wes-net-q8.sopq-net-q8.xyz Open in urlscan Pro
2606:4700:3033::ac43:b608 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://wes-net-q8.sopq-net-q8.xyz/
Effective URL:
https://wes-net-q8.sopq-net-q8.xyz/shaden/
Submission: On December 14 via manual (December 14th 2022, 5:36:49 pm UTC) from AE — Scanned from DE

Summary HTTP 307 Redirects Links 100 Behaviour Indicators

Summary

This website contacted 45 IPs in 10 countries across 50 domains to perform 307 HTTP transactions. The main IP is 2606:4700:3033::ac43:b608, located in United States and belongs to CLOUDFLARENET, US. The main domain is wes-net-q8.sopq-net-q8.xyz.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 13th 2022. Valid for: a year.

This is the only time wes-net-q8.sopq-net-q8.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3 6	2606:4700:303... 2606:4700:3033::ac43:b608	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
25	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1 2	23.111.8.154 23.111.8.154	33438 (STACKPATH) (STACKPATH)
1	2606:4700::68... 2606:4700::6810:5514	13335 (CLOUDFLAR...) (CLOUDFLARENET)
31	212.138.115.17 212.138.115.17	8895 (ISU Inter...) (ISU Internet Services Unit ISU)
3	212.138.115.18 212.138.115.18	8895 (ISU Inter...) (ISU Internet Services Unit ISU)
1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
8	2606:4700:10:... 2606:4700:10::6816:46c5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	46.105.201.240 46.105.201.240	16276 (OVH) (OVH)
1	149.56.240.132 149.56.240.132	16276 (OVH) (OVH)
11	2.23.192.118 2.23.192.118	16625 (AKAMAI-AS) (AKAMAI-AS)
32	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
73	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
2	2606:2800:234... 2606:2800:234:46c:e8b:1e2f:2bd:694	15133 (EDGECAST) (EDGECAST)
2	2a03:2880:f08... 2a03:2880:f080:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	88.221.169.143 88.221.169.143	16625 (AKAMAI-AS) (AKAMAI-AS)
2	212.138.183.12 212.138.183.12	8895 (ISU Inter...) (ISU Internet Services Unit ISU)
1	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
6 12	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
12	2606:4700:20:... 2606:4700:20::681a:bd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:fa8:8806... 2a02:fa8:8806:16::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
2 2	35.204.158.49 35.204.158.49	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3 19	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
2 2	216.52.2.48 216.52.2.48	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
1 1	2600:9000:223... 2600:9000:223f:de00:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	185.86.137.122 185.86.137.122	201081 (SMARTADSE...) (SMARTADSERVER)
1 2	51.89.9.251 51.89.9.251	16276 (OVH) (OVH)
2 4	23.218.209.56 23.218.209.56	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	185.29.134.244 185.29.134.244	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
2 2	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 2	213.155.156.166 213.155.156.166	1299 (TWELVE99 ...) (TWELVE99 Arelion)
1 1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
2 2	3.64.108.88 3.64.108.88	16509 (AMAZON-02) (AMAZON-02)
1	2620:116:800d... 2620:116:800d:21:e365:4988:e8a7:3270	16509 (AMAZON-02) (AMAZON-02)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
3 3	213.19.147.45 213.19.147.45	26120 (RHYTHMONE) (RHYTHMONE)
2 2	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:20:... 2606:4700:20::681a:71b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
1	2600:1901:0:7... 2600:1901:0:76b9::	15169 (GOOGLE) (GOOGLE)
2	2606:4700:20:... 2606:4700:20::681a:ad1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 4	142.250.185.198 142.250.185.198	15169 (GOOGLE) (GOOGLE)
4 4	84.200.5.215 84.200.5.215	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
1	46.4.62.19 46.4.62.19	24940 (HETZNER-AS) (HETZNER-AS)
1	78.46.85.162 78.46.85.162	24940 (HETZNER-AS) (HETZNER-AS)
1 1	23.67.134.223 23.67.134.223	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700::68... 2606:4700::6812:7e05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a03:2880:f12... 2a03:2880:f128:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
307	45

6 2606:4700:3033::ac43:b608 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

wes-net-q8.sopq-net-q8.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com.sa	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.111.8.154 (United States) 1 redirects

ASN33438 (STACKPATH, US)

oss.maxcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 212.138.115.17 (Ta'if, Saudi Arabia)

ASN8895 (ISU Internet Services Unit ISU, SA)

www.spa.gov.sa	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 212.138.115.18 (Ta'if, Saudi Arabia)

ASN8895 (ISU Internet Services Unit ISU, SA)

cdn.spa.gov.sa	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

www.mslslat.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:10::6816:46c5 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.105.201.240 (France)

ASN16276 (OVH, FR)

s10.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 149.56.240.132 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: ns534300.ip-149-56-240.net

s4.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2.23.192.118 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-23-192-118.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api-public.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

73 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:46c:e8b:1e2f:2bd:694 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f080:9:face:b00c:0:3 (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.221.169.143 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a88-221-169-143.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 212.138.183.12 (Riyadh, Saudi Arabia)

ASN8895 (ISU Internet Services Unit ISU, SA)

stgcdn.spa.gov.sa	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany) 6 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700:20::681a:bd1 (United States)

ASN13335 (CLOUDFLARENET, US)

as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:16::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.204.158.49 (Groningen, Netherlands) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.158.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 172.217.23.98 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.48 (United States) 2 redirects

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223f:de00:1b:5138:8a40:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.137.122 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.89.9.251 (London, United Kingdom) 1 redirects

ASN16276 (OVH, FR)
PTR: ip251.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.218.209.56 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-209-56.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.134.244 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.197.193.217 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.114.159.93 (Tuttlingen, Germany) 2 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.166 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)
PTR: 213-155-156-166.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.126.56.137 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.64.108.88 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-64-108-88.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:e365:4988:e8a7:3270 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.19.147.45 (United Kingdom) 3 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.245.213 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:71b (United States)

ASN13335 (CLOUDFLARENET, US)

static-de.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:76b9:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

prod-rtb.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:ad1 (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.198 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 84.200.5.215 (Germany) 4 redirects

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)

www.telefonica-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.lead-alliance.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.4.62.19 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: nonstopads4.sunbonet.de

partner.o2online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 78.46.85.162 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: nonstopads1.sunbonet.de

partner.blau.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.67.134.223 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-67-134-223.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:7e05 (United States)

ASN13335 (CLOUDFLARENET, US)

www.conrad.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f128:83:face:b00c:0:25de (Sofia, Bulgaria)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
98	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 101 tpc.googlesyndication.com — Cisco Umbrella Rank: 139	1 MB
53	doubleclick.net 7 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 34 cm.g.doubleclick.net — Cisco Umbrella Rank: 208 ad.doubleclick.net — Cisco Umbrella Rank: 161	329 KB
36	spa.gov.sa www.spa.gov.sa — Cisco Umbrella Rank: 169988 cdn.spa.gov.sa stgcdn.spa.gov.sa	1 MB
22	gstatic.com www.gstatic.com fonts.gstatic.com	363 KB
15	google.com 6 redirects adservice.google.com — Cisco Umbrella Rank: 72 www.google.com — Cisco Umbrella Rank: 2 Failed	1 KB
14	ad4m.at as.ad4m.at — Cisco Umbrella Rank: 28664 ad4m.at — Cisco Umbrella Rank: 9760 assets.ad4m.at — Cisco Umbrella Rank: 37651	378 KB
10	addthis.com s7.addthis.com — Cisco Umbrella Rank: 1678 m.addthis.com — Cisco Umbrella Rank: 1627 api-public.addthis.com — Cisco Umbrella Rank: 4465	219 KB
8	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 3938	30 KB
7	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 188	327 KB
7	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 37 Failed	6 KB
6	sopq-net-q8.xyz 3 redirects wes-net-q8.sopq-net-q8.xyz	19 KB
4	teads.tv 2 redirects sync.teads.tv — Cisco Umbrella Rank: 1225	957 B
3	twitter.com platform.twitter.com — Cisco Umbrella Rank: 740 syndication.twitter.com — Cisco Umbrella Rank: 1034 Failed	13 KB
3	google.de adservice.google.de — Cisco Umbrella Rank: 8549	1 KB
2	lead-alliance.net 2 redirects www.lead-alliance.net — Cisco Umbrella Rank: 71689	732 B
2	telefonica-partner.de 2 redirects www.telefonica-partner.de — Cisco Umbrella Rank: 73979	512 B
2	ad4mat.net static-de.ad4mat.net — Cisco Umbrella Rank: 126078 prod-rtb.ad4mat.net — Cisco Umbrella Rank: 89292	4 KB
2	3lift.com 2 redirects eb2.3lift.com — Cisco Umbrella Rank: 335	1022 B
2	1rx.io 2 redirects sync.1rx.io — Cisco Umbrella Rank: 497	2 KB
2	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 282	1 KB
2	yahoo.com 2 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 279	799 B
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 4459	654 B
2	adition.com 2 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1427	1 KB
2	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 690	491 B
2	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 581	1 KB
2	simpli.fi 2 redirects um.simpli.fi — Cisco Umbrella Rank: 759	1 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 149	89 KB
2	histats.com s10.histats.com — Cisco Umbrella Rank: 18347 s4.histats.com — Cisco Umbrella Rank: 15345	5 KB
2	maxcdn.com 1 redirects oss.maxcdn.com — Cisco Umbrella Rank: 42865	2 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 110	3 KB
1	conrad.de www.conrad.de — Cisco Umbrella Rank: 59744	639 B
1	awin1.com 1 redirects www.awin1.com — Cisco Umbrella Rank: 14058	696 B
1	blau.de partner.blau.de — Cisco Umbrella Rank: 90883	1 KB
1	o2online.de partner.o2online.de — Cisco Umbrella Rank: 81505	1 KB
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 905	618 B
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 567	98 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 639	464 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 309	465 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 315	265 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 434	865 B
1	smartadserver.com ssbsync.smartadserver.com — Cisco Umbrella Rank: 761	75 B
1	smaato.net 1 redirects s.ad.smaato.net — Cisco Umbrella Rank: 655	445 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 2338	104 B
1	addthisedge.com v1.addthisedge.com — Cisco Umbrella Rank: 1903	974 B
1	moatads.com z.moatads.com — Cisco Umbrella Rank: 389	1 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 29	20 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 830	702 B
1	mslslat.info www.mslslat.info	46 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 381	3 KB
1	google.com.sa www.google.com.sa — Cisco Umbrella Rank: 38639	2 KB
307	50

