690e217e970f5a74619853d0996d234729620a18d7a17ea5cdf2c4f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3DD4 143 B
163 B 8ms
6ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Tue, 23 Nov 2021 06:58:25 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 3369
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 3B88 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dc222f51d7a4cd2661eff195c5079838659f5be62d905b5c94866e80eb637ff3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame 4464 89 KB
32 KB 29ms
7ms Script
text/javascript 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js

Requested by

Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=41823400036284800710616011787018&a=e0f38d08

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900018.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 18:54:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 219624
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32245
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 20 Nov 2022 18:54:11 GMT

GET
H/1.1 200
OK 300x250_OMAC_2016_Launch%20(3).jpg
cdn.contentspread.net/24i/advertiser/32995/creativesup/ Frame 4464 52 KB
52 KB 103ms
30ms Image
image/jpeg 51.75.147.170
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/advertiser/32995/creativesup/300x250_OMAC_2016_Launch%20(3).jpg
Requested by: Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=41823400036284800710616011787018&a=e0f38d08
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 51.75.147.170 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3133977.ip-51-75-147.eu
Software: nginx /
Resource Hash: 23ef33989f2db4e8afde93e57b1534aeca826f6c70e794a9d7a418fea9a58614

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900018.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 07:54:35 GMT
Last-Modified: Mon, 20 Jun 2016 09:16:21 GMT
Server: nginx
ETag: "5767b465-ce63"
Content-Type: image/jpeg
Connection: close
Accept-Ranges: bytes
Content-Length: 52835

GET
H2 200 dpixel
cms.quantserve.com/ Frame 9398 35 B
210 B 10ms
9ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEDrlqYkkqq8kpYHnaUNK1Tc&google_cver=1&google_push=AYg5qPJORcgi_DkYT_fvRLzENTBYhQipxUeY518iWzyuDrnd2g6OB3kY_1vTKK1UMkOk-pRFextgwE0-gshmYhX1jb2SpfFLsyg

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:35 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9398
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPJByUGx...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPJByUGx...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTExMjMwNzU0MzUwMDAxMzgyOTc4OTgzMQ%3D%3D&google_push=AYg5qPJByUGxI9-xpx0v4mvSUg7-ylgN5rruLDap_mqrWAwTojMUGeFwbX4hz0wYcJrYCp...

170 B
188 B

18ms
17ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTExMjMwNzU0MzUwMDAxMzgyOTc4OTgzMQ%3D%3D&google_push=AYg5qPJByUGxI9-xpx0v4mvSUg7-ylgN5rruLDap_mqrWAwTojMUGeFwbX4hz0wYcJrYCpOrAta0cJZn9CbnUEqeYF0EyPGBVx0

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTExMjMwNzU0MzUwMDAxMzgyOTc4OTgzMQ%3D%3D&google_push=AYg5qPJByUGxI9-xpx0v4mvSUg7-ylgN5rruLDap_mqrWAwTojMUGeFwbX4hz0wYcJrYCpOrAta0cJZn9CbnUEqeYF0EyPGBVx0
pragma: no-cache
date: Tue, 23 Nov 2021 07:54:35 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Tue, 23 Nov 2021 07:54:35 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9398
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESENXcvZz7d4xprnR0JhZNoUk&google_cver=1&google_push=AYg5qPJgzFqqfQgwfs86WC_ftGuhrB62k15L8hchVoIUkeEY_Ozfw1BDtFvArhpW6OIkJg2cpJUkUbNGmiKhmyOX1P0uHKWDdWc
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJgzFqqfQgwfs86WC_ftGuhrB62k15L8hchVoIUkeEY_Ozfw1BDtFvArhpW6OIkJg2cpJUkUbNGmiKhmyOX1P0uHKWDdWc&google_hm=puCAE4HRxRk0RImPnKzG5A==

170 B
188 B

16ms
16ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJgzFqqfQgwfs86WC_ftGuhrB62k15L8hchVoIUkeEY_Ozfw1BDtFvArhpW6OIkJg2cpJUkUbNGmiKhmyOX1P0uHKWDdWc&google_hm=puCAE4HRxRk0RImPnKzG5A==

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:34 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJgzFqqfQgwfs86WC_ftGuhrB62k15L8hchVoIUkeEY_Ozfw1BDtFvArhpW6OIkJg2cpJUkUbNGmiKhmyOX1P0uHKWDdWc&google_hm=puCAE4HRxRk0RImPnKzG5A==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-request-id: n1nadbpm7kn3krbjv2l1m44ghkeivpgs

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9398
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=XnrBQi6CQf-aD3eItUsdDg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

30ms
30ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=XnrBQi6CQf-aD3eItUsdDg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKbgxNoAW7U350_VxYkQQF9oejOQl0IZIslGUZnYAoYQh5wMzdbeLJNbOA9iD5CxEu3fOCb-SqpvwwU1zHCjnRQMnNpXmk

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=XnrBQi6CQf-aD3eItUsdDg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKbgxNoAW7U350_VxYkQQF9oejOQl0IZIslGUZnYAoYQh5wMzdbeLJNbOA9iD5CxEu3fOCb-SqpvwwU1zHCjnRQMnNpXmk
date: Tue, 23 Nov 2021 07:54:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9398
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEi7d7EOF-t0pSqt-zqnUo0&google_cver=1&google_push=AYg5qPJXN5tpmXbsP857fQ0k2ghAD1qtFXTPOIdnkG4vtzJcKO1UHaYmvorHca0oiB08XxtnuVi...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dCU1lCR1MtMUItRzJKTQ==&google_push=AYg5qPJXN5tpmXbsP857fQ0k2ghAD1qtFXTPOIdnkG4vtzJcKO1UHaYmvorHca0oiB08XxtnuVifobIFaC4CTPRZbLJq2a_QWFI

170 B
188 B

35ms
35ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dCU1lCR1MtMUItRzJKTQ==&google_push=AYg5qPJXN5tpmXbsP857fQ0k2ghAD1qtFXTPOIdnkG4vtzJcKO1UHaYmvorHca0oiB08XxtnuVifobIFaC4CTPRZbLJq2a_QWFI

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dCU1lCR1MtMUItRzJKTQ==&google_push=AYg5qPJXN5tpmXbsP857fQ0k2ghAD1qtFXTPOIdnkG4vtzJcKO1UHaYmvorHca0oiB08XxtnuVifobIFaC4CTPRZbLJq2a_QWFI
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 9398
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2U...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2U...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2U...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2U...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2U...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2U...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2U...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2U...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2U...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2U...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2U...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2U...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2U...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2U...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2U...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2U...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2U...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2U...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2U...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2U...

0
0

GET
H2 200 trk
ag.innovid.com/ Frame 9398 43 B
297 B 129ms
21ms Image
image/gif 2a05:d01c:1d8:8100:f976:bfd0:751d:6023
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEH-fufqBaZ0TvcQAeGpb-s8&google_cver=1&google_push=AYg5qPJMTDvFuPVtKgwoQzFVVoc4c4O5BssqOIdB-TcIsSxexjE6IqlPQ0zw4pkKR8IhwN7bVRpKR_v1ykgE8eHlbIMiYR7rteU
Requested by: Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8100:f976:bfd0:751d:6023 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:35 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 1
expires: -1

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 9398 0
12 B 15ms
15ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J89TLjUhHbn3MiLJCySN8B2TYbLW-0_-HRhoQMhfgsAc0MuAZHgc5KLafficyKdRsHNsBq

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:35 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3DD4
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

73ms
72ms

Document
text/html

2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 23 Nov 2021 07:54:35 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 23 Nov 2021 07:54:35 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 23 Nov 2021 07:54:35 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 dc_pre=COSBneuArvQCFczkUQodhm0KrA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=831704947435.9006
adservice.google.com/ddm/fls/z/ Frame 2677 42 B
63 B 48ms
48ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=COSBneuArvQCFczkUQodhm0KrA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=831704947435.9006

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=COSBneuArvQCFczkUQodhm0KrA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=831704947435.9006?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900018.redintelligence.net/ Frame 4464 0
150 B 33ms
12ms Script
text/html 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900018.redintelligence.net/viewability?s=41823400036284800710616011787018&a=e019aeb7&vb=m
Requested by: Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=41823400036284800710616011787018&a=e0f38d08
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900018.redintelligence.net/request_content.php?s=41823400036284800710616011787018&a=e0f38d08
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 07:54:35 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 4464 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 container.html Show response
1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3757 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Tue, 23 Nov 2021 07:54:32 GMT
expires: Wed, 23 Nov 2022 07:54:32 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 3
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame E367 624 B
297 B 19ms
18ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJW2SxDHxKr-AhiChIa6ATAB&v=APEucNWH87eRVQzYmlugw77w8kt4PFHy_sM1YeJsdcaCdJypk8zYGSrC7v86FqYWVSmdP0WU1IDloxBPQvuVa5OJp48A4JJYy8iZ-rtmr8cvgxAg_1T5VdbiqqCTjDsWnRVWJkEaOXJ8gkUo-OcsBBtSJQJgeW5zIHbCFXnsCOZhK2hV4xcDuk0