	Domain	Requested by
73	tpc.googlesyndication.com	googleads.g.doubleclick.net tpc.googlesyndication.com wes-net-q8.sopq-net-q8.xyz pagead2.googlesyndication.com
31	www.spa.gov.sa	wes-net-q8.sopq-net-q8.xyz www.spa.gov.sa
30	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net www.spa.gov.sa wes-net-q8.sopq-net-q8.xyz
25	pagead2.googlesyndication.com	wes-net-q8.sopq-net-q8.xyz pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
19	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net wes-net-q8.sopq-net-q8.xyz
18	fonts.gstatic.com	fonts.googleapis.com
12	www.google.com	googleads.g.doubleclick.net tpc.googlesyndication.com
8	static.addtoany.com	wes-net-q8.sopq-net-q8.xyz static.addtoany.com www.spa.gov.sa
7	www.googletagservices.com	googleads.g.doubleclick.net
7	fonts.googleapis.com	tpc.googlesyndication.com googleads.g.doubleclick.net
6	assets.ad4m.at	as.ad4m.at
6	s7.addthis.com	wes-net-q8.sopq-net-q8.xyz s7.addthis.com www.spa.gov.sa
6	wes-net-q8.sopq-net-q8.xyz	3 redirects www.google.com.sa wes-net-q8.sopq-net-q8.xyz
4	ad.doubleclick.net	4 redirects
4	ad4m.at	as.ad4m.at ad4m.at
4	sync.teads.tv	2 redirects googleads.g.doubleclick.net wes-net-q8.sopq-net-q8.xyz
4	as.ad4m.at	googleads.g.doubleclick.net as.ad4m.at ad4m.at
4	www.gstatic.com	wes-net-q8.sopq-net-q8.xyz googleads.g.doubleclick.net
3	api-public.addthis.com	s7.addthis.com
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.de	pagead2.googlesyndication.com
3	cdn.spa.gov.sa	wes-net-q8.sopq-net-q8.xyz
2	www.lead-alliance.net	2 redirects
2	www.telefonica-partner.de	2 redirects
2	eb2.3lift.com	2 redirects
2	sync.1rx.io	2 redirects
2	x.bidswitch.net	2 redirects
2	ups.analytics.yahoo.com	2 redirects
2	d5p.de17a.com	2 redirects
2	dsp.adfarm1.adition.com	2 redirects
2	onetag-sys.com	1 redirects googleads.g.doubleclick.net
2	ap.lijit.com	2 redirects
2	um.simpli.fi	2 redirects
2	stgcdn.spa.gov.sa	wes-net-q8.sopq-net-q8.xyz
2	connect.facebook.net	wes-net-q8.sopq-net-q8.xyz connect.facebook.net
2	platform.twitter.com	wes-net-q8.sopq-net-q8.xyz www.spa.gov.sa
2	oss.maxcdn.com	1 redirects wes-net-q8.sopq-net-q8.xyz
1	www.facebook.com	connect.facebook.net
1	www.conrad.de	as.ad4m.at
1	www.awin1.com	1 redirects
1	partner.blau.de	as.ad4m.at
1	partner.o2online.de	as.ad4m.at
1	prod-rtb.ad4mat.net	wes-net-q8.sopq-net-q8.xyz
1	static-de.ad4mat.net	as.ad4m.at
1	sync.targeting.unrulymedia.com	1 redirects
1	id.rlcdn.com	googleads.g.doubleclick.net
1	cms.quantserve.com	googleads.g.doubleclick.net
1	pixel.rubiconproject.com	1 redirects
1	match.adsrvr.org	googleads.g.doubleclick.net
1	sync.mathtag.com	1 redirects
1	ssbsync.smartadserver.com	googleads.g.doubleclick.net
1	s.ad.smaato.net	1 redirects
1	dclk-match.dotomi.com	googleads.g.doubleclick.net
1	syndication.twitter.com	platform.twitter.com
1	m.addthis.com	s7.addthis.com
1	v1.addthisedge.com	s7.addthis.com
1	z.moatads.com	s7.addthis.com
1	www.google-analytics.com	wes-net-q8.sopq-net-q8.xyz
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	s4.histats.com	s10.histats.com
1	s10.histats.com	wes-net-q8.sopq-net-q8.xyz
1	www.mslslat.info	wes-net-q8.sopq-net-q8.xyz
1	cdn.jsdelivr.net	wes-net-q8.sopq-net-q8.xyz
1	www.google.com.sa
307	64

This site contains links to these domains. Also see Links.

Domain
www.spa.gov.sa
twitter.com
www.facebook.com
instagram.com
plus.google.com
www.youtube.com
web.whatsapp.com
www.addtoany.com
www.info.gov.sa
cdn.spa.gov.sa
goo.gl
itunes.apple.com
play.google.com
www.addthis.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-13` - `2023-05-12`	a year	crt.sh
*.google.com.sa GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
oss.maxcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-08` - `2023-10-07`	a year	crt.sh
*.spa.gov.sa DigiCert TLS RSA SHA256 2020 CA1	`2022-04-17` - `2023-05-13`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
histats.com R3	`2022-09-30` - `2022-12-29`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2022-02-27` - `2023-02-28`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-06` - `2023-11-06`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-09-23` - `2022-12-22`	3 months	crt.sh
moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-16` - `2023-11-18`	a year	crt.sh
syndication.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-25` - `2023-01-25`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
prod-rtb.ad4mat.net GTS CA 1D4	`2022-12-13` - `2023-03-13`	3 months	crt.sh

This page contains 48 frames:

Primary Page: https://wes-net-q8.sopq-net-q8.xyz/shaden/
Frame ID: 71AC0B82F98F1AD6C2448B5BD8727599
Requests: 84 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20190131/zrt_lookup.html
Frame ID: DA10ED5ABDC76C714F81C65F5318055B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=600&slotname=5914239063&adk=2628446172&adf=41369079&pi=t.ma~as.5914239063&w=300&lmt=1671039399&format=300x600&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039399426&bpp=2&bdt=141&idt=222&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&correlator=785032542511&frm=20&pv=2&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1280&ady=-200&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=ryZGqTjP1V&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=246
Frame ID: 630B2A298B252D92B354C959531E4A98
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/index.html
Frame ID: A9A37405079E47D1362F7188BBC858CB
Requests: 8 HTTP requests in this frame

Frame: https://www.google.com/pagead/drt/ui
Frame ID: D357A16105037F046A62C18BB7C45862
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=6456950493&adk=2183795468&adf=442814120&pi=t.ma~as.6456950493&w=872&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=872x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400849&bpp=6&bdt=1564&idt=6&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=518&ady=303&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=O4ozOqXuLN&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=11
Frame ID: 2AE9EDEBF798AB2E85677C4ACCB27990
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.ab4ec33f73214445796a87ce54aee452.en.html
Frame ID: E0C9AC19DE1B5A34DC29237DBDD6FE64
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=3143842704&adk=2099682579&adf=2632187649&pi=t.ma~as.3143842704&w=850&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=850x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400864&bpp=3&bdt=1579&idt=3&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600%2C872x280&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=523&ady=1053&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=xNyXaBeZJ2&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=6
Frame ID: 15D50FCE1730409F4DFFAFD6E881896A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=5770006049&adk=3758141296&adf=1282402278&pi=t.ma~as.5770006049&w=850&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=850x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400873&bpp=1&bdt=1588&idt=1&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600%2C872x280%2C850x280&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=523&ady=1543&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=cKfczBv04T&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=4
Frame ID: 8026ADE978565BFB0BD7CCEDCD5BA4AE
Requests: 1 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.24.html
Frame ID: 7BC9EAEB8F8E5EFCFF4D853D2B771231
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&adk=1812271804&adf=3025194257&lmt=1671039400&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&plas=188x810_l%7C140x675_r&format=0x0&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400979&bpp=1&bdt=1694&idt=1&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600%2C872x280%2C850x280%2C850x280&nras=1&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=5&uci=a!5&fsb=1&dtd=10
Frame ID: 9F8408490B30DB69AE1E4C4007ECAF91
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: C9592456754AD6E3AAF4E35EBDD7A1E8
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: DD037E9E2863EEC7020076644525CEDF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=600&slotname=5914239063&adk=2628446172&adf=41369079&pi=t.ma~as.5914239063&w=300&lmt=1671039399&format=300x600&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039399426&bpp=2&bdt=141&idt=222&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&correlator=785032542511&frm=20&pv=2&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1280&ady=-200&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=ryZGqTjP1V&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=246
Frame ID: 08B70FE8314CB8968B00F3455AB86BBB
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=6456950493&adk=2183795468&adf=442814120&pi=t.ma~as.6456950493&w=872&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=872x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400849&bpp=6&bdt=1564&idt=6&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=518&ady=303&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=O4ozOqXuLN&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=11
Frame ID: FC9138CA84E6FFB3DAD5BD84AD06EA56
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.ab4ec33f73214445796a87ce54aee452.en.html
Frame ID: D273492ED76574C9B42425EAA1C5BA3F
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=3143842704&adk=2099682579&adf=2632187649&pi=t.ma~as.3143842704&w=850&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=850x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400864&bpp=3&bdt=1579&idt=3&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600%2C872x280&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=523&ady=1053&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=xNyXaBeZJ2&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=6
Frame ID: E38B48678CE8EF74B62E990EE4920C84
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=5770006049&adk=3758141296&adf=1282402278&pi=t.ma~as.5770006049&w=850&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=850x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400873&bpp=1&bdt=1588&idt=1&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600%2C872x280%2C850x280&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=523&ady=1543&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=cKfczBv04T&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=4
Frame ID: D9AD1F28368BF2C034445FAD6F639FF6
Requests: 1 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.24.html
Frame ID: 05A84CADA87EB9361B07025E5D5C26A3
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 48759B6DB91EC03686DC49DFE9D8F059
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html
Frame ID: D7CDBEDF0A2E0B190A29923FD6C431A2
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CYqKeqQmaY7HVBM2F9fgPvJmqkA-AkufzbZnGk-y-EJutnJ3QNhABIOCpx0BglYKAgLQHoAGyisGqAcgBCakC2E_-mVTBqD6oAwHIA0iqBJYCT9BW6dxtDEeVhnw9jfye7ox0ZjxovZeyBI_Ou_BN3lb34t5uNsfNTjQ0QfOfoqgXouTO8B3pWJuT69MzyOu_kjSpfJG3navc5Af5OsOjB1x32R6L3n3F380cgJq-_9VAq7CnQ04xZsUb4euOlHmIGgglldWkYr1onZ3jsatJjSOsrixKHhXi-8LxHB--yQMI7VryZnetmhIchbq5U9HwGkZunhZPQR98xBu33CJO_oPbeiR1o6c6wwGhOfAusWmRUXPHTp7NTUQ0y-QchD0VDZeqQ4RksOL7C7QW_eyvU00fq9fqM9Yen3XzJ5odtPnoi2sywo2t8V21Jf25iigVg3TYsSqrSlMfvyFLmgWKYF_3etO7QuTABIeFzKCiBJIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAe29b7VAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEELmyC9IIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMC0BUBmBYBgBcBshccChoIABIUcHViLTMzNDI4Njk5OTYyNTI2ODUYAA&sigh=-uImOnyd7yQ&uach_m=[UACH]&cid=CAQSOwDq26N9mj9fcx5-7_nBughMuJLlm5NhjxL1VF-nsMWf_EQXvhRk3alDsmacKjeGWqKKq694_i4seZh7GAEgEw&template_id=419
Frame ID: 4B9DF7B3FEFB46286CF6D52CC9C7EA65
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html
Frame ID: 52AE41938A93B4BF4A76E7710AA0B85A
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=C-vzIqQmaY6_dBOmC9fgP4paieICS5_NtmcaT7L4Qm62cndA2EAEg4KnHQGCVgoCAtAegAbKKwaoByAEJqQLYT_6ZVMGoPqgDAcgDSKoElgJP0MGPKyfqegmhb-QGOkGQWwJO-jCY5JIbkWi8BgB7IyuaKo768ja1rwidpGiup7aJMz6TF1FzITY2D-RPTAWWondMk2mz73ChUM1P4qHPjmLfN1TiTaaJTkPgrs2YUq5YmDk1k1QCEtZ2rUQqZEFvqpPAUCz-lN5x0i5TFI7bAr74n4Py_CW78Jr7v8UnQUv1XJE19MxWpSDFWXovkFojo5GOQVTn3BD6IxJj2FxcmO4F18BZdyibUcfm9mYI8ioHi3x7Igt7pV-9XCi4KBtkeIUDEmQVj2l90XKEibqBJQ1Qthcv1dwFTyBHZh3CGM72u1bX3Uv-cSzDl4su9JaX4i-YQOH6YUpfEnBCZONfkwWdk873mMAEh4XMoKIEkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB7b1vtUCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQp-8F0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwLQFQGYFgGAFwGyFxwKGggAEhRwdWItMzM0Mjg2OTk5NjI1MjY4NRgA&sigh=IrN8d7EE2ZI&uach_m=[UACH]&cid=CAQSOwDq26N9qe3vOpcBld-oSaTd7TMjVKNCENmYTipYt21GSdiKUZOTZKeO6P3Np55IBPu0bSBPfFUHtR-7GAEgEw&template_id=419
Frame ID: 5D24588207BD552A69EB1A81395B71C0
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: B9405013BC6182F7DE12C93AEFB20C3F
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: B74B46E6DF7B08A217DDDFD58E211C89
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1
Frame ID: 4F54C30C15ABA023A2E5E0B095CC4F86
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1
Frame ID: 485D4C0ED01185902A290F1A78333E69
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1
Frame ID: 89D9C0B48002D7675BC2A3796A539B32
Requests: 9 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1jfmzdg8k9kdt4wj16eth0p5896bs4pyvhff1bvew5tfwgqrb4p1akh2st7dzmee3swa74p6acxx7rpgjmsv0yc025qz9t15y72tq0z4er6d0n3v0hrqtd4qvdzpxsytczcfvebvfw9mvtg75ehbcctxt99bxee2azc67ggfwt3w36j7xz4bk3mmq7yhmy8pz7aqgf5xdj8cc71xy5rtjv5jngfgh5ntshw807s7ywdn6g3d0zeyctrtcwbd8wbx4wv4ywch2d0bqrk1bk3yny65vm14h3zt466ys9wdn262kscx955z87qjztrzjnzz2h6cdxay2v8918ktsqd4z3vyb0wk794jt5jwe8c7jgdxa3z78s1rv8w3frc6j8v8y457qktjgd44117hmqztfmc8xatrgxfv2ytgqg8x15y64s7kzvdae&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCQSKGqQmaY_I6zYSWBNfTkeAGkOGBhFy2qMKK8ALAjbcBEAEgAGCVgoCAtAeCARdjYS1wdWItMzM0Mjg2OTk5NjI1MjY4NcgBCakCie4w4T_dsT6oAwGqBIkCT9C7spbmx3gGNYHr5fV1RyPvv1paaXGkRxGHZaD1YWjrDNBafSmeBgkeAOpe0ZmrGQjL70xMDOtcF0ue5GN4yV5LhQ6yD5e-2935CYYcbEoeoPM0t1Afh2BvbuDgcB4-ksg6LMkkktw5-VziOmjTXcWtb4Wlv3caV44aP37OzP4bS8T6uYxvaA9hannZKYvu87hLUJYhwVhLmSzaehoJwS50eGgnesHEWi-QsMbB1DIEqJjig0_5OWdxuO9W4SsgfIMsBrAyyPk3Eyi8yAriX7Vj5QLUVflXyIn2wUKi7vyKqC6nvIpT-3snjNcGI2fh_P2gZpIYiNX2B3Hi5dNCXCkhbsOe1tg3dIAGzoTKq-u7gbpUoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1abPCX73PxGlLA_mPIAOLye8Rayw%26client%3Dca-pub-3342869996252685%26adurl%3D
Frame ID: 7DA3F9292A4435BB7C004EE76247B20B
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 08C9C6E2CE0C6DDA9A6D36DCFEF4E3BF
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12406491265686199930/index.html
Frame ID: EB8033EC672CC003CAC84FA1A579B8C7
Requests: 12 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 77329D825732A3A12AE913FD2977801B
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 1633DE8F9B14F75CEF9B1F155646B9EE
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 207C251C4714FDCFA4452C67A7FFF69D
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/index.html
Frame ID: 99A50631491C90F594B2D5BC82F4D188
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 7130395B8F8DFF1ED19C3C585A787C41
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 66C124FB2E6F04F2188D1C975855E491
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: EB6F929AAC795D649CDAFFE450051966
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html
Frame ID: 5CEC224EA3BFACB98499029827EED156
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=Cwj7gqQmaY8mCBNqGlgSsiqTYBoCS5_NtmcaT7L4Qm62cndA2EAEg4KnHQGCVgoCAtAegAbKKwaoByAEJqQLYT_6ZVMGoPqgDAcgDSKoElgJP0AF9hlkSlElqDXH5PfObCDvkwN0Sa4m6rum4AcoFxwXtKfMDBiM_kOJef97-HEfvlfKVh52TOCd2m2PeH2Yv5lM9UEcjcK6WuKNA5wkj3NDITU0lW1OOcoNaUQZlwQnoASfrQT7TQOkWQdBXHdW3--e-8wr45Ct033XCctZMLmx1WWRDqCdyjiXFuBurVaC074X6tsoqsnKbUOUIqGv3FruokaCUKlgNBZFxyjhlrk5RvYIWazkj-IPUf_puGmW9X69lBD1aWit-X9qZ5WwHYuDU2m5vtIJ8HE8jOevveGLBqFFfB0_hcFMcwWfmPOEvTNEeQaklakZcP4rrcQgOSPIn24LC2pIEjQPQydZq_pgczjs_GcAEh4XMoKIEkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB7b1vtUCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQnu4F0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwLQFQGYFgGAFwGyFxwKGggAEhRwdWItMzM0Mjg2OTk5NjI1MjY4NRgA&sigh=-Oq2siw9Pm8&uach_m=[UACH]&cid=CAQSOwDq26N9vBZtb4cVXk4O9hlZV9KtAAQHOYozTnpQGRz0vRuVP2D_V0zCY_rJSDDZk5_nl-qWdZ_cOMMZGAEgEw&template_id=419
Frame ID: 83B15BC574A743C173D1E4208636078A
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: D5FC573A47812B415AB5B888F95E2753
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js
Frame ID: F5C30819A447E364968F38A2DDD003C1
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: DD516E156C71BE8796A6B4025F639836
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=192347%2C19491%2C322829&b=72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCM%2CR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7%2CbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJ&f=EzqfDf4EsEBxZczHAHjt6C441HqTVTzbF7%2CQpKH4fdjUWX7axH5HYt9CZZrTDT4TzPFV%2C3bgFpf14UV1xMf7HrHAtXC9REt8TWTRead&c=120&d=600&e=&g=cae369a0010692f24ac1c45db0e09588%2F16109878252448596710&i=20774%2C20773%2C21596&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1671039402596&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j49tjm57mfk6sx10g8kfs4ctp9jmajj0hhttfj8kjtkgh7q7ezjvm1tf5vf95qvsc6wyc53nv71w285vefn5m68byybse2gq0q7z476vffa18d4kp5ak1b3447km2fy59bwfwvfr30h4qpwvv24gwcz4sq9vr41bxn49ryb4ehsf5hbna3db5mqvswqxagn82nzd83p45xgsec4xw650csk4cr9g19trt2e4502mpnz1rdkskbvmgxmt2p3gy18gykz4bbef4c3k8n667rg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCQSKGqQmaY_I6zYSWBNfTkeAGkOGBhFy2qMKK8ALAjbcBEAEgAGCVgoCAtAeCARdjYS1wdWItMzM0Mjg2OTk5NjI1MjY4NcgBCakCie4w4T_dsT6oAwGqBIkCT9C7spbmx3gGNYHr5fV1RyPvv1paaXGkRxGHZaD1YWjrDNBafSmeBgkeAOpe0ZmrGQjL70xMDOtcF0ue5GN4yV5LhQ6yD5e-2935CYYcbEoeoPM0t1Afh2BvbuDgcB4-ksg6LMkkktw5-VziOmjTXcWtb4Wlv3caV44aP37OzP4bS8T6uYxvaA9hannZKYvu87hLUJYhwVhLmSzaehoJwS50eGgnesHEWi-QsMbB1DIEqJjig0_5OWdxuO9W4SsgfIMsBrAyyPk3Eyi8yAriX7Vj5QLUVflXyIn2wUKi7vyKqC6nvIpT-3snjNcGI2fh_P2gZpIYiNX2B3Hi5dNCXCkhbsOe1tg3dIAGzoTKq-u7gbpUoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1abPCX73PxGlLA_mPIAOLye8Rayw%2526client%253Dca-pub-3342869996252685%2526adurl%253D&y=1&s=&z=0
Frame ID: 01228822E7EBF41ED26315448762CB66
Requests: 11 HTTP requests in this frame