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Tue, 23 Nov 2021 07:54:35 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3757 12 KB
9 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BBw_y2Zyj3hloLKWqNmJBNlNHV2oQmU47QUu2y9wOoXMC6j4rCLPNX69vNbwVh_NVG3P1E_SYDUISL1-mQDhKN8Qor94YTx_dEjJMkHTtLwb5qHcr0_4pjETbw43tb8BUKf9f2E2cW06HutXtPsPguyKjofA&dbm_d=AKAmf-A_pWw8codQgvBthBMS_CP4gw6vrfSenDgf7szdK6lSIMD2xIJeWp0aQbljxe_vIRKeD9DLUmNzb4HH-V3PNfssY2A0pGLLxe50nCKNiUWTPvMaZsv5Tv1HgLMh2lzYpy4gmt8MUjD2ope4kHSrbuZLolbnknuXlHrCJS-AaRp1Hpr48NLXlP5Xez6__eR9pb7xGnQItgYu0ZUf0Yra_tfcxdZmxKYBZrqUdx9CHuj8lrxuTkxRqYdpPwV8pCg8Sfo6dp1GnQGRwNzaPJ6mFn_fcdqx778h5t8deSNPZa33Tn-b5-pDLVTOCQXltCL2lwcx6DO2guu-twUZ-0P6FOGv95BGgQ2k_4pUmYAifYtttImHdH8PDuztAZSjn97bHbX8nVXIqdt5kvQZV9nttJgXGnRoqcGwJZgn5W_dAhXRN6C_NtMfi7diF6H6smy9NcaNjWYIbTJ8rFYWjGQQuRWvoXlo2xJZ5Hh2DhQoXEyst0AlQaNw45XJ0gSETM7vRfmxSXxG-gV0t_U7IewETv_8MFNUrK_lIkhUn3Ro0PmXDqZHXjzmlPvaUe3zHx98BDcSZrsv170-MELWxxpfHN-aqpE5AvdlqHP7L62-whuL-MZgnfLoojJwFnCinJLKCvaj3zVgUYxsK5BkebL5PZ5KBBUc10v5yl4YmkkSt824P3cDVDsFGK-AuR9TIVkHfIv0LaONuSu4j3GCQtaFMfLt1bQbh2swHTdKk4Imq0Qq-3oFVA64Pu1daksU50UZ04CFrw88Ngjw4BZqxxzj0Pu7HlqYvrchmDyNw2ON5OoIga0pS__etRcjWSzwScxr-1wv79L9mHfmlbUnXOIj-I1N6H5CDVgAGeCub3b8y1Khl5leUpmmpOyWGe7x_gYzwh5VS4rjYbnkoOolJzUDuv4E9dO1NF6Pp0MRotPa9L44ECD5tesma3v8veMn3dPLwvbrv0j-JAr6XlxXVnv6BDaKVwytYMCEvMscDUJI-UxTz87YI_YoQEROxu50RNEFJT5aUWTkwFhrTmGcy_4wkJWDZ7xPMo_toj7Tx0ZByK1mcVoX0zL7dPx4YjJRNGFrK_szRpMknc3vPuS2_kbvfR_DMjF3WUK6JiZzwFNR7ywxADlTP5Ul0QyHiVIHQ3uMMXGVt6-z-cP7uyindeGDXbP95tibV781dP1S_llzAcdwwluaoVXYNTV9yHzITn4Lj0EL6mNi-svLv0kLv-DK6emzW-vs2LdeLilqiRjUKt2YK3onLgUJnBExcQa-EDGaaVP0BRfOGY6aJJVVM3XkDDzxHX6-A1y7SbOpK1HzGXz_gUVWbvPfy9kedTKqAE5RzuAUPPBIY5V3AfVE_1907BbvwPIhewcNpTXOw-U-LO8Yf5QpuMW2Ra7rpnkPQt61PHDawz2_ahmvjQwZbLczzTD41BkHDG2mvqgxpY0YCmfNXjwwivGrzqV5f05t5jg7cqkInhN2m8V_3l656NYT3XJVSMcD2UEXyoXiZrCR-XNVC_FERCaapjd33Ek3YNMggbwrrgAbvhuoGYdn9QVTxUg5JBfdcBpQ3KuhVxtxiyGMe86zep0KOdbwLmpg1cyggcoSzJD7nAuF1aoKa2JgReQ3FPYGjAMmCEulIPsOkxP2cf3eGzSMjwQTzNaw5IGbDFOURIHPp0NPWKrp3uh8wcqtELNy7NuFZm5fQWXahi1XHTriwDYR34nQPgaEgeyOEJksIkQ3AJ3BOvoyhWoUYSRAXqHzQScD7dagg0Q_uzGoW_flboHk7ag3ljY-KeXB_ptQGZg0O8u9crVnQrZDN408dGJq955BAq8aK08m4NL3iJFHs93s2NVGuMLAQl6Nv35JS-DEqgk3vBat5DU30zy0uIGF0nmNhzCZfmmUW0vP9rAhS2vcG0268j1kQviwKd36mlyQFDqBimVMv-B5oz2qhwyD-Jl_2PCrom8IO_kfglLvaG0Lb9G5QnJtkcdnf2_0miAYpATcY55E0Sc5drRVV46bNPjn1KCnppEQopdZwX8RfOlrtcDoAFH9XEDB16LBIvZhvhv_SR282ZZj7yhZ4vUjQLsooHkNWSe-PoDdIVcfaD_Sp8knCXgGmTtZ7XGJExvHy2DitLvBLN1S_GfGPzVW_JEX2JDis1FYuPPbxq172-CVrZXVhG0ddxZ7Gj5V8Pfe0O8APC9FGvgIhf7kPRkJ3BHtyTxXglIdw4Bw2XVgsBpivPCEbnpj89jFanoGoFqYIQM_NidIK7hDs3fAFN_xtw0YCxnPIfyNLYJqmI8abNifmW8WWrakO6KMgNGixrEtVd-zOG6TXas2RrBJ8aSJEvycZFU0fZCzKuX3WHQPLpPp7d71c_NRie36KlfjpC_DgbG86EW1ZCgm4cLN-tUn7mUZ9xGIJYkK11cq7Lf0yaV4T6Akrx4qwbiI6Q8Ndq3YhwAHSkR3RWQNbqAW8WbpwI1BumwqXZSRi6f__uDYKn68_c1eqeqjL_oq6Y7Htm2_Vb56XVX-5KH_a19nZ8HU-ccG-UUjDIfHMA_aMfwlOLLXtK637BMkXGT3GbMEBh-axRSubSnMrZKidEcaLev2gNMIw67EfZkX_gsZ85P8aDc&cid=CAASEuRoMeC84u7lcNZUEF_vWVU3mA&rfl=1%2Chttps%253A%252F%252Fez3c.tw%252F%240

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9954128ade72466d5b3c09ea540f20727bf518f4d4153f3256d0f90841ad00f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9485
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3757 42 B
63 B 39ms
39ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D4NNhWzIVanUWP3eBhd-_D5wLbMmeN84BENSzcgUzG53xerEBawwKeqazYHz8M2n8VmCdPxj-r_dG0_CijiYKJXUrrauMF456-L7VKqYf4l1pAPZE

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame 3757 41 KB
18 KB 92ms
37ms Script
text/javascript 142.250.13.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNVMwhUlUXaEJrCWyM7RP_l7pidB4KYJ3pVf--yqB3huyiNz4Y4&d=CnkAoCZ_4Ip_DemmVpWV7NQwTIFAlYT0GjVwv4zyjvtaBC8JTlTdWIi_L4G0vz3AaHpkozHMJZOFveiPE_vRcNUKbCntIqESjVXDdVfOW0fZNOAzuZ3B4-Ke_d4VgYkjwGshnNh4f5zqmW9yBTKPUApBtw9T8xE6LxIiEskRAKAmf-D4KIWR23SwIaKMDmoZNVXVEwHq2YMzKLvFnL_tZePOq8g8LEUdxnaTwTs96pjM4FCeJKGK7CXZ1HG_hvL2pFOKDotO17LXjxuiggEUIUTwolHDak1QEU2vEd7caCRlhFjwLD1SIVqXb2qUBzqJ0qOqdH2vMzDXMJWIVMi-unKkKQRo0lY1x-i6U0t8UNyvXe09B1Hj5fwtgTwdWHZpzgcHfU3R7z1fDIMZXlrSvB2Gw5H_WdgDa9BejHetDT-MVtEzfgLiMZYX6TiLCiihf-FHM5A-R1sUwLiVrOTcSMp_hca4OPqrUVbeyia5Zoex-o_mC37A-VkbYPyiTaloLFEEGyBuFcq1dEW0NkIwbmJN6ziAPdKmKTlMwVRnAU0bMeopFMQOqGGGKYr7Qrdid2nXq6qVNCrVQPKj7OtF8RxMvsYgPI29z3NCGWxKgQCIMwOJlCKanEnUQYPNow8OuBXdc87jT1Yu-NqTG8CeZtLSs1iZtettxa85eIItQxLMs7xOUUM03XjIKf5ZHD2KINTJgnQmV2xiBK6zs9l1XFQfhOikNeJSlKtF2ZkeWh92kv7m97SeI0dXOzrDsRhd1i1aec4uj8XuESPjqQYLBffnMTi6KJkCb7JtsFyC4x9IODUClI4vOByWd5-g9sW_IqjdCjmn0UHpZGCY-XiGZJXHtLktc6kxD7o1YqfNDSGDr4X12QxeAeAX0TxFU5P8Z_2GQRwpWgv5F7zHEwJFtGSpKSLZwnLHr8TJApgsKOUo-PckJ6vTaOydPJHnoSaVOqDSG2pR8NNrLfwXXUBcEsukeGsru1afMr8yz6QR54ycTSrV__R0PiPBn1KpkuJlWyq1DyhqYbgQQMc6gYbNO2XK0aryvlbO0-vxAA2jykz8_LRyCQRKz_8CDdmWcMuYBHXpw9HYOjp1KTatwPbZYtX71xOVOCn443AeE9MjlAy4rtClhTbeC0bG-8OY2mUNJnfA3f5vyhyGpJ9O5X0MoC3PBg0HSGpWU1440RuEf7DB2vrM55RcDcQwZy8Bd7Dv3Gm-R4T7AmLC7EcA5xpyvsc3naCg_6-exP4_fHmgXcJlGToFZfiDsn80ZYCKsB4EIttpX8F35TS6OakksX6RMffhmea0EcvSZ12Jg6hKhjFIgpm-dn-93XVdxI6-qeafWoRPDgUvCku8sgrznznXS6_wgvVGfiRsCDzsH1J0h-bNBoB9HgksAsdX2eD-bzDtS8eR9-HNhMrFRFOw5ZSH56WPZ6dd2mIWE34gAcI3u2ygWNYGZZJNK-GEMG3QZUk61-AMDziIBQWbzLm-GM5TqnXLrmM870cSHNDwBUny5v7t_qmPUbsi6Zd2Q6gGPBQFvfINQctlJZUe8S0jij8wZkEPt61zjHjdU9F78bMxJFKv-dTo825sQ30-IHLRs4diSQrelP7phM2DZneWgQfjGb7U07QgHxjdCvqEcgPoqg_-c_gcQJ6k4Xjy60qotIejiGX7uVNlOWMFaBmciqKq1rpx7TNRAiFwWPJPgDzPn6QH4UctYSA7UtwQrnsrn4vsUxPS11WAMkR2zVj4po_AUwmIgbSUqUXhb5sTuSxW6tQ7wdeCkfYsqyuzct8vlIFWwCUqusoerK_LBt2ATm3Tztnot-0UYghiTO1Y8JUKL1Q4aL8V8Kd7OdK62yWApQur-NbWmcJkm9kPmBJDD7SvkJB9srU3Yhqbb9VwZjae2sMEObpfqwufR6HkU9MZhwjm0mxlBQ2RYb-bylVMpT7kYns8koq_AzNSsVdWHqyZVofWHQ0imoSssu0zKeHZARsTzsWlXhBb6hAeXIpSkHZ5APRHSJSqEtotfhDPIVIhdmyMIa7NoEWKR7pUKXYLEPNctXnzISzlVSwABpiwEaW4tdkeT6HjWRatc2wqXzNoxbvquLllmZyJhR9O62P5FYdsCG8vPXPvkzjPLpJOBcqVcZtEgazZ8CJ7un-xVnaQrwaa6tjJL3umjQj5XWP6OV_knT16ygDwYwFZW6om3NbdJIjpk02-e7wvwmNNOs6xNBohZehD6O7u2cTBdrf1SkHMA77oH-El-1e0xJ2N4MsxZinjiJymIOY_81p53pgLtncrEfmCIMlT4ztNDMgxb4WWEQJATny1jwHc_lYm2VGTKfA8E27s3Axxg6vSSyfhxf0K2lOLOQBzcR26GpvzVB0Kf-nQdivLvA3ZPRZ2vwBuzBo8iug_-Ox6M-fxqsPBm5rHcy7FrTP7Le1NlCb5BkgsbXHxH29ne5u8uc3MAGQ5Pcu9M-ezZ8taGkdQ2-h0pLeHB0U3HJw3lpDq_g9yW184lqlLAXkgeTzMpcf0tBtVpw-nGWWyzP3eZxqHRdOwNNiRzpyEQ8orU7HxB7QepRM1LGEtHJX0x7olgGPZxbWUwTBNSSbGa7dtx7XTUlaqmJBQ_sp11lzeGFMV1jQ1v5ExI_RRZiAz_Z2QFR2WSEMQPBZeIqa01Ip_FtCRyeQ0DbTkOkovFdy7TAtlcbANv_dtRoDEIS0S4r8ECVaD2rBgvQUQj5j3OnYBpjxQ5siaIVbUqaQHGeUYBlLXDzdeBM93VbmYAI8NbqXeRtXS-KyMX0ADSUpauC6jt-0XTIWdvSfiV90CoF4HiUZkTMGn0a_sM8vj-ChTFtatnXDWDB55IDvFUWZIJKB964WzAkJSIYKbAbGdbsF00Sxr_7gWoMN-8NeDyzfqxuFAmNNcx80-wLvAX8_EqdP0C-cCJhIpcMuD8DsETKEsGtq3zN3-DY7ZyDZjVZDPeB2CN4cjNeLcmRRC-7zJDX0_xZVvyeIunCwzOxDU6U7vUIIcRHPXF9105PZ_i3GnHKzDLjjjG2KGbNWucoRtrKVmQhuyhZr9guVw_en2D_60bz_kT8Cm8Q0g-BsVIjXyYPavUqseTuEtenQP_6a2toiwjQEV_OdpwPiV25nvEpmbVt9LYYOr2C8n2XgibiwnPUPVH8Y4pyQja2O69dEwcEoaFggAEhLkaDHgvOLu5XDWVBBf71lVN5hgAQ