Frame: https://www.facebook.com/v2.5/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df36e78625573b18%26domain%3Dwes-net-q8.sopq-net-q8.xyz%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwes-net-q8.sopq-net-q8.xyz%252Ff1fe382f6c3446%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.spa.gov.sa%2Fviewstory.php%3Flang%3Dar%26newsid%3D2329628&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=true
Frame ID: E9D28E70F3FF3512E365BA22850DD635
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 7A891FD6DAD9C60423213EA40F594407
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 200F77144AA286E9551D7683DC60D7A5
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

عام / أمر ملكي : اعفاء تركي ال الشيخ من منصبه مع إحالته للتحقيقFacebookTwitterAddThisWhatsAppTelegramMessengerFacebookTwitterAddThisWhatsAppTelegramFacebookTwitterAddThisWhatsAppTelegramMessengerFacebookTwitterAddThisWhatsAppTelegram

Page URL History Show full URLs

http://wes-net-q8.sopq-net-q8.xyz/ HTTP 301
https://wes-net-q8.sopq-net-q8.xyz/ Page URL
https://www.google.com.sa/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwi-z9rTs_b7... Page URL
https://wes-net-q8.sopq-net-q8.xyz/shaden HTTP 301
http://wes-net-q8.sopq-net-q8.xyz/shaden/ HTTP 301
https://wes-net-q8.sopq-net-q8.xyz/shaden/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AddThis (Widgets) Expand

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

addtoany\.com/menu/page\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

OWL Carousel (Widgets) Expand

Overall confidence: 100%
Detected patterns

owl\.carousel.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

307
Requests

89 %
HTTPS

48 %
IPv6

50
Domains

64
Subdomains

45
IPs

10
Countries

4417 kB
Transfer

8406 kB
Size

46
Cookies

100 Outgoing links

These are links going to different origins than the main page.

URL: https://www.spa.gov.sa/?lang=ar
Title: الرئيسية

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/listnews.php?lang=ar&royal=1
Title: الأوامر الملكية

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/listnews.php?lang=ar&cabinet=1
Title: جلسات مجلس الوزراء

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/ocassion.php?lang=ar&galleryid=186
Title: رؤية المملكة 2030

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/reports.php?lang=ar

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/gallery.php?lang=ar&pg=1
Title: معرض الصور

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/vediogallery.php?lang=ar
Title: معرض الفيديو

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/poll.php?lang=ar
Title: رأيك يهمنا

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/contactus.php?lang=ar
Title: اتصل بنا

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/listnews.php?lang=ar&cat=3
Title: عام

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/listnews.php?lang=ar&cat=4
Title: سياسي

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/listnews.php?lang=ar&cat=5
Title: اقتصادي

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/listnews.php?lang=ar&cat=6
Title: اجتماعي

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/listnews.php?lang=ar&cat=7
Title: رياضي

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/listnews.php?lang=ar&cat=8
Title: ثقافي

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/listnews.php?lang=ar&cat=93442
Title: اقوال الصحف

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/home.php?lang=ar
Title: ع

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/home.php?lang=en
Title: En

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/home.php?lang=fr
Title: Fr

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/home.php?lang=fa
Title: Farsi

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/home.php?lang=ru
Title: Русский

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/home.php?lang=ch
Title: 中文

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/home.php?lang=id
Title: Indonesian

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/home.php?lang=ja
Title: Japanese

Search URL Search Domain Scan URL

URL: https://twitter.com/spagov/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/spa.gov

Search URL Search Domain Scan URL

URL: https://instagram.com/spanews/

Search URL Search Domain Scan URL

URL: https://plus.google.com/share?url=http://www.spa.gov.sa/

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/rss.php

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UClXSeR8UCA7c_Ys6lFqxX7Q?app=desktop

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2329628&lang=ar#ulSectionMobile
Title: الأخبار

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/newsheadlines.php?lang=ar
Title: البث العام

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2330582
Title: 16:32 المصري وسيراميكا يتعادلان في الدوري المصري لكرة القدم

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2330578
Title: 16:29 انطلاق مسابقة ملتقى " أبطال المناطق " لألعاب القوى للدرجة الثانية بمنطقة تبوك

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2330571
Title: 15:42 ارتفاع إجمالي حالات الإصابة بفيروس كورونا في تونس

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2330570
Title: 15:40 ارتفاع الرقم القياسي العام لأسعار أسهم البورصة الأردنية في نهاية تداولها

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2330568
Title: 15:39 رئيس البرلمان العربي يلتقي برئيس المجلس الشعبي الجزائري

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2330567
Title: 15:26 وزير الدولة للشؤون الخارجية يلتقي رئيسة برلمان جمهورية البيرو

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2330566
Title: 15:23 رئيس جمهورية البيرو يستقبل وزير الدولة للشؤون الخارجية

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2330565
Title: 15:21 وزير الخارجية التونسي يلتقي بالمفوض الأوروبي للجوار والتوسع

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2330564
Title: 15:18 "نيوم" تستضيف سباق "إكستريم إي" لسيارات الدفع الرباعي الكهربائية.. غداً

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2330563
Title: 15:15 مركز الجعدة الصحي يقدم خدماته لـ 21,273 مستفيدًا خلال شهر يناير

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2330562
Title: 15:15 مركز الملك سلمان للإغاثة يوزع أكثر من 133 طنًا من السلال الغذائية في محافظة حضرموت

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2330561
Title: 15:14 مركز الملك سلمان للإغاثة يوزع 600 حقيبة شتوية للمتضررين في مديرية الوادي بمحافظة مأرب

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2330560
Title: 15:14 اختتام فعاليات تمرين الدفاع الجوي الصاروخي المشترك (JADEX)

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2330559
Title: 15:14 المنتخب السعودي للمبارزة يشارك في كأس العالم بسويسرا

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2330554

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2330545

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2330544

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2330547

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2330541

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2330420

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2330412

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2330454

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2330428

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2330447

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2330384

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2330367

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2277230

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2159018

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/viewfullstory.php?lang=ar&newsid=2138898

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/listnews.php?lang=ar&report=1
Title: التقارير والاستطلاعات

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/newsheadlines.php?lang=ar&start_time=2022-02-17
Title: الخميس

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/newsheadlines.php?lang=ar&start_time=2022-02-15
Title: الثلاثاء

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/newsheadlines.php?lang=ar&start_time=2022-02-14
Title: الاثنين

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/newsheadlines.php?lang=ar&start_time=2022-02-13
Title: الأحد

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/newsheadlines.php?lang=ar&start_time=2022-02-12
Title: السبت

Search URL Search Domain Scan URL

URL: https://web.whatsapp.com/send?text=https://wes-net-q8.sopq-net-q8.xyz/shaden/

Search URL Search Domain Scan URL

URL: https://plus.google.com/share?url={https://www.spa.gov.sa/viewstory.php?newsid=2329628}

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&title=%D8%B9%D8%A7%D9%85%20%2F%20%D8%A3%D9%85%D8%B1%20%D9%85%D9%84%D9%83%D9%8A%20%3A%20%D8%A7%D8%B9%D9%81%D8%A7%D8%A1%20%D8%AA%D8%B1%D9%83%D9%8A%20%D8%A7%D9%84%20%D8%A7%D9%84%D8%B4%D9%8A%D8%AE%20%D9%85%D9%86%20%D9%85%D9%86%D8%B5%D8%A8%D9%87%20%D9%85%D8%B9%20%D8%A5%D8%AD%D8%A7%D9%84%D8%AA%D9%87%20%D9%84%D9%84%D8%AA%D8%AD%D9%82%D9%8A%D9%82
Title: Share

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/2329628
Title: www.spa.gov.sa/2329628

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/ChairmanAgency.ar.php
Title: كلمة رئيس مجلس الإدارة

Search URL Search Domain Scan URL

URL: http://www.info.gov.sa/

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/galupload/ads/FinancialRegulation.pdf
Title: Financial Regulation

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/TermsOfSubscriptionAndAd.php
Title: الاشتراكات والمنتجات

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/ourservices.php
Title: خدمات واس

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/galupload/ads/finantial-output.pdf
Title: لائحة المقابل المالي لخدمات واس الاخبارية والمصورة

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/tenders.php
Title: مناقصات

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/email-form.php
Title: للتواصل

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/AboutKingdom.ar.php
Title: عن المملكة

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/weathermap.php
Title: الإنذار المبكر

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/weatherInfo.php
Title: درجات الحرارة

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/links.php#links35
Title: جهات حكومية

Search URL Search Domain Scan URL

URL: https://cdn.spa.gov.sa/galupload/ads/Visuals.pdf
Title: الملف التعريفي عن منصة مرئيات

Search URL Search Domain Scan URL

URL: https://cdn.spa.gov.sa/galupload/ads/Istitlaa.pdf
Title: الملف التعريفي عن منصة استطلاع

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/poll.php
Title: رأيك يهمنا

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/galleries.php?lang=ar
Title: مؤتمرات ومناسبات

Search URL Search Domain Scan URL

URL: https://cdn.spa.gov.sa/galupload/ads/employee_rules.pdf
Title: مدونة قواعد السلوك الوظيفي

Search URL Search Domain Scan URL

URL: https://goo.gl/maps/WVCA4MmU2f82
Title: موقع وكالة الأنباء السعودية علي الخريطة

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/gawal.ar.php
Title: خدمة رسائل واس

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/sa/app/%D9%88%D8%A7%D8%B3-spa/id1030299223?platform=iphone&preserveScrollPosition=true#platform/iphone
Title: تطبيق آى فون

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.spa.was
Title: تطبيق آندرويد

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/gcc-apps.php
Title: التطبيق الموحد لوكالات انباء مجلس التعاون الخليجي

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/king-cv.ar.php?lang=ar
Title: سيرة خادم الحرمين

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/rounds.php?tourtype=1
Title: جولات خادم الحرمين

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/rounds.php?tourtype=3
Title: جولات ولي العهد

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/privacy-policy.php
Title: سياسية الخصوصية

Search URL Search Domain Scan URL

URL: https://www.spa.gov.sa/sitemap.php?lang=ar
Title: c-231

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

URL: https://www.addthis.com/website-tools/overview?utm_source=AddThis%20Tools&utm_medium=image
Title: AddThis

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://wes-net-q8.sopq-net-q8.xyz/ HTTP 301
https://wes-net-q8.sopq-net-q8.xyz/ Page URL
https://www.google.com.sa/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwi-z9rTs_b7AhVJT6QEHULQA5gQFnoECAkQAQ&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden&usg=AOvVaw1Mj-EplOpzZId5orAthbQm Page URL
https://wes-net-q8.sopq-net-q8.xyz/shaden HTTP 301
http://wes-net-q8.sopq-net-q8.xyz/shaden/ HTTP 301
https://wes-net-q8.sopq-net-q8.xyz/shaden/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://wes-net-q8.sopq-net-q8.xyz/ HTTP 301
https://wes-net-q8.sopq-net-q8.xyz/

Request Chain 4

https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js HTTP 301
https://cdn.jsdelivr.net/libs/respond.js/1.4.2/respond.min.js

Request Chain 146

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 147

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 170

https://um.simpli.fi/gp_match?google_gid=CAESEC663wyntRQkCiiZcMp3Rbo&google_cver=1&google_push=AavPq0OUVhBFG1xedZKXkxa-tF_7NlU4JPG87PnUMPgKBTk6lstn0Do1JCfBNuXj4-LQ8K8GBmryhELJC9HyHLTJnWHCp5DjbvnBDx4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=F48E42FE088D4A8BAEFE81B9DF6C3E1A&google_push=AavPq0OUVhBFG1xedZKXkxa-tF_7NlU4JPG87PnUMPgKBTk6lstn0Do1JCfBNuXj4-LQ8K8GBmryhELJC9HyHLTJnWHCp5DjbvnBDx4