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.13.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

we-in-f154.1e100.net

Software

cafe /

Resource Hash

ff0345339160683aa4465feb226b774134d63c6990c06d72f6018090b79c2d8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17447
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ca Show response
choices.truste.com/ Frame 3757 27 KB
10 KB 37ms
9ms Script
text/javascript 143.204.98.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.truste.com/ca?pid=digitas01&aid=hpeus01&js=pmw0&cid=1&c=digitas01cont8&w=728&h=90
Requested by: Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-27.fra50.r.cloudfront.net
Software: nginx /
Resource Hash: 2b0ae969ae76514eaa17464176b98e2f09723241e3caa368891514ebe29a9805

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 10:04:05 GMT
content-encoding: gzip
server: nginx
age: 78630
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 fa5a3d5abd34c6fac657b045a4dcbdc5.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: QDx0vH6YrT1L2SLKXyML58Au2jZ2M4DInm3mY6sD8ChNDYgGgYujRA==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 3757 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:50:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 261
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 07 Dec 2021 07:50:14 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3757 119 KB
36 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 23 Nov 2021 07:54:35 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 3757 15 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:44:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 626
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6415
x-xss-protection: 0
server: cafe
etag: 16810888504096353422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 07 Dec 2021 07:44:09 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 3757 0
0 14ms
14ms Image
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSrb4Dfan1cIm0_-s_yb_7455G55ObpfkOPMkuOj3vNDr9XjdRpvaVjicqbPQy_ef3JXPmbMwlqd1gzKeOoVmgjkww32A
Requested by: Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame E367
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG539ynz_Kqgrjg4ZbLLPzo&google_cver=1

43 B
894 B

13ms
13ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG539ynz_Kqgrjg4ZbLLPzo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJW2SxDHxKr-AhiChIa6ATAB&v=APEucNWH87eRVQzYmlugw77w8kt4PFHy_sM1YeJsdcaCdJypk8zYGSrC7v86FqYWVSmdP0WU1IDloxBPQvuVa5OJp48A4JJYy8iZ-rtmr8cvgxAg_1T5VdbiqqCTjDsWnRVWJkEaOXJ8gkUo-OcsBBtSJQJgeW5zIHbCFXnsCOZhK2hV4xcDuk0
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 23 Nov 2021 07:54:35 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 23 Nov 2021 07:54:35 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:35 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG539ynz_Kqgrjg4ZbLLPzo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame E367
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YZyeOzw-CvHKBG65WPqalQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG539ynz_Kqgrjg4ZbLLPzo&google_cver=1

43 B
894 B

13ms
13ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG539ynz_Kqgrjg4ZbLLPzo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJW2SxDHxKr-AhiChIa6ATAB&v=APEucNWH87eRVQzYmlugw77w8kt4PFHy_sM1YeJsdcaCdJypk8zYGSrC7v86FqYWVSmdP0WU1IDloxBPQvuVa5OJp48A4JJYy8iZ-rtmr8cvgxAg_1T5VdbiqqCTjDsWnRVWJkEaOXJ8gkUo-OcsBBtSJQJgeW5zIHbCFXnsCOZhK2hV4xcDuk0
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 23 Nov 2021 07:54:35 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 23 Nov 2021 07:54:35 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:35 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG539ynz_Kqgrjg4ZbLLPzo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame E367
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEB_JvECIJtHqf3FWsEMqSTk&google_cver=1

43 B
1004 B

18ms
17ms

Image
image/gif

37.252.172.250
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEB_JvECIJtHqf3FWsEMqSTk&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJW2SxDHxKr-AhiChIa6ATAB&v=APEucNWH87eRVQzYmlugw77w8kt4PFHy_sM1YeJsdcaCdJypk8zYGSrC7v86FqYWVSmdP0WU1IDloxBPQvuVa5OJp48A4JJYy8iZ-rtmr8cvgxAg_1T5VdbiqqCTjDsWnRVWJkEaOXJ8gkUo-OcsBBtSJQJgeW5zIHbCFXnsCOZhK2hV4xcDuk0

Protocol

HTTP/1.1

Server

37.252.172.250 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 23 Nov 2021 07:54:35 GMT
X-Proxy-Origin: 91.199.118.78; 91.199.118.78; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: e8a5b9f8-2957-4a13-bd7d-035f1a675042
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:35 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEB_JvECIJtHqf3FWsEMqSTk&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E367
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjcxOTI5MDI3MDQwOTAxNDM4Ng%3D%3D

170 B
188 B

16ms
16ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjcxOTI5MDI3MDQwOTAxNDM4Ng%3D%3D

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 23 Nov 2021 07:54:35 GMT
X-Proxy-Origin: 91.199.118.78; 91.199.118.78; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: e7b1b19d-f0b9-4088-8460-9cb46a517ef8
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjcxOTI5MDI3MDQwOTAxNDM4Ng%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 3757 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BBw_y2Zyj3hloLKWqNmJBNlNHV2oQmU47QUu2y9wOoXMC6j4rCLPNX69vNbwVh_NVG3P1E_SYDUISL1-mQDhKN8Qor94YTx_dEjJMkHTtLwb5qHcr0_4pjETbw43tb8BUKf9f2E2cW06HutXtPsPguyKjofA&dbm_d=AKAmf-A_pWw8codQgvBthBMS_CP4gw6vrfSenDgf7szdK6lSIMD2xIJeWp0aQbljxe_vIRKeD9DLUmNzb4HH-V3PNfssY2A0pGLLxe50nCKNiUWTPvMaZsv5Tv1HgLMh2lzYpy4gmt8MUjD2ope4kHSrbuZLolbnknuXlHrCJS-AaRp1Hpr48NLXlP5Xez6__eR9pb7xGnQItgYu0ZUf0Yra_tfcxdZmxKYBZrqUdx9CHuj8lrxuTkxRqYdpPwV8pCg8Sfo6dp1GnQGRwNzaPJ6mFn_fcdqx778h5t8deSNPZa33Tn-b5-pDLVTOCQXltCL2lwcx6DO2guu-twUZ-0P6FOGv95BGgQ2k_4pUmYAifYtttImHdH8PDuztAZSjn97bHbX8nVXIqdt5kvQZV9nttJgXGnRoqcGwJZgn5W_dAhXRN6C_NtMfi7diF6H6smy9NcaNjWYIbTJ8rFYWjGQQuRWvoXlo2xJZ5Hh2DhQoXEyst0AlQaNw45XJ0gSETM7vRfmxSXxG-gV0t_U7IewETv_8MFNUrK_lIkhUn3Ro0PmXDqZHXjzmlPvaUe3zHx98BDcSZrsv170-MELWxxpfHN-aqpE5AvdlqHP7L62-whuL-MZgnfLoojJwFnCinJLKCvaj3zVgUYxsK5BkebL5PZ5KBBUc10v5yl4YmkkSt824P3cDVDsFGK-AuR9TIVkHfIv0LaONuSu4j3GCQtaFMfLt1bQbh2swHTdKk4Imq0Qq-3oFVA64Pu1daksU50UZ04CFrw88Ngjw4BZqxxzj0Pu7HlqYvrchmDyNw2ON5OoIga0pS__etRcjWSzwScxr-1wv79L9mHfmlbUnXOIj-I1N6H5CDVgAGeCub3b8y1Khl5leUpmmpOyWGe7x_gYzwh5VS4rjYbnkoOolJzUDuv4E9dO1NF6Pp0MRotPa9L44ECD5tesma3v8veMn3dPLwvbrv0j-JAr6XlxXVnv6BDaKVwytYMCEvMscDUJI-UxTz87YI_YoQEROxu50RNEFJT5aUWTkwFhrTmGcy_4wkJWDZ7xPMo_toj7Tx0ZByK1mcVoX0zL7dPx4YjJRNGFrK_szRpMknc3vPuS2_kbvfR_DMjF3WUK6JiZzwFNR7ywxADlTP5Ul0QyHiVIHQ3uMMXGVt6-z-cP7uyindeGDXbP95tibV781dP1S_llzAcdwwluaoVXYNTV9yHzITn4Lj0EL6mNi-svLv0kLv-DK6emzW-vs2LdeLilqiRjUKt2YK3onLgUJnBExcQa-EDGaaVP0BRfOGY6aJJVVM3XkDDzxHX6-A1y7SbOpK1HzGXz_gUVWbvPfy9kedTKqAE5RzuAUPPBIY5V3AfVE_1907BbvwPIhewcNpTXOw-U-LO8Yf5QpuMW2Ra7rpnkPQt61PHDawz2_ahmvjQwZbLczzTD41BkHDG2mvqgxpY0YCmfNXjwwivGrzqV5f05t5jg7cqkInhN2m8V_3l656NYT3XJVSMcD2UEXyoXiZrCR-XNVC_FERCaapjd33Ek3YNMggbwrrgAbvhuoGYdn9QVTxUg5JBfdcBpQ3KuhVxtxiyGMe86zep0KOdbwLmpg1cyggcoSzJD7nAuF1aoKa2JgReQ3FPYGjAMmCEulIPsOkxP2cf3eGzSMjwQTzNaw5IGbDFOURIHPp0NPWKrp3uh8wcqtELNy7NuFZm5fQWXahi1XHTriwDYR34nQPgaEgeyOEJksIkQ3AJ3BOvoyhWoUYSRAXqHzQScD7dagg0Q_uzGoW_flboHk7ag3ljY-KeXB_ptQGZg0O8u9crVnQrZDN408dGJq955BAq8aK08m4NL3iJFHs93s2NVGuMLAQl6Nv35JS-DEqgk3vBat5DU30zy0uIGF0nmNhzCZfmmUW0vP9rAhS2vcG0268j1kQviwKd36mlyQFDqBimVMv-B5oz2qhwyD-Jl_2PCrom8IO_kfglLvaG0Lb9G5QnJtkcdnf2_0miAYpATcY55E0Sc5drRVV46bNPjn1KCnppEQopdZwX8RfOlrtcDoAFH9XEDB16LBIvZhvhv_SR282ZZj7yhZ4vUjQLsooHkNWSe-PoDdIVcfaD_Sp8knCXgGmTtZ7XGJExvHy2DitLvBLN1S_GfGPzVW_JEX2JDis1FYuPPbxq172-CVrZXVhG0ddxZ7Gj5V8Pfe0O8APC9FGvgIhf7kPRkJ3BHtyTxXglIdw4Bw2XVgsBpivPCEbnpj89jFanoGoFqYIQM_NidIK7hDs3fAFN_xtw0YCxnPIfyNLYJqmI8abNifmW8WWrakO6KMgNGixrEtVd-zOG6TXas2RrBJ8aSJEvycZFU0fZCzKuX3WHQPLpPp7d71c_NRie36KlfjpC_DgbG86EW1ZCgm4cLN-tUn7mUZ9xGIJYkK11cq7Lf0yaV4T6Akrx4qwbiI6Q8Ndq3YhwAHSkR3RWQNbqAW8WbpwI1BumwqXZSRi6f__uDYKn68_c1eqeqjL_oq6Y7Htm2_Vb56XVX-5KH_a19nZ8HU-ccG-UUjDIfHMA_aMfwlOLLXtK637BMkXGT3GbMEBh-axRSubSnMrZKidEcaLev2gNMIw67EfZkX_gsZ85P8aDc&cid=CAASEuRoMeC84u7lcNZUEF_vWVU3mA&rfl=1%2Chttps%253A%252F%252Fez3c.tw%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 19 Nov 2021 12:35:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 328763
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sat, 19 Nov 2022 12:35:12 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 209C 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Fri, 19 Nov 2021 12:35:14 GMT
expires: Sat, 19 Nov 2022 12:35:14 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 328761
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 W74_wbIuhH6bObXj0uCjode8PwiBrxgOKnAqo6ShAmY.js Show response
pagead2.googlesyndication.com/bg/ Frame 209C 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/W74_wbIuhH6bObXj0uCjode8PwiBrxgOKnAqo6ShAmY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5bbe3fc1b22e847e9b39b5e3d2e0a3a1d7bc3f0881af180e2a702aa3a4a10266