Request Chain 171

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEIR-JU2tIDResxZrsjZNn7s&google_cver=1&google_push=AavPq0PSz6M9R9xMgv7eAI6Lj6t7JzkTj7sh3Er9Phi_0Pxq6NKTGIWuBiQaVg98OCz9mE6vjlh263a2uGWSbYQyp_1rCBY0BM7k96Ld HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEIR-JU2tIDResxZrsjZNn7s&google_cver=1&google_push=AavPq0PSz6M9R9xMgv7eAI6Lj6t7JzkTj7sh3Er9Phi_0Pxq6NKTGIWuBiQaVg98OCz9mE6vjlh263a2uGWSbYQyp_1rCBY0BM7k96Ld&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AavPq0PSz6M9R9xMgv7eAI6Lj6t7JzkTj7sh3Er9Phi_0Pxq6NKTGIWuBiQaVg98OCz9mE6vjlh263a2uGWSbYQyp_1rCBY0BM7k96Ld&google_hm=F0NgtGZHZVmbWxIfRyKwIWAJ

Request Chain 172

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEBGaWrzkmee3wo6lTLA1EME&google_cver=1&google_push=AavPq0OWUculKDqQvQEQBqgmfzJBDeXf4_8_VR3sE8uGOSF3dsnYCEicGaYLnlnpq8rdyBtZAkEwh0y073mdixQwnJj_WS85FmxT0C8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AavPq0OWUculKDqQvQEQBqgmfzJBDeXf4_8_VR3sE8uGOSF3dsnYCEicGaYLnlnpq8rdyBtZAkEwh0y073mdixQwnJj_WS85FmxT0C8

Request Chain 174

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEIkDgzDXCPCB_QA9LUqiK6U&google_cver=1&google_push=AavPq0MhQtow1SeNGhfJa5CS0DkJ80IFrqttVjNKa5MkRsg3vKLKJQivNvdiBxGRTatdq14fcomdSWdORdzETJzwgD_tPz2SdAnMmXhG HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AavPq0MhQtow1SeNGhfJa5CS0DkJ80IFrqttVjNKa5MkRsg3vKLKJQivNvdiBxGRTatdq14fcomdSWdORdzETJzwgD_tPz2SdAnMmXhG HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 175

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEIfAY1kaK1caMYaK7dldAN4&google_cver=1&google_push=AavPq0MSyKdsG9YeB0dxsl5UHRRKP55Gal8CI_vZm0ZeJQJdYe9OISoi477-2JkSGVJJ-tWEP4YgV7Ek_Wc1XokT5-lE2RfhtODfTLhZAg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AavPq0MSyKdsG9YeB0dxsl5UHRRKP55Gal8CI_vZm0ZeJQJdYe9OISoi477-2JkSGVJJ-tWEP4YgV7Ek_Wc1XokT5-lE2RfhtODfTLhZAg HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 196

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEAVtMkpS2hrPMW9yV1p2voo&google_cver=1&google_push=ASkJ3FZ4TI0hU_3QbPjKTKajV_D4cDmd-Q0GkAGb8yHAPjgvSqsnkct4SVUCg8Yt_GKpIIZDpCBDGddDXseRbO3addcK2XyfI2yxMB2w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ASkJ3FZ4TI0hU_3QbPjKTKajV_D4cDmd-Q0GkAGb8yHAPjgvSqsnkct4SVUCg8Yt_GKpIIZDpCBDGddDXseRbO3addcK2XyfI2yxMB2w

Request Chain 198

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEKqD3BbzaD27NedQwO4hjj8&google_cver=1&google_push=ASkJ3FYUVDCNkNgeYJEFHinUMGlZ_jHOFUx5fxsEIczYa7bm2Ey9UOyjDXGcs6YC8bpaJqkntbooWsi-6jCDGY0QEAyJQ9wkB2Un4Ew HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE3NzA1OTU4MTkyNDQ3Mjk3Ng%3D%3D&google_push=ASkJ3FYUVDCNkNgeYJEFHinUMGlZ_jHOFUx5fxsEIczYa7bm2Ey9UOyjDXGcs6YC8bpaJqkntbooWsi-6jCDGY0QEAyJQ9wkB2Un4Ew

Request Chain 199

https://d5p.de17a.com/cookies/google?google_gid=CAESEK6DrYP6c7p0g0VPYa8oBuo&google_cver=1&google_push=ASkJ3FZvpvPInRugY7m10txxQPRSbGKa-qgEKKrBNG3ZF87YYOSFU1Wwf5RmhIjNCK3mp3tIsaT8eK8wPT32qeX2SSj8rd0ln3JZRUq7 HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEK6DrYP6c7p0g0VPYa8oBuo&google_cver=1&google_push=ASkJ3FZvpvPInRugY7m10txxQPRSbGKa-qgEKKrBNG3ZF87YYOSFU1Wwf5RmhIjNCK3mp3tIsaT8eK8wPT32qeX2SSj8rd0ln3JZRUq7 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ASkJ3FZvpvPInRugY7m10txxQPRSbGKa-qgEKKrBNG3ZF87YYOSFU1Wwf5RmhIjNCK3mp3tIsaT8eK8wPT32qeX2SSj8rd0ln3JZRUq7

Request Chain 200

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEAtvhnpCzXITgXJ0cjDtTg&google_cver=1&google_push=ASkJ3FY9bx7DdOJ2LnkhTQaQtdnITxtt4wuA67V9vZYdIz3wJ_HoZ9_pXwULEoQlGqODr5jKE7PEsuKYN1Q3N9xx6WxP0xtIO8zSQTnr HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEJOWFBRUVItMUQtM0xGUw==&google_push=ASkJ3FY9bx7DdOJ2LnkhTQaQtdnITxtt4wuA67V9vZYdIz3wJ_HoZ9_pXwULEoQlGqODr5jKE7PEsuKYN1Q3N9xx6WxP0xtIO8zSQTnr

Request Chain 201

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEFQjvxepd3XZ0jY8Qb0qpQY&google_cver=1&google_push=ASkJ3Fbzb2dbpk6nadP8zo43mSDv-GkDpie0XT9zqNUgo1UOilYOpF6ge4x_44wwpBTKVXdQ2FfUdGtVLVe96DLFP_JikS6jtkrCnCed HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEFQjvxepd3XZ0jY8Qb0qpQY&google_cver=1&google_push=ASkJ3Fbzb2dbpk6nadP8zo43mSDv-GkDpie0XT9zqNUgo1UOilYOpF6ge4x_44wwpBTKVXdQ2FfUdGtVLVe96DLFP_JikS6jtkrCnCed&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1MUjRWRWt4RTJ1SEFkRTBnMVgzTmVuQmMxT09yWjVHdH5B&google_push=ASkJ3Fbzb2dbpk6nadP8zo43mSDv-GkDpie0XT9zqNUgo1UOilYOpF6ge4x_44wwpBTKVXdQ2FfUdGtVLVe96DLFP_JikS6jtkrCnCed

Request Chain 202

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESELrqM-Qh2X549u_kgQ7CfQI&google_cver=1&google_push=ASkJ3FZO_DrhjsKIROgT84LReVGHVAmIbg1r_DohYPwmb2Jp8JOFYFtcRY4AhFYXY6uJaZXrpeZLiEZPN_yqeeZ6JWMx1DfQ4t9ZpMzPQA HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESELrqM-Qh2X549u_kgQ7CfQI&google_cver=1&google_push=ASkJ3FZO_DrhjsKIROgT84LReVGHVAmIbg1r_DohYPwmb2Jp8JOFYFtcRY4AhFYXY6uJaZXrpeZLiEZPN_yqeeZ6JWMx1DfQ4t9ZpMzPQA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=25d7f847-571f-40bf-aef3-d0f2ffd887e9&%%GOOGLE_PUSH_PAIR%%

Request Chain 213

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 232

https://um.simpli.fi/gp_match?google_gid=CAESEC663wyntRQkCiiZcMp3Rbo&google_cver=1&google_push=AavPq0NKW1EYnXCYJS8om3-wWrRIHuoilh8vogGXIcy_FJFnsqMV2EORvscu7DKG59kli7eEGXbPUPk3YIs7sepm8xWVMm_1EM49SWeXS_4XkvESqS_A-YToey01652Dos6_eDoZcpmMoi1saw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=F48E42FE088D4A8BAEFE81B9DF6C3E1A&google_push=AavPq0NKW1EYnXCYJS8om3-wWrRIHuoilh8vogGXIcy_FJFnsqMV2EORvscu7DKG59kli7eEGXbPUPk3YIs7sepm8xWVMm_1EM49SWeXS_4XkvESqS_A-YToey01652Dos6_eDoZcpmMoi1saw

Request Chain 234

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEKqD3BbzaD27NedQwO4hjj8&google_cver=1&google_push=AavPq0Mq5fu7ojdGGAiDRywLr9XRKNHE4ndtr9fgvNSnyc8_jQyjNidIb_70PToNM9PjlzJE11tWyRPZ-0zSFNZLLvGoD8_s-cfwQHQUgWHVDAtVJdUhyfJhgNZXSeqeB2agF6qBNFuLH7Hg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE3NzA1OTU4MTkyNDQ3Mjk3Ng%3D%3D&google_push=AavPq0Mq5fu7ojdGGAiDRywLr9XRKNHE4ndtr9fgvNSnyc8_jQyjNidIb_70PToNM9PjlzJE11tWyRPZ-0zSFNZLLvGoD8_s-cfwQHQUgWHVDAtVJdUhyfJhgNZXSeqeB2agF6qBNFuLH7Hg