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 13:45:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65350
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13296
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 22 Nov 2022 13:45:25 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame 3757 24 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite.js

Requested by

Host: bid.g.doubleclick.net
URL: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNVMwhUlUXaEJrCWyM7RP_l7pidB4KYJ3pVf--yqB3huyiNz4Y4&d=CnkAoCZ_4Ip_DemmVpWV7NQwTIFAlYT0GjVwv4zyjvtaBC8JTlTdWIi_L4G0vz3AaHpkozHMJZOFveiPE_vRcNUKbCntIqESjVXDdVfOW0fZNOAzuZ3B4-Ke_d4VgYkjwGshnNh4f5zqmW9yBTKPUApBtw9T8xE6LxIiEskRAKAmf-D4KIWR23SwIaKMDmoZNVXVEwHq2YMzKLvFnL_tZePOq8g8LEUdxnaTwTs96pjM4FCeJKGK7CXZ1HG_hvL2pFOKDotO17LXjxuiggEUIUTwolHDak1QEU2vEd7caCRlhFjwLD1SIVqXb2qUBzqJ0qOqdH2vMzDXMJWIVMi-unKkKQRo0lY1x-i6U0t8UNyvXe09B1Hj5fwtgTwdWHZpzgcHfU3R7z1fDIMZXlrSvB2Gw5H_WdgDa9BejHetDT-MVtEzfgLiMZYX6TiLCiihf-FHM5A-R1sUwLiVrOTcSMp_hca4OPqrUVbeyia5Zoex-o_mC37A-VkbYPyiTaloLFEEGyBuFcq1dEW0NkIwbmJN6ziAPdKmKTlMwVRnAU0bMeopFMQOqGGGKYr7Qrdid2nXq6qVNCrVQPKj7OtF8RxMvsYgPI29z3NCGWxKgQCIMwOJlCKanEnUQYPNow8OuBXdc87jT1Yu-NqTG8CeZtLSs1iZtettxa85eIItQxLMs7xOUUM03XjIKf5ZHD2KINTJgnQmV2xiBK6zs9l1XFQfhOikNeJSlKtF2ZkeWh92kv7m97SeI0dXOzrDsRhd1i1aec4uj8XuESPjqQYLBffnMTi6KJkCb7JtsFyC4x9IODUClI4vOByWd5-g9sW_IqjdCjmn0UHpZGCY-XiGZJXHtLktc6kxD7o1YqfNDSGDr4X12QxeAeAX0TxFU5P8Z_2GQRwpWgv5F7zHEwJFtGSpKSLZwnLHr8TJApgsKOUo-PckJ6vTaOydPJHnoSaVOqDSG2pR8NNrLfwXXUBcEsukeGsru1afMr8yz6QR54ycTSrV__R0PiPBn1KpkuJlWyq1DyhqYbgQQMc6gYbNO2XK0aryvlbO0-vxAA2jykz8_LRyCQRKz_8CDdmWcMuYBHXpw9HYOjp1KTatwPbZYtX71xOVOCn443AeE9MjlAy4rtClhTbeC0bG-8OY2mUNJnfA3f5vyhyGpJ9O5X0MoC3PBg0HSGpWU1440RuEf7DB2vrM55RcDcQwZy8Bd7Dv3Gm-R4T7AmLC7EcA5xpyvsc3naCg_6-exP4_fHmgXcJlGToFZfiDsn80ZYCKsB4EIttpX8F35TS6OakksX6RMffhmea0EcvSZ12Jg6hKhjFIgpm-dn-93XVdxI6-qeafWoRPDgUvCku8sgrznznXS6_wgvVGfiRsCDzsH1J0h-bNBoB9HgksAsdX2eD-bzDtS8eR9-HNhMrFRFOw5ZSH56WPZ6dd2mIWE34gAcI3u2ygWNYGZZJNK-GEMG3QZUk61-AMDziIBQWbzLm-GM5TqnXLrmM870cSHNDwBUny5v7t_qmPUbsi6Zd2Q6gGPBQFvfINQctlJZUe8S0jij8wZkEPt61zjHjdU9F78bMxJFKv-dTo825sQ30-IHLRs4diSQrelP7phM2DZneWgQfjGb7U07QgHxjdCvqEcgPoqg_-c_gcQJ6k4Xjy60qotIejiGX7uVNlOWMFaBmciqKq1rpx7TNRAiFwWPJPgDzPn6QH4UctYSA7UtwQrnsrn4vsUxPS11WAMkR2zVj4po_AUwmIgbSUqUXhb5sTuSxW6tQ7wdeCkfYsqyuzct8vlIFWwCUqusoerK_LBt2ATm3Tztnot-0UYghiTO1Y8JUKL1Q4aL8V8Kd7OdK62yWApQur-NbWmcJkm9kPmBJDD7SvkJB9srU3Yhqbb9VwZjae2sMEObpfqwufR6HkU9MZhwjm0mxlBQ2RYb-bylVMpT7kYns8koq_AzNSsVdWHqyZVofWHQ0imoSssu0zKeHZARsTzsWlXhBb6hAeXIpSkHZ5APRHSJSqEtotfhDPIVIhdmyMIa7NoEWKR7pUKXYLEPNctXnzISzlVSwABpiwEaW4tdkeT6HjWRatc2wqXzNoxbvquLllmZyJhR9O62P5FYdsCG8vPXPvkzjPLpJOBcqVcZtEgazZ8CJ7un-xVnaQrwaa6tjJL3umjQj5XWP6OV_knT16ygDwYwFZW6om3NbdJIjpk02-e7wvwmNNOs6xNBohZehD6O7u2cTBdrf1SkHMA77oH-El-1e0xJ2N4MsxZinjiJymIOY_81p53pgLtncrEfmCIMlT4ztNDMgxb4WWEQJATny1jwHc_lYm2VGTKfA8E27s3Axxg6vSSyfhxf0K2lOLOQBzcR26GpvzVB0Kf-nQdivLvA3ZPRZ2vwBuzBo8iug_-Ox6M-fxqsPBm5rHcy7FrTP7Le1NlCb5BkgsbXHxH29ne5u8uc3MAGQ5Pcu9M-ezZ8taGkdQ2-h0pLeHB0U3HJw3lpDq_g9yW184lqlLAXkgeTzMpcf0tBtVpw-nGWWyzP3eZxqHRdOwNNiRzpyEQ8orU7HxB7QepRM1LGEtHJX0x7olgGPZxbWUwTBNSSbGa7dtx7XTUlaqmJBQ_sp11lzeGFMV1jQ1v5ExI_RRZiAz_Z2QFR2WSEMQPBZeIqa01Ip_FtCRyeQ0DbTkOkovFdy7TAtlcbANv_dtRoDEIS0S4r8ECVaD2rBgvQUQj5j3OnYBpjxQ5siaIVbUqaQHGeUYBlLXDzdeBM93VbmYAI8NbqXeRtXS-KyMX0ADSUpauC6jt-0XTIWdvSfiV90CoF4HiUZkTMGn0a_sM8vj-ChTFtatnXDWDB55IDvFUWZIJKB964WzAkJSIYKbAbGdbsF00Sxr_7gWoMN-8NeDyzfqxuFAmNNcx80-wLvAX8_EqdP0C-cCJhIpcMuD8DsETKEsGtq3zN3-DY7ZyDZjVZDPeB2CN4cjNeLcmRRC-7zJDX0_xZVvyeIunCwzOxDU6U7vUIIcRHPXF9105PZ_i3GnHKzDLjjjG2KGbNWucoRtrKVmQhuyhZr9guVw_en2D_60bz_kT8Cm8Q0g-BsVIjXyYPavUqseTuEtenQP_6a2toiwjQEV_OdpwPiV25nvEpmbVt9LYYOr2C8n2XgibiwnPUPVH8Y4pyQja2O69dEwcEoaFggAEhLkaDHgvOLu5XDWVBBf71lVN5hgAQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:53:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9475
x-xss-protection: 0
server: cafe
etag: 15988442915344899701
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 07 Dec 2021 07:53:45 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/ Frame 3757 8 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:51:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 181
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 07 Dec 2021 07:51:34 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3757 0
524 B 67ms
43ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss9gGXrKEY8DOUoqOjLcFq8IADealsscf5rFQ9U96kS2gas16qO718zyDy3Z1WPm0n8NWzDKHt8Wm4xUJknpnaZIWaMFu4iWi-_syZNVr_qBVIdeYga58lbmM76BxAsRbhErbM6up9X7oHr&sai=AMfl-YSZ2sMbe4a4MglYQpFTmXiTllX_dO4EyRGc-3IQkBvSs3vqoV5W26yYUTkvFgbpgyyhfOC53bO6-53pSYXmpcuHX4-C2yzzqJw&sig=Cg0ArKJSzBRjucAPGyvjEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20211111.72256&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Tue, 23 Nov 2021 07:54:35 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 620000111_Q421_AI_reinventbankingV1_static_728x90_NVIDIA_x_DE-DE.jpg
s0.2mdn.net/10774078/ Frame 3757 19 KB
19 KB 23ms
8ms Image
image/jpeg 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/620000111_Q421_AI_reinventbankingV1_static_728x90_NVIDIA_x_DE-DE.jpg

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d61bef89d6850c7459614ce542bb9be2daf8a7d68d270033b85a0d619ef4aea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 10:00:01 GMT
x-content-type-options: nosniff
age: 78874
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19046
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 16:10:15 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 23 Nov 2021 10:00:01 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012111011823000/ Frame BDC6 189 KB
55 KB 60ms
8ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98ba8f881333898d751dabe4f8b4cacc4489a9f5b6b4fd1fc67c571dbfec95cf

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 548641
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55592
x-xss-protection: 0
server: sffe
date: Tue, 16 Nov 2021 23:30:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "11dee2040f5fc1d7"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 16 Nov 2022 23:30:34 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame BDC6 13 KB
5 KB 70ms
18ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65f6185cfe1cf88fa7981160dd6fa443e111887215b72953718ea70f8e2ba9f2

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 42139
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4992
x-xss-protection: 0
server: sffe
date: Mon, 22 Nov 2021 20:12:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "858600ba27ef7413"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 22 Nov 2022 20:12:16 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame BDC6 89 KB
28 KB 70ms
19ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e97fc43ecd2f16948c3a8d2de65e0e5483db4ed5ab174058c178ca1c8665d0b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 526488
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28555
x-xss-protection: 0
server: sffe
date: Wed, 17 Nov 2021 05:39:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a64e482645fd262b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 17 Nov 2022 05:39:47 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame BDC6 5 KB
2 KB 72ms
20ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d76ab4ac854cafef51bbbb5177ea75816df90e3c775294991a016404f2b6bb5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 550085
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1731
x-xss-protection: 0
server: sffe
date: Tue, 16 Nov 2021 23:06:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "cb4f0e89d7d37d9b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 16 Nov 2022 23:06:30 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame BDC6 40 KB
13 KB 73ms
21ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a630b852e94f20cb8140704fd830bf40bfea0a2effaa67d06a0eadafbf3d508

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 550471
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12826
x-xss-protection: 0
server: sffe
date: Tue, 16 Nov 2021 23:00:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "f02165e023e70703"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 16 Nov 2022 23:00:04 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame BDC6 4 KB
618 B 16ms
14ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&lang=de

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 06:24:30 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 23 Nov 2021 07:54:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 23 Nov 2021 07:54:35 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame BDC6 4 KB
618 B 16ms
14ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&text=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 06:06:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 23 Nov 2021 07:54:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 23 Nov 2021 07:54:35 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/2724103516959114301/ Frame BDC6 19 KB
19 KB 10ms
8ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2724103516959114301/downsize_200k_v1?sqp=4sqPyQSLAUKIAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-Mg8I2AQQugIYASABLQAAAD8&rs=AOga4qkarwuXrQlWKoRNQAafomlr6gayVg

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c46ab36aaf870761c1874ef863b53422268d0e836cb13b4625bf65e6573ebdc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 20:26:30 GMT
x-content-type-options: nosniff
age: 127685
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19394
x-xss-protection: 0
last-modified: Wed, 17 Nov 2021 16:30:23 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 21 Nov 2022 20:26:30 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame BDC6 0
0 38ms
37ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CKN6wO56cYeLfB8bo3gPck5HYA7304MVmp7TL3-UOne_vh_QXEAEgtbHcZWCV-qeCsAegAdOx-cgDyAEGqQJIZA0mWdqyPuACAKgDAcgDCqoE0wFP0POdh9ycGaJHbdrhTNh5NKPHJ844xKoAaM9Vi2RS9qm4WyoylERsxbGg7UKWopPqGdhFj6fk1sZIgx_Uc0iONLxvQPeQdo5cY1bmH6t-4CsgL7Bnk7O__j_DbfN3EIG-ylnrNHJelAZ0EBHc8-1mSH7s1RRe7EL5WGpdrNFBDrwqgx2ABYLODq0rmE6Mbw0XBCNJErwKfk0ZVPo_WJcgxtVZHjyNxtUG52fV2cOk_Kg-3VBe74_uf8OihYeYgrL9rZzhUrwmYLW7WCGm--R2R8HcwAS6r56E6gPgBAGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGN4AH1pPlOKgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEOzoJ9IICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tMjc0OTU3NTQ2ODM0MTU3MYAKA8gLAdgTAtAVAYAXAbIXHgocCAASFHB1Yi03OTY4MTQ2NTI1NTk3OTc2GKS_HA&sigh=T7tgOe0hfWc&uach_m=[UACH]&template_id=492&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)
Requested by: Host: ez3c.tw
URL: https://ez3c.tw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s04-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 200 zh_tw.png
tpc.googlesyndication.com/pagead/images/abg/ Frame BDC6 3 KB
3 KB 8ms
7ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/zh_tw.png

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a956a6fe1ee57805393bf1781b32486b4ed9ca402a04320280e59a18bc348a87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Nov 2021 16:07:34 GMT
x-content-type-options: nosniff
server: cafe
age: 56821
etag: 7688947696963022458
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3430
x-xss-protection: 0
expires: Tue, 23 Nov 2021 16:07:34 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame BDC6 344 B
369 B 7ms
6ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: ez3c.tw
URL: https://ez3c.tw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 23 Nov 2021 06:46:14 GMT
x-content-type-options: nosniff
server: cafe
age: 4101
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Wed, 24 Nov 2021 06:46:14 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 04D6 1 KB
749 B 7ms
6ms Document
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 22 Nov 2021 13:26:12 GMT
expires: Tue, 23 Nov 2021 13:26:12 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 66503
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 3757 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 32e24c220f7c74250aed9502ed645fbedc2a2d42be644aa1cda336c8b5623291

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3757 0
23 B 57ms
41ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Tue, 23 Nov 2021 07:54:35 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
DATA 200
OK truncated
/ Frame BDC6 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 82ebc6d450982c5f0150000edbe4acc8ba5efa79d7178397596e0ed20fe02b3f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame BDC6 16 KB
16 KB 21ms
7ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=de

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ez3c.tw
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 05:33:18 GMT
x-content-type-options: nosniff
age: 526877
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:21 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 17 Nov 2022 05:33:18 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame BDC6 15 KB
15 KB 24ms
9ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=de

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ez3c.tw
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 15:45:42 GMT
x-content-type-options: nosniff
age: 490133
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 17 Nov 2022 15:45:42 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 04D6
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEF8_52jy4qLsCjhHLoQura8&google_push=AYg5qPI51h_Xc6eJk_pu3QiKd1MM8YUxsAbdeV6rrBlUjw6Llf39b-azTP...

170 B
188 B

18ms
17ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEF8_52jy4qLsCjhHLoQura8&google_push=AYg5qPI51h_Xc6eJk_pu3QiKd1MM8YUxsAbdeV6rrBlUjw6Llf39b-azTPUtoDgkHPVVdloREycxxpJB9VPfUcGu52L2Sh866fI

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:35 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1637654075.416788,VS0,VE99
x-served-by: cache-fra19128-FRA
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEF8_52jy4qLsCjhHLoQura8&google_push=AYg5qPI51h_Xc6eJk_pu3QiKd1MM8YUxsAbdeV6rrBlUjw6Llf39b-azTPUtoDgkHPVVdloREycxxpJB9VPfUcGu52L2Sh866fI
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 04D6
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESED6dnzuuFJKuNYxRqsDORz0&google_cver=1&google_push=AYg5qPJcZnrpH9l_SgEQLEPDqpMPXJiu6vxCVN_xufL89-066vnxh7Qa2xA_fV6DGkkbC4eDaLeoenlGNFP45oogt8PZwC4NbZI
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C1DD65FACDC44AEB8A8FD8B82F4DF6B1&google_push=AYg5qPJcZnrpH9l_SgEQLEPDqpMPXJiu6vxCVN_xufL89-066vnxh7Qa2xA_fV6DGkkbC4eDaLeoenlGNFP45oo...

170 B
188 B

16ms
15ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C1DD65FACDC44AEB8A8FD8B82F4DF6B1&google_push=AYg5qPJcZnrpH9l_SgEQLEPDqpMPXJiu6vxCVN_xufL89-066vnxh7Qa2xA_fV6DGkkbC4eDaLeoenlGNFP45oogt8PZwC4NbZI

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 23 Nov 2021 07:54:35 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C1DD65FACDC44AEB8A8FD8B82F4DF6B1&google_push=AYg5qPJcZnrpH9l_SgEQLEPDqpMPXJiu6vxCVN_xufL89-066vnxh7Qa2xA_fV6DGkkbC4eDaLeoenlGNFP45oogt8PZwC4NbZI
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 138
expires: Mon, 22 Nov 2021 07:54:35 GMT

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 04D6 0
191 B 65ms
21ms Image
text/plain 66.155.71.25
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEATYzYkRKJ6NMDgnhwW2JtY&google_cver=1&google_push=AYg5qPLyqgByHiCBCQu5FQuwQb154QBNt4JFs_WgMi84qqtHFIlXoPhm2SXTnkw-ZUf2JoGcl2V7R_YqU9_jZhorHOGoQP0iiIg
Requested by: Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.25 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:35 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 04D6
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEJocLPhR2FcIswJrg81IC7c&google_cver=1&google_push=AYg5qPJO5WeaHY8WPw5twEPRf8gnLywAl--kIhME1hjlUS1URdEhm9k9l72Bz0O7vY2BhOLwbZfG-jLQRtS...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJO5WeaHY8WPw5twEPRf8gnLywAl--kIhME1hjlUS1URdEhm9k9l72Bz0O7vY2BhOLwbZfG-jLQRtS8TM5KgzUxCX1yA3c&google_hm=MoOQfItkQC6e0ALFDxTcj04

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJO5WeaHY8WPw5twEPRf8gnLywAl--kIhME1hjlUS1URdEhm9k9l72Bz0O7vY2BhOLwbZfG-jLQRtS8TM5KgzUxCX1yA3c&google_hm=MoOQfItkQC6e0ALFDxTcj04

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:34 GMT
via: 1.1 google
server: Apache-Coyote/1.1
status: 302
p3p: CP="NOI DSP COR NID CUR OUR NOR"
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJO5WeaHY8WPw5twEPRf8gnLywAl--kIhME1hjlUS1URdEhm9k9l72Bz0O7vY2BhOLwbZfG-jLQRtS8TM5KgzUxCX1yA3c&google_hm=MoOQfItkQC6e0ALFDxTcj04
cache-control: no-cache, must-revalidate
content-type: text/html;charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 04D6
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEFglkecr-6jOab8fnILHOAw&google_cver=1&google_push=AYg5qPLpq4zmyB5ibX9L1vY07BXngPmwcVvXJ1Trcjjk9-0BmgVLgiPSdhNjCfslWlY8Zro1gquX28hNNF0tgSgpjjOl...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEFglkecr-6jOab8fnILHOAw&google_cver=1&google_push=AYg5qPLpq4zmyB5ibX9L1vY07BXngPmwcVvXJ1Trcjjk9-0BmgVLgiPSdhNjCfslWlY8Zro1gquX28hNNF0tgS...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPLpq4zmyB5ibX9L1vY07BXngPmwcVvXJ1Trcjjk9-0BmgVLgiPSdhNjCfslWlY8Zro1gquX28hNNF0tgSgpjjOlkRL_sDY&google_hm=YCcuMrb1Q5qDYqYtPBay9w==

170 B
188 B

16ms
16ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPLpq4zmyB5ibX9L1vY07BXngPmwcVvXJ1Trcjjk9-0BmgVLgiPSdhNjCfslWlY8Zro1gquX28hNNF0tgSgpjjOlkRL_sDY&google_hm=YCcuMrb1Q5qDYqYtPBay9w==

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPLpq4zmyB5ibX9L1vY07BXngPmwcVvXJ1Trcjjk9-0BmgVLgiPSdhNjCfslWlY8Zro1gquX28hNNF0tgSgpjjOlkRL_sDY&google_hm=YCcuMrb1Q5qDYqYtPBay9w==
Date: Tue, 23 Nov 2021 07:54:35 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET

pixel
cm.g.doubleclick.net/ Frame 04D6
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwR...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 04D6
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEHylxotPs2a1x0Mlz9T3JaM&google_cver=1&google_push=AYg5qPK3BAGqWO5cFzBewiMULS2jbbMrG3Yk__fuUWi8pq2YAlqlerLvCjwQkInDUR_e2b97HS...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEHylxotPs2a1x0Mlz9T3JaM&google_cver=1&google_push=AYg5qPK3BAGqWO5cFzBewiMULS2jbbMrG3Yk__fuUWi8pq2YAlqlerLvCjwQkInDUR_e2b97HS...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1YTlRPeHhGRTJ1SE1PT09kNGxualcyR3RZUGRTRlhqQ35B&google_push=AYg5qPK3BAGqWO5cFzBewiMULS2jbbMrG3Yk__fuUWi8pq2YAlqlerLvC...