Request Chain 235

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESENmvenHlP3SnC_VVOrXnPmE&google_cver=1&google_push=AavPq0POVq8-VFDzDSzzDAtJdlw7N_8LT-otFkU0wWWKw9yd3evfbuXDOt24n66cjQRzDYrsGLPaxE6HIIY-V9s6QvmKci17q8Ujo-_6GgRuNel8LAc0q-69_53tonnGQIqPx6ii8-UWh8Sb HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AavPq0POVq8-VFDzDSzzDAtJdlw7N_8LT-otFkU0wWWKw9yd3evfbuXDOt24n66cjQRzDYrsGLPaxE6HIIY-V9s6QvmKci17q8Ujo-_6GgRuNel8LAc0q-69_53tonnGQIqPx6ii8-UWh8Sb&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1671039402273 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-648117c9-225b-481a-9979-259d7dfd0bc7-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAavPq0POVq8-VFDzDSzzDAtJdlw7N_8LT-otFkU0wWWKw9yd3evfbuXDOt24n66cjQRzDYrsGLPaxE6HIIY-V9s6QvmKci17q8Ujo-_6GgRuNel8LAc0q-69_53tonnGQIqPx6ii8-UWh8Sb%26google_hm%3DA2SBF8kiW0gamXklnX39C8c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AavPq0POVq8-VFDzDSzzDAtJdlw7N_8LT-otFkU0wWWKw9yd3evfbuXDOt24n66cjQRzDYrsGLPaxE6HIIY-V9s6QvmKci17q8Ujo-_6GgRuNel8LAc0q-69_53tonnGQIqPx6ii8-UWh8Sb&google_hm=A2SBF8kiW0gamXklnX39C8c

Request Chain 236

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEDswE7aqfqniaKe0RL0d1Ts&google_cver=1&google_push=AavPq0MYMEWnzOE8y7ZRs-JNCTl_aUC7LaALq6cIyokLMGdu6alyWb0aMAmfa4bEsWER591AVS5cYABSuE3R3avwziTiBFIMxTjJ3GO2avm2rWzjNrHsIDug5nu0oR4sBQu7bZwtf1Iv7hgL HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AavPq0MYMEWnzOE8y7ZRs-JNCTl_aUC7LaALq6cIyokLMGdu6alyWb0aMAmfa4bEsWER591AVS5cYABSuE3R3avwziTiBFIMxTjJ3GO2avm2rWzjNrHsIDug5nu0oR4sBQu7bZwtf1Iv7hgL&google_gid=CAESEDswE7aqfqniaKe0RL0d1Ts HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjY5NTk0Mjg1NzYyNjExOTkyNjk0NA%3D%3D&google_push=AavPq0MYMEWnzOE8y7ZRs-JNCTl_aUC7LaALq6cIyokLMGdu6alyWb0aMAmfa4bEsWER591AVS5cYABSuE3R3avwziTiBFIMxTjJ3GO2avm2rWzjNrHsIDug5nu0oR4sBQu7bZwtf1Iv7hgL

Request Chain 237

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEIfAY1kaK1caMYaK7dldAN4&google_cver=1&google_push=AavPq0MnDEtIaE52VxgPIp9avYuqUIaEWOkG3IZHp-pOjqIwc3GSm9n0MfJegOUzsrcAFSPWQwzUDBPc2lozTE2dvisZA20FyMZ38gVrPuw80dMNLIxXmUZLJqAO1AW2DPBGbHNR8FWrDaJASsg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AavPq0MnDEtIaE52VxgPIp9avYuqUIaEWOkG3IZHp-pOjqIwc3GSm9n0MfJegOUzsrcAFSPWQwzUDBPc2lozTE2dvisZA20FyMZ38gVrPuw80dMNLIxXmUZLJqAO1AW2DPBGbHNR8FWrDaJASsg HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 241

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 252

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 262

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 279

https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=0;gdpr_consent=;ltd=?https%3A%2F%2Fwww.telefonica-partner.de%2Ftpv.php%3Ft%3D117703V1226132702M%26subid%3Dviewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_Netmix_Reach43_TopRotaMonth%26gdpr_consent=%26gdpr=0%26gdpr_pd=0 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_pre=COjfhvDS-fsCFcT0EQgdcCcBQw;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=0;gdpr_consent=;ltd=?https%3A%2F%2Fwww.telefonica-partner.de%2Ftpv.php%3Ft%3D117703V1226132702M%26subid%3Dviewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_Netmix_Reach43_TopRotaMonth%26gdpr_consent=%26gdpr=0%26gdpr_pd=0 HTTP 302
https://www.telefonica-partner.de/tpv.php?t=117703V1226132702M&subid=viewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.lead-alliance.net/tpv.php?t=117703V1226132702M&subid=viewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=117703&s_id=2022121418364279507489173X117703V1226132702MSviewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&cons=0&spid=2022121418364279507489173X117703V1226132702MSviewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_Netmix_Reach43_TopRotaMonth&wfid=117703&partnerid=12218

Request Chain 282

https://ad.doubleclick.net/ddm/trackimp/N773418.3163536BLAU_AFFILIATE/B25532621.345088000;dc_trk_aid=536454876;dc_trk_cid=177082088;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=0;gdpr_consent=;ltd=?https%3A%2F%2Fwww.telefonica-partner.de%2Ftpv.php%3Ft%3D113752V1225131106M%26subid%3DviewoneidR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7oneid__suite_Netmix_Reach43_TopRotaMonth%26gdpr_consent=%26gdpr=0%26gdpr_pd=0 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N773418.3163536BLAU_AFFILIATE/B25532621.345088000;dc_pre=CJ3chvDS-fsCFWuF_QcdGSUAKA;dc_trk_aid=536454876;dc_trk_cid=177082088;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=0;gdpr_consent=;ltd=?https%3A%2F%2Fwww.telefonica-partner.de%2Ftpv.php%3Ft%3D113752V1225131106M%26subid%3DviewoneidR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7oneid__suite_Netmix_Reach43_TopRotaMonth%26gdpr_consent=%26gdpr=0%26gdpr_pd=0 HTTP 302
https://www.telefonica-partner.de/tpv.php?t=113752V1225131106M&subid=viewoneidR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7oneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.lead-alliance.net/tpv.php?t=113752V1225131106M&subid=viewoneidR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7oneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=113752&s_id=2022121418364279507489175X113752V1225131106MSviewoneidR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7oneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&cons=0

Request Chain 285

https://www.awin1.com/cshow.php?s=2470185&v=11354&q=377129&r=412871&pv=1&pref3=oneidbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJoneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.conrad.de/ztpv.php?awc=11354_412871_1671039402_df96b5c0-7bd5-11ed-bfbc-22342ff4a6f7&insert=AW&&gdpr=0&gdpr_consent=

307 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
wes-net-q8.sopq-net-q8.xyz/
Redirect Chain

http://wes-net-q8.sopq-net-q8.xyz/
https://wes-net-q8.sopq-net-q8.xyz/

1013 B
1 KB

149ms
115ms

Document
text/html

2606:4700:3033::ac43:b608
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wes-net-q8.sopq-net-q8.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:b608 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 28c260c944a04b1cbb2f2f610ff2ff16842b60c63872204eef93ca91b5d409eb

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7798b3f0add4b89c-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 14 Dec 2022 17:36:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vtHLEUkAWJRng2rHx298yLxba7UWecQoJoSb0xe8SrTr5YDuktt2QbYFrf8xHjrEOVajzsXwIyj6cMnqnNJ%2FdG%2BAHX68fvzEz%2BfNNUpDCxqAtAQ5%2Bvdmg0cJ4gyXO%2BsICSf6jLD3WOl122TWs%2BM6KVSaXgoochdppw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

CF-RAY: 7798b3f01e5a92ba-FRA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Wed, 14 Dec 2022 17:36:38 GMT
Expires: Wed, 14 Dec 2022 18:36:38 GMT
Location: https://wes-net-q8.sopq-net-q8.xyz/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l8ii7PIAh%2Ffql0Je49bjXZdJDR9d6avV0S4qAyOARkyW4j5ulgyDtj6r38mQWJ%2Ff7gbwU7n%2Fe83c6bmuKYjXAjTKGBFOqRhAlxbL4h7kHSxmdL0n8O%2F51P5ttm7%2BSBf6AhHKFSQNcrsj8uvweG98MvMeXKDsVTeefw%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 url
www.google.com.sa/ 954 B
2 KB 68ms
31ms Document
text/html 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com.sa/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwi-z9rTs_b7AhVJT6QEHULQA5gQFnoECAkQAQ&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden&usg=AOvVaw1Mj-EplOpzZId5orAthbQm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	0