170 B
188 B

30ms
30ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1YTlRPeHhGRTJ1SE1PT09kNGxualcyR3RZUGRTRlhqQ35B&google_push=AYg5qPK3BAGqWO5cFzBewiMULS2jbbMrG3Yk__fuUWi8pq2YAlqlerLvCjwQkInDUR_e2b97HS7dMkKNdon9U94HjVXTuwJlGHEi

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1YTlRPeHhGRTJ1SE1PT09kNGxualcyR3RZUGRTRlhqQ35B&google_push=AYg5qPK3BAGqWO5cFzBewiMULS2jbbMrG3Yk__fuUWi8pq2YAlqlerLvCjwQkInDUR_e2b97HS7dMkKNdon9U94HjVXTuwJlGHEi
date: Tue, 23 Nov 2021 07:54:35 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 04D6 0
12 B 15ms
14ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IhRiCL_8XSC52IKnHYN0scjpmSeHSShWzbax5GQZBJ7iaVwPUwdrU89NvQ7cNSbcoB9PTvLw

Requested by

Host: 1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 07:54:35 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame BDC6
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

63ms
63ms

Image
text/html

2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Protocol: H3
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Redirect headers

date: Tue, 23 Nov 2021 07:54:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/2724103516959114301/ Frame BDC6 19 KB
19 KB 6ms
6ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c46ab36aaf870761c1874ef863b53422268d0e836cb13b4625bf65e6573ebdc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 20:26:30 GMT
x-content-type-options: nosniff
age: 127685
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19394
x-xss-protection: 0
last-modified: Wed, 17 Nov 2021 16:30:23 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 21 Nov 2022 20:26:30 GMT

GET
H3 200 zh_tw.png
tpc.googlesyndication.com/pagead/images/abg/ Frame BDC6 3 KB
3 KB 7ms
7ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/zh_tw.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a956a6fe1ee57805393bf1781b32486b4ed9ca402a04320280e59a18bc348a87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Nov 2021 16:07:34 GMT
x-content-type-options: nosniff
server: cafe
age: 56821
etag: 7688947696963022458
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3430
x-xss-protection: 0
expires: Tue, 23 Nov 2021 16:07:34 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame BDC6 344 B
369 B 7ms
7ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 23 Nov 2021 06:46:14 GMT
x-content-type-options: nosniff
server: cafe
age: 4101
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Wed, 24 Nov 2021 06:46:14 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 209C 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BFA8OO56cYau3C-KV7_UPttW50AQAAAAAOAHgBAI&bg=!xcalxoLNAAZQLpa_UC47ACkAdvg8Wj-f22xktpS4CvLJx6zZq29zGB88E8RfP3c_Am979M-UGvZmDgIAAADfUgAAABBoAQeZAr1Y6zLVOU5jTChKy3dz_TLo90dHFzw90kGHEyZeJODC7c_kHzOhUrg443nvBTx29wuz577GADTC0T4pXHWWGO09cAfIzH0aAG1FX-W-1d4_GWgQRd_vTksDRlRiBtg31FY5vdNBTxaY4PzbLw2BCImjYVxmqDXjEA93-UcWfzKSmZhJECHgGI61bcFU9E0RWGQ7Szwhl0teQ-gzFO6GQAHUf8ZBQY2il-SsKZTLMBaIfUn7iS6vmwx5JBgoWbT7lHeOy5RlOjBDJDIjtZuT3h9xytcnvcXn-tkK5q4jdEQCbU8s0N208aKj47tIUgAQ_R05hyY6ztJ19c90KuFwrBP22_G0jIWFheYyXhD4VnakP7tLp1QTw5TocB9ugxcaEPct6nzwleb722KNlWGBmi2WW9XF4JDs1HN29qNogbQZN9bH8gzA11AQaRX0tMJRkX38t_w42cYvE0cnPf-F8j9xx6DERtU_5P5VXZ3il0Tty20jaeddHxoSGsWNJ_vFh93_zJW_9qeXfYRr9elMqknokdisaJEHusIKmhukXDcI-ty50N3q362qeF2zkDbxUn2OkXmvZ66jK1bBkYJZ3sCvgr7b5lmw9Xk2Y_C8pGHTLxVn2eCy_u0KHOAlhzBZJjwdywo2E1XgIUD9P3xN924S79V_ktqw70nlw6qEDQPFHwxKR3XPhBMX2c0eobIAWciurXR0KnL8G4M_DIoRQF6MKcvv6vpucmPJlvHV6F08KPD1tPLkF5ATzR-Pn9dm_O3iRm__kQz3Uv855-nx1EPGNYg-vQ9H-dArWfJq6EM7GSxdaosw18uMfR-eokrjmIpgRsAqcYT_uQgRnm9ic3AsKlR-A7-dgIVON75MNUtxRb09cZf3pZ8GsBsuTOy5X7kq8McUxuPqjDPQvYQzqNigFKic3OZEGNSZeux7KQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame 3757 7 KB
3 KB 47ms
8ms Script
text/javascript 143.204.98.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=hpeus01&pid=digitas01&cid=1&w=728&h=90&c=digitas01cont8&js=pmw1&base=te-clr1-5cc9364b-823a-4fee-9f0f-5954542cb421
Requested by: Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=digitas01&aid=hpeus01&js=pmw0&cid=1&c=digitas01cont8&w=728&h=90
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-28.fra50.r.cloudfront.net
Software: nginx /
Resource Hash: 41bdf85af76554f57fe75615681fdae3c47e322f0b461ef818f4d3042499d084

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 10:04:06 GMT
content-encoding: gzip
server: nginx
age: 78630
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 6b8ac2d6d64dc42007741d312e2d73ab.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA50-C1
content-length: 2413
x-amz-cf-id: XUoierlW-cab42WI6IjGnWAvifYyO8iQHynlEh02dIy2NCGXUc8V5g==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame 3757 38 KB
11 KB 48ms
9ms Script
text/javascript 143.204.98.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=hpeus01&pid=digitas01&cid=1&w=728&h=90&c=digitas01cont8&js=pmw2
Requested by: Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=digitas01&aid=hpeus01&js=pmw0&cid=1&c=digitas01cont8&w=728&h=90
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-28.fra50.r.cloudfront.net
Software: nginx /
Resource Hash: e15a095adc9899b592ceccdd4885a3be3674a6bf6ec4be762566360424deb1f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 10:03:57 GMT
content-encoding: gzip
server: nginx
age: 78639
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 6b8ac2d6d64dc42007741d312e2d73ab.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: 0HJSuPNeR8etLyJNhK8IJduW4H6YFFJ8ppv_bSVHDi1epOmkT5zVCg==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cap
choices.trustarc.com/ Frame 3757 43 B
394 B 139ms
101ms Image
image/gif 143.204.98.28
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/cap?aid=hpeus01&pid=digitas01&cid=1&w=728&h=90&c=fe3f
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-28.fra50.r.cloudfront.net
Software: nginx /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:36 GMT
via: 1.1 6b8ac2d6d64dc42007741d312e2d73ab.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA50-C1
vary: Origin
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
x-amz-cf-id: urvcf8ygl_r_tlziRQxDeo1tm8eh_Ng94-wrvVxDvKNH_L9xcJ4Zrw==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3757 42 B
64 B 46ms
46ms Fetch
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv4BfjW92BwP8M0TQP5YIU9Mh6HExEjLm_Y_3JLS6iqe03d6uvsyTLGXhfJkA-zvBzPy2jh2akfvrEyhcMAiXG-WASws3e_oAzYLB1xbdn9dYGKBJ-ibw&sai=AMfl-YQaTfO4hguVNgoklPWORqo4c9u8Mm20CiwcsI__xPXJUbWWKlnOAD7tH06lHcQOvUOe1jCdQAXo_FRfA1uZeToDbT1lGHFfuy-qaAHmJyNCZN4qjomw6Bkna1an&sig=Cg0ArKJSzGLblNMeKJ3kEAE&cid=CAASEuRoMeC84u7lcNZUEF_vWVU3mA&id=lidar2&mcvt=1000&p=292,436,382,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211110&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1164308100&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1637654075152&rpt=211&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame BDC6 42 B
64 B 45ms
45ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvyjZhCQOrNDxqPjRb1l0xCqs1kMpT1lua943Ip848BgjnlE5H4PeOn4BekEMHy45HKADOAeuuIEbU3T-DBxVbjVtI__zK-Rp5HKeqcYqBSXBDXYFFRxw&sai=AMfl-YRiPHpfTEOiqIaJsp9kOsB4Y1HDlWrzjB9fAdUaZY2qY9vRXXZ7BUM1b73ZHUHfQRSxTZIFZKYn5k-iFjVkAT2A3TuS6AfGqu162wwRtGNkqkvqJY_nJW-x1tk-&sig=Cg0ArKJSzJorMQs0inDLEAE&cid=CAASF-RonaPg6d9FkqvQGAUiBXTi5qekN1S0&id=ampim&o=1055,1033&d=430,289&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,0,1000,1000&tos=0,0,0,1000,0&tfs=110&tls=1110&g=63.3217990398407&h=63.3217990398407&tt=1110&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=133098304

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ez3c.tw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 07:54:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: an.9ez.me
URL: http://an.9ez.me/index.php?module=Counter&action=live&id=2

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtHnfVBNtca26&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2Up2tXLQa-I&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwRtXINkjERg&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1

Verdicts & Comments Add Verdict or Comment

158 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

46 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.google.com/	1970-01-20 03:17:45	Name: NID Value: 511=EIpuBVoCUQ_joAMxf5wMgeHRzxpEL1063QID1Q3jI9o9naTFgjJLGQUP_mYv7X_i8o_Pdr6FDL35HnoS2JO3TXkJ0Ym-RUtzcHGnbU7W5GFbujey4tniiNREyEjNBw-bEfUtRjW6IlKUHU1LXsbX3KnY3nSSySyil8qThf9ZtdY
.ez3c.tw/	1970-01-20 08:15:50	Name: __gads Value: ID=f370b22736d2308d:T=1637654072:S=ALNI_MaUu5n_LaBkDWMTOs72bXpn51qngQ
.doubleclick.net/	1970-01-20 08:15:50	Name: IDE Value: AHWqTUkULgdoAjZEFW1Q4ms7ZyjXzglGieFcryvemuuhhGPFA2weDktEcAWtE6Pl-xw
.breaktime.com.tw/	1970-01-20 16:25:26	Name: cat_trid Value: 5ca465fd-8356-4a28-a228-6e0485c7beb3.1637654072.8437629
.ez3c.tw/	1970-01-19 22:55:40	Name: cat_trid Value: 5ca465fd-8356-4a28-a228-6e0485c7beb3.1637654072.8437629
.ez3c.tw/	1970-01-20 16:25:26	Name: _ga Value: GA1.2.436402978.1637654072
.ez3c.tw/	1970-01-19 22:55:40	Name: _gid Value: GA1.2.632782820.1637654073
.ez3c.tw/	1970-01-19 22:54:14	Name: _gat Value: 1
ez3c.tw/	1970-01-20 08:20:09	Name: _pk_id.2.efe6 Value: eab43343f61a70cd.1637654074.1.1637654074.1637654074.
ez3c.tw/	1970-01-19 22:54:15	Name: _pk_ses.2.efe6 Value: 1
.ez3c.tw/	1970-01-20 01:03:50	Name: _fbp Value: fb.1.1637654073656.2012609060
.rlcdn.com/	1970-01-20 07:39:50	Name: rlas3 Value: svaFF5wGnjDmV3+MKXO3ww4LjTpU3sJs0wlhfxnLbwM=
.quantserve.com/	1970-01-20 01:03:50	Name: d Value: EFkBCQHlJIEA
.quantserve.com/	1970-01-20 08:24:28	Name: mc Value: 619c9e3a-0ad61-8e33f-014ea
.rlcdn.com/	1970-01-20 00:20:38	Name: pxrc Value: CLq88owGEgUI6AcQABIGCOndKhAA
.pubmatic.com/	1970-01-19 22:55:40	Name: KTPCACOOKIE Value: YES
.openx.net/	1970-01-20 07:39:50	Name: i Value: aa1a3576-81d0-43c0-88e6-0dd02b92cfa3\|1637654074
.pubmatic.com/	1970-01-20 01:03:50	Name: KADUSERCOOKIE Value: 5E7AC142-2E82-41FF-9A0F-7788B54B1D0E
.casalemedia.com/	1970-01-20 01:03:50	Name: CMPS Value: 5229
.adnxs.com/	1970-01-20 01:03:50	Name: uuid2 Value: 2719290270409014386
.casalemedia.com/	1970-01-20 01:03:50	Name: CMPRO Value: 1123
.redintelligence.net/	1970-01-20 01:03:50	Name: 8lcfmzhxc8d6_uid Value: 0cf14b275e810a2b
.casalemedia.com/	1970-01-19 22:55:40	Name: CMST Value: YZyeOmGcnjsA
.casalemedia.com/	1970-01-20 07:39:50	Name: CMID Value: YZyeOzw-CvHKBG65WPqalQAA
.innovid.com/	1970-01-20 01:03:50	Name: uuid Value: 36711412-7c75-49cb-86db-072d8b244e6f-20211123 02:54:35
.doubleclick.net/	1970-01-19 22:54:17	Name: DSID Value: NO_DATA
.e.dlx.addthis.com/	1970-01-20 08:24:28	Name: na_tc Value: Y
.adnxs.com/	1970-01-20 01:03:50	Name: anj Value: dTM7k!M41.D>6NRF']wIg2In6f05tV!]td!8i_iqf!oN/@E'zz<Z0QZl/G$AgA7(x)riE'4w>A8YrUSHOPLXv//<QG=%9sk@3@'s>TKpeQ
.casalemedia.com/	1970-01-20 07:39:50	Name: CMRUM3 Value: 2d619c9e3b2760CAESEG539ynz_Kqgrjg4ZbLLPzo
.addthis.com/	1970-01-20 08:24:28	Name: na_id Value: 2021112307543500013829789831
.addthis.com/	1970-01-20 08:24:28	Name: na_tc Value: Y
.addthis.com/	1970-01-20 08:24:28	Name: uid Value: 619c9e3b88238a94
.addthis.com/	1970-01-20 08:24:28	Name: ouid Value: 619c9e3b00010d9cb992980f7ac5ec6212ea74450c6a2d917c62
.dlx.addthis.com/	1970-01-19 23:37:26	Name: na_rn Value: 0
.dlx.addthis.com/	1970-01-19 23:37:26	Name: na_sr Value: 20211123
.dlx.addthis.com/	1970-01-19 22:54:14	Name: na_srp Value: 3614
.dlx.addthis.com/	1970-01-19 23:37:26	Name: na_sc_e Value: 0
.bidswitch.net/	1970-01-20 07:39:50	Name: tuuid Value: 60272e32-b6f5-439a-8362-a62d3c16b2f7
.bidswitch.net/	1970-01-20 07:39:50	Name: c Value: 1637654075
.bidswitch.net/	1970-01-20 07:39:50	Name: tuuid_lu Value: 1637654075
.ctnsnet.com/	1970-01-20 07:39:50	Name: cid_3283907c8b64402e9ed002c50f14dc8f Value: 1
.yahoo.com/	1970-01-20 07:40:11	Name: A3 Value: d=AQABBDuenGECEE1VvBVibhmByxlHCYAok28FEgEBAQHvnWGmYQAAAAAA_eMAAA&S=AQAAAkJBgYZBlcI0vHvCEPgEE1I
.simpli.fi/	1970-01-20 07:41:16	Name: suid Value: C1DD65FACDC44AEB8A8FD8B82F4DF6B1
.bidswitch.net/	1970-01-19 22:54:14	Name: google_push Value: AYg5qPLpq4zmyB5ibX9L1vY07BXngPmwcVvXJ1Trcjjk9-0BmgVLgiPSdhNjCfslWlY8Zro1gquX28hNNF0tgSgpjjOlkRL_sDY
.analytics.yahoo.com/	1970-01-20 07:41:16	Name: IDSYNC Value: 18yx~21ov
.everesttech.net/	1970-01-20 07:39:50	Name: everest_g_v2 Value: g_surferid~YZyeOwAGt7jf7QBG

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&annotation=none&hl=zh-TW&origin=https%3A%2F%2Fez3c.tw&url=https%3A%2F%2Fez3c.tw%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__#_methods=onPlusOne%2C_ready%2C_close%2C_open%2C_resizeMe%2C_renderstart%2Concircled%2Cdrefresh%2Cerefresh%2Conload&id=I0_1637654071974&_gfid=I0_1637654071974&parent=https%3A%2F%2Fez3c.tw&pfname=&rpctoken=49590711 Message: Failed to load resource: the server responded with a status of 404 ()
javascript	warning	URL: https://www.googletagservices.com/tag/js/gpt.js(Line 9) Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
security	error	URL: https://an.9ez.me/index.php?module=Counter&action=live&id=2&type=js Message: Mixed Content: The page at 'https://ez3c.tw/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://an.9ez.me/index.php?module=Counter&action=live&id=2'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html(Line 12) Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html".
other	warning	URL: https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs(Line 2) Message: Unrecognized feature: 'attribution-reporting'.
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOtfzvLU6AKtB-HMhAQAABGMAAAAB&google_push=AYg5qPLD3HioWbHVkVHjr2VrHcWQ3zmuLi6SXrU84f_Ey-pK9sy8SFoqokEYa5Y8HAhJQc3V3SSxWANAzGgfknNI2Up2tXLQa-I&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPI67QVnjIReX-ZuSZs98MojOBojNyS7ATGLAO7mRlGxq54uftR6WjigXkCFcemllOiBDDiDXkXV-HwhtiPqtHnfVBNtca26&google_cver=1&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZyeOzw_CvHKBG65WPqalQAABGMAAAAB&google_push=AYg5qPJ83BVy-GaPKKyS8L7u4K32OTvO-zqklVHWtw6xuWC3YCW5RVDRBcla8yNK2LLWUp6zMbrzdvTHJyroEKjpwRtXINkjERg&google_gid=CAESEPTKOLqJ9TD7SYGuXh6JEAg&google_cver=1 Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1677ac76ef85aa7b329dde3628b315e6.safeframe.googlesyndication.com
5994599.fls.doubleclick.net
a.breaktime.com.tw
accounts.google.com
adservice.google.com
adservice.google.de
ag.innovid.com
ajax.googleapis.com
alliance.breaktime.com.tw
an.9ez.me
apis.google.com
article.adhacker.online
bid.g.doubleclick.net
campaign.breaktime.com.tw
catalyst.breaktime.com.tw
cdn.ampproject.org
cdn.contentspread.net
choices.trustarc.com
choices.truste.com
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
dsum-sec.casalemedia.com
e.dlx.addthis.com
ez3c.tw
fonts.googleapis.com
fonts.gstatic.com
gcm.ctnsnet.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900018.redintelligence.net
i0.wp.com
ib.adnxs.com
id.rlcdn.com
image6.pubmatic.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pixel.everesttech.net
pixel.rubiconproject.com
power.adhacker.online
powerads.breaktime.com.tw
rtb.openx.net
s0.2mdn.net
sdk.truepush.com
sdki.truepush.com
securepubads.g.doubleclick.net
ssl.gstatic.com
static.doubleclick.net
stats.g.doubleclick.net
sync-tm.everesttech.net
tpc.googlesyndication.com
um.simpli.fi
ups.analytics.yahoo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
an.9ez.me
cm.g.doubleclick.net
103.231.212.226
104.76.200.221
13.75.71.72
137.116.169.173
138.201.84.252
142.250.13.154
142.250.184.230
142.250.185.66
142.250.186.34
143.204.98.27
143.204.98.28
144.76.91.199
151.101.66.49
159.122.14.34
172.104.98.174
18.156.0.31
192.0.77.2
198.47.127.19
2.18.234.21
207.46.146.168
2600:9000:2156:f800:7:6b7b:1000:93a1
2606:4700:3036::ac43:aa6b
2606:4700:3036::ac43:d98a
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2620:1ec:bdf::44
2a00:1450:4001:801::2003
2a00:1450:4001:802::2002
2a00:1450:4001:808::2002
2a00:1450:4001:809::2002
2a00:1450:4001:80e::200a
2a00:1450:4001:80e::200e
2a00:1450:4001:810::2006
2a00:1450:4001:811::2001
2a00:1450:4001:811::2003
2a00:1450:4001:811::2004
2a00:1450:4001:811::200e
2a00:1450:4001:813::2001
2a00:1450:4001:827::2001
2a00:1450:4001:827::200a
2a00:1450:4001:828::2006
2a00:1450:4001:82b::2003
2a00:1450:4001:82b::200d
2a00:1450:4001:830::2002
2a00:1450:4001:830::2008
2a00:1450:400c:c1b::9b
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
2a05:d01c:1d8:8100:f976:bfd0:751d:6023
3.122.152.23
34.96.103.78
35.186.193.173
35.227.252.103
35.244.138.40
35.244.174.68
37.252.172.250
51.75.147.170
52.89.234.250
66.155.71.25
69.173.144.138
0312ad5376fa0248eaa064cb09032971612ac283488537c5e22375cd50b90080
04082cfaa14c7a04a29bf53810bda0de1aa03910090a4aeffb198f4e8bbf70d2
055953a53aba79b35307f8bd102eec21b0b281bf57d9e7c104eb485df994f61a
0670c75945a5bd740db64abc7b2e53e0cc4061879f6c4185565b9f6c867fa6f3
08b6b4397d4c9e815835e6019591402a48a8b32de5192723c9c4f9db0113ca82
0995371a359a4a701d66f8b183de6144de9a042e5bac84b6f920968f51567742
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11b091cc4eacaead13a59a443edbb0b0d3e1440804668fd77e72c514e7dd83d5
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13e77b91347f86480149b780bf2a79dc36a39c1a9cd61441bb95f39f07b38580
146dadbae382b771da516da9f824e93d54c58460a3ac951f85d719b1a29f283d
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1a18370584b2073690668ef1982674be8d0566bd4b1de25f7031584e961fef5c
1cc6b66cc42418608faeed8ae5f6fb3cd8f559f9dcf0be3d7a340c5351847a65
20c22cb555440afed2238ca105078ad33a7faa88cd28314bcde40d1fb889c603
230652178330f5e462a1ab5c01b64f5dc8be8cbdf9f6693ba7e067ab78e32649
23ef33989f2db4e8afde93e57b1534aeca826f6c70e794a9d7a418fea9a58614
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
25aff3a4b54bd174fe81fb7e421890b6523ab063aa1d45f53fbfc8e26b477926
2a6ffa1c4a0c1c63f259a4a578fd398b47fee7705b2a292c3dec64e71c381d88
2b0ae969ae76514eaa17464176b98e2f09723241e3caa368891514ebe29a9805
2d6d2f0d6f3108228d1288f7a02149d8f1aa0ff8ede7e15fc4d37ea5c6b23427
2ddefcdc9f260c5ffeb93fed110fe9d929028226f9a2d8a4934ea52b546e9640
2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27
31f341d9512d92e86272796cd2e7af38853c8a9799e6da4eb23a07fb94670fef
32e24c220f7c74250aed9502ed645fbedc2a2d42be644aa1cda336c8b5623291
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
36a79135803869f257cae495ca43ee3d321aaaa2ea929856859444522d64cca8
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019
3d76ab4ac854cafef51bbbb5177ea75816df90e3c775294991a016404f2b6bb5
3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc
40c2785dfb386d6c3cea52f22c31c6c95d233c7898ffb2bf883263635522c37d
40e884911366eb8d506ac291137c810e25c38ae0007faeb689c5c7c806de1128
41bdf85af76554f57fe75615681fdae3c47e322f0b461ef818f4d3042499d084
42e4b568436b29320d64d25114e0c6681f90282220ce6424bf116d7409397e5c
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
516aff422690e217e970f5a74619853d0996d234729620a18d7a17ea5cdf2c4f
53b432abc7b7bca1b37ea5a8eff17f1cf42c6bfee994afdac382516816eba433
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5514b0e495dae2c040f946c4a3772c25ef78d93b6bdcf6cfc185335e35aa944c
5a98d3f21c2cef2241e0ce7f4cc7fd5dd01596a3f813f5f0665efdd8496844d8
5bbe3fc1b22e847e9b39b5e3d2e0a3a1d7bc3f0881af180e2a702aa3a4a10266
5cedd5abd94d64b07e3779451d057665572b89caa8b445a5e9efa42bad9c4274
5d4bb7a48d44669abe68bd5ce8c93c6e8da5994ba90a1bbba1f704439bbe673f
5d61bef89d6850c7459614ce542bb9be2daf8a7d68d270033b85a0d619ef4aea
61ead988d9376b912755ac1fcd6acb02289cc3a147d9a9348746292924d3bc10
65623c8434f7dadaba113a4521a101729ee3e6635e4412f2ccc99fbe6412d15e
65f0b0de8351a09d3a6ec9994413c2afab36cd2f9559456c65767156b36646cd
65f6185cfe1cf88fa7981160dd6fa443e111887215b72953718ea70f8e2ba9f2
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c34c29159e84f975593adf20279d25858e123b313a9d9d91f4b4bb9985f316e
731a157d3072a385b637c43baa5c36e4e6bdbd073bccee20d1cb2e7b2bcaf0b7
7612df0e0c7882cb1fbb3f6807d3cc1693a12956d89b37c1742c57da869aca7e
7706a1ea2aa153a4cac470858e533ce726fea694cad2ed8b644ae6e048a44325
7b7f6080daa3424a7ee06128fd34192c8541bff380eb6c5715a078b9baa08e86
7c288b056d63c25eaaeaef83209c998c9818cf44e3f25a873fb9213c94de3b77
82ebc6d450982c5f0150000edbe4acc8ba5efa79d7178397596e0ed20fe02b3f
89a13fc47508559e3db84e9ab60fdc897a56a1886e877b79d12c2fdce40a40a0
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
8eafae90e922e80ecb3787faea43b951a5644f0d68243982b22ffdfc58ef6bba
96fbc41b75ac8ae32dab31504804d5f5072478d8998c33977366ea51eebad222
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
98ba8f881333898d751dabe4f8b4cacc4489a9f5b6b4fd1fc67c571dbfec95cf
9954128ade72466d5b3c09ea540f20727bf518f4d4153f3256d0f90841ad00f4
9a630b852e94f20cb8140704fd830bf40bfea0a2effaa67d06a0eadafbf3d508
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b5312cb2f154f2bd64ee8746195a63df254d10bfd107a61eec3d5d38dd48bff
9b5af2d645b4d3c1a49b23dd3327c04fc68fbf98ba1ce76c2254808ebb2771c2
9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763
9de8cb84aab4ed112ba924debdcec7b2b2554ef39790699c124e6339ef574d87
9e6244f235eec2d2a33b83f45f5486ec84902863a8e8a664a0b3e9c571f05dec
9e97fc43ecd2f16948c3a8d2de65e0e5483db4ed5ab174058c178ca1c8665d0b
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0c682848883ffbc697f6d5b20b3160899d6ede535ffa542c75964d2a50b61b5
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5123ebcdf73f832310531a03ba253496737d1d005b3d4e41fc5a7d4f6179677
a5aff79eed89a168c40dd92a3442a6580d25ccd6a20855d1d7f3c6b02e26073d
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a80e0f0695037adf252b2759fa918d09691bfd1c23e6f65cbae0842e1906b117
a956a6fe1ee57805393bf1781b32486b4ed9ca402a04320280e59a18bc348a87
a9d32569717c711d16fd1fad7cb01cf758d10ecd8de39d338a02fe65fdc347b0
aba50422c3d485e5d87b92f9454be174b64b05fe637517d5dc689f0b9b76edda
ac15d1868a55adcea61641c78efbb86feda3a65882f21bfe9fedd7348fb54be8
ad3e012b606e8906e0106aa972ae26954d08d76f16e03bdd67bf4813ba0bd183
aec49c5dedcde3e6b7173f710df1cbada33c72f8d57de85e8fd9cc91b5da3170
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b22ddbae9612541b2987d1358c750e62d3ca417553b549a62bedf3c82ccc5e6f
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
b5f09463fe5d9155d8c5dc7a01a77f94f13b934c98d6abca8ce5d46e76295ea3
b657be18160d7729c28d6b4d3e0206b0d0cd23b37c0a0ab110451bd477c5c9a1
b66531f1f48140c6a74307de8df2e5d3e514061c66a6da3f189ec928c443db69
b882b5c106010cd0fe50a1490773c30b4fd259542f7d4c3105289f99218eba57
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
be1270137dbac98e3b3454d0228f472973182d113ad27140ed90a1d17a71374f
c16630f9dd1f60ba0372d78e2547922c1128227ae2ca29286a0b5ae194a1af3d
c1f3dc6e29b99851cde4f5e44b0e13b20ada0f94ef19fab1c8eb48bff8036981
c2b34ba999a4a33421f0b959dfd5df6ce1a549d72475c039457eb91d9794cf4b
c3ab98a11303695462aaa63309ffa207915c6ec8c6f514c6193cfa57c6796d8d
c46ab36aaf870761c1874ef863b53422268d0e836cb13b4625bf65e6573ebdc9
c6a555d5e06b0644ffd1007a75ce878d0af20e5263b6a83573301aa4a53db044
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cca55582fffc70dc5c7304785d5443b1837c9a7a74a7845dd5e5a963110aefde
d0a9b8dbc407b084f51df64bfba76b772b9541468cb7e618db028c6250832484
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
d2afa0ccf121465b291b716fcab64571577ef36f8e5d265db44741abca883a7d
d395b769c7820ff85696a06afce74d80646512e8c18c90e1278c8e4ab2e8f5b4
d6fac87a6c47841000f3671db689a4ff243d8e674199d6bc236c7a32e143648e
d806fbf706d44e3f70c84eb278b8eccfbb6f746a9da03fc8e8e8807c2d788f42
d8a6f2a85533d8b0a3572be5fa46cb09629d8f54f28bf40c52e0878d68caa046
dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139
dc10eb4c3193b2a9e85d3e011075c703c98d79e86dee2c8647311db2f1dfeb4b
dc222f51d7a4cd2661eff195c5079838659f5be62d905b5c94866e80eb637ff3
de418fdfa1d02a219d049bb1cd8562182c4201c67f6b9d0e2f67f21a476e1096
e02bace25720e8fee14c21ab0ff5ddedb755323502e4ff0431bcf889cf33c90a
e15a095adc9899b592ceccdd4885a3be3674a6bf6ec4be762566360424deb1f3
e2342b44bde3e9ef025765b66924a81d4c3e4bd387c6ae04d1822835828386e6
e34da8bcc5cecbb4fd81779f88a5d113ee7109562ee83074e20379d85277cc12
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3f7ed104af117a8b17fb513ff0c084c86e5ed476665e3a6342e0fb06cf1bbd9
e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00
eb3cf3b351ada65840427ddebd38aae40ab819cec6c415c2484c02aee6bf27f4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f31aa684d6ac4068eb11eadfcff7b62fcefe09d4c27ccd390fda72a6ecb27993
f353470584807f405c45ef867d5eccb1b1bdd14288384d8ff192dbf09207ee5a
f7c4759ccb1e0352982c142a1ffa635b3d02cdbe43ef21f0e57761c638536de2
f8a634394502852cfaf9def88f0780fc60df9fa9482b75db9a418d39553f744b
f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a
f96c787067a53233c7755f94dd496a1596a3c296edef82cce271106a9e789af1
fc5e8c379c47a6c161eece78f90d40766ab2142a3ec5a587ee66d482d0aba9d6
fe38c0ddbac843778296d690916388ad33ba4faf8a7ab77cd6e2539c33b1a876
ff0345339160683aa4465feb226b774134d63c6990c06d72f6018090b79c2d8c
ff6102ad6aade68f0e2f51c40d4433889b5d4f973514048ff08f5f60437f6f2e
fff9f90157f74d962a11cb0cdb2b9d1316ba4ebf4049d027cd56cff72dba548b

ez3c.tw Open in urlscan Pro 2606:4700:3036::ac43:d98a Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

222 Requests

86 %HTTPS

47 %IPv6

38 Domains

61 Subdomains

49 IPs

8 Countries

3450 kBTransfer

6702 kBSize

46 Cookies

12 Outgoing links

Page URL History

Redirected requests

222 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

ez3c.tw Open in urlscan Pro
2606:4700:3036::ac43:d98a Public Scan

Screenshot
Live screenshot

Full Image

222
Requests

86 %
HTTPS

47 %
IPv6

38
Domains

61
Subdomains

49
IPs

8
Countries

3450 kB
Transfer

6702 kB
Size

46
Cookies

222 HTTP transactions
7 data transactions