Request headers

Referer: https://wes-net-q8.sopq-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Platform Sec-CH-UA-Platform-Version Sec-CH-UA-Full-Version Sec-CH-UA-Arch Sec-CH-UA-Model Sec-CH-UA-Bitness Sec-CH-UA-Full-Version-List Sec-CH-UA-WoW64
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
bfcache-opt-in: unload
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 481
content-type: text/html; charset=UTF-8
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="gws"
date: Wed, 14 Dec 2022 17:36:38 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
origin-trial: AqRrpS1jM/HOs1rGR0CnXerKEP/QFz7qj9ApDSZqAO+0U+KcT/h/lxA6akW4ar0kT0V1bw5MD4t8O7L7OFwM5gUAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY3ODIzMzU5OX0=
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: unload=()
pragma: no-cache
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
server: gws
strict-transport-security: max-age=31536000
x-xss-protection: 0

GET
H3

200

Primary Request / Show response
wes-net-q8.sopq-net-q8.xyz/shaden/
Redirect Chain

https://wes-net-q8.sopq-net-q8.xyz/shaden
http://wes-net-q8.sopq-net-q8.xyz/shaden/
https://wes-net-q8.sopq-net-q8.xyz/shaden/

64 KB
15 KB

378ms
378ms

Document
text/html

2606:4700:3033::ac43:b608
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/
Requested by: Host: www.google.com.sa
URL: https://www.google.com.sa/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwi-z9rTs_b7AhVJT6QEHULQA5gQFnoECAkQAQ&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden&usg=AOvVaw1Mj-EplOpzZId5orAthbQm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:b608 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 18b1ab4b74b9a93dd514f2f4d841ef3c7665fb6b6f312c9daf6cbe08dcf10363

Request headers

Referer: https://www.google.com.sa/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwi-z9rTs_b7AhVJT6QEHULQA5gQFnoECAkQAQ&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden&usg=AOvVaw1Mj-EplOpzZId5orAthbQm
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7798b3f3283b1b07-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 14 Dec 2022 17:36:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2967KYATR4yeDEE8mnaB9sf1I%2B9G%2BnvUsUvF1YYRjjnhJtRRUkFeOwylm6e85j0SqqL5QxDW3wDeuQuXJbLKyW3sRRHKTULpFeO9VA2P4HqFJfikTsbsvtSxgwh6o0l5ekLO8IX3YUjBrRcaUs%2BYBXjG6rB2VB6EEA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

CF-RAY: 7798b3f2fc0692ba-FRA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Wed, 14 Dec 2022 17:36:38 GMT
Expires: Wed, 14 Dec 2022 18:36:38 GMT
Location: https://wes-net-q8.sopq-net-q8.xyz/shaden/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7N%2FAVeDH0RFoakbN3c%2F7EhVxyEKS6lbmz5%2BrUYLM4v5%2FRYgCa4w%2ByNo4Pol8A4NpB8CDMGwgJsBCTAKJDAE%2BwTWpU3M151KQMA33gs7YL403eIKe9ElLG99xsdrucQFnn%2BvhsxUU%2Ft1ABwPBGBqpFEFLY2sPaaVO3g%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 144 KB
49 KB 112ms
82ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a21eae026c949616ac9de39bc193b0a7cf5f837dcee1b174d45d970b7cb18f60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49412
x-xss-protection: 0
server: cafe
etag: 14147616810978012111
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 14 Dec 2022 17:36:39 GMT

GET
H/1.1 200
OK html5shiv.js Show response
oss.maxcdn.com/libs/html5shiv/3.7.0/ 2 KB
2 KB 51ms
6ms Script
application/javascript 23.111.8.154
STACKPATH

General

Check archive.org

Show headers Download Go to

Full URL

https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.111.8.154 , United States, ASN33438 (STACKPATH, US),

Reverse DNS

Software

NetDNA-cache/2.2 /

Resource Hash

8c7a9c0470563367ab00307b4fb9bb3052d0a27f0b94e63b9dc0bb8c369449cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:39 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Age: 105
Transfer-Encoding: chunked
X-Cache: UPDATING
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
X-Served-By: cache-fra19125-FRA
Server: NetDNA-cache/2.2
ETag: W/"97d-PHs2lIXK3VhdJL5EcB5FnIqlTWA"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
cache-control: max-age=31104000
Timing-Allow-Origin: *
Expires: Sat, 09 Dec 2023 17:36:39 GMT

GET
H2

200

respond.min.js Show response
cdn.jsdelivr.net/libs/respond.js/1.4.2/
Redirect Chain

https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js
https://cdn.jsdelivr.net/libs/respond.js/1.4.2/respond.min.js

4 KB
3 KB

43ms
21ms

Script
application/javascript

2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/libs/respond.js/1.4.2/respond.min.js

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83a8807ef669fa70d0d9375347f5552897f76c6ae8e2e6f97ef592595462d8d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 23184830
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19152-FRA, cache-hhn4022-HHN
server: cloudflare
etag: W/"1119-taukDWWw1vhYWdtH91fqlxoO/TA"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=elUu4C4MftYp75xU9VcIYe4nhQ1UPBymTlqjCCThAWxJaYfx2FHdlbeoD0IJ4C9kbG5H657IYiwnq2TyCtQ7%2BRL4nSjRuGjh%2F0I8n8QvVrZvvtmIHw8kj4Vbm2BJrFNdSQIG8jejAopMICfy3%2Fc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000
timing-allow-origin: *
cf-ray: 7798b3f88a0c9273-FRA

Redirect headers

Date: Wed, 14 Dec 2022 17:36:39 GMT
Server: NetDNA-cache/2.2
X-Cache: EXPIRED
Content-Type: text/html
Location: https://cdn.jsdelivr.net/libs/respond.js/1.4.2/respond.min.js
CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74
Cache-Control: max-age=31104000
CDN-PullZone: 436438
CDN-RequestId: e9457da6aebe36729e9557bcd7bd43ea
Connection: keep-alive
CDN-RequestCountryCode: US
Content-Length: 162
Expires: Sat, 09 Dec 2023 17:36:39 GMT

GET
H/1.1 200
OK allcss-cash-2-.css
www.spa.gov.sa/include/css/ 458 KB
461 KB 869ms
96ms Stylesheet
text/css 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spa.gov.sa/include/css/allcss-cash-2-.css

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

bbd280edcb935b3416b2b97d92a3417609abfdd0743856973626d9729e7c7add

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 19 Jul 2022 10:50:55 GMT
Server: nginx, was
ETag: "72685-5e4264243bbe2"
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Upgrade: h2
Content-Type: text/css
Cache-Control: public, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes

GET
H/1.1 200
OK responsive2.css
www.spa.gov.sa/include/css/ 38 KB
39 KB 868ms
95ms Stylesheet
text/css 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spa.gov.sa/include/css/responsive2.css

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

e089ab47341831f91e716e61b97caf8e014a7e71a38dc9dcacc27deeb59f93c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 16 Feb 2021 13:02:14 GMT
Server: nginx, was
ETag: "976c-5bb73b61871ce"
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Upgrade: h2
Content-Type: text/css
Cache-Control: public, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes

GET
H/1.1 200
OK occas_style.css
www.spa.gov.sa/include/css/ 1 KB
2 KB 870ms
98ms Stylesheet
text/css 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spa.gov.sa/include/css/occas_style.css

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

14a39dfdc5b771c11fddeea49df147ba70223a06e2e1b95dce6908bee4f040c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 09 Dec 2015 14:24:02 GMT
Server: nginx, was
ETag: "48a-52677d78865b1"
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Upgrade: h2
Content-Type: text/css
Cache-Control: public, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes

GET
H/1.1 200
OK jquery.min.js Show response
www.spa.gov.sa/include/jquery3/dist/ 87 KB
88 KB 869ms
97ms Script
application/javascript 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spa.gov.sa/include/jquery3/dist/jquery.min.js

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Sun, 31 May 2020 08:13:28 GMT
Server: nginx, was
ETag: "15d86-5a6ed40d71a38"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: application/javascript
Cache-Control: public, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 89478

GET
H/1.1 200
OK bootstrap.min.js Show response
www.spa.gov.sa/include/js/ 39 KB
40 KB 881ms
109ms Script
application/javascript 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spa.gov.sa/include/js/bootstrap.min.js

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 13 Feb 2019 13:22:50 GMT
Server: nginx, was
ETag: "9b00-581c6703b5e80"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: application/javascript
Cache-Control: public, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 39680

GET
H/1.1 200
OK jquery.flexslider-min.js Show response
www.spa.gov.sa/include/js/ 17 KB
17 KB 881ms
109ms Script
application/javascript 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spa.gov.sa/include/js/jquery.flexslider-min.js

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

78319cbe73c68a127b678b33709e4df0793f52aa78e4048b9205174810e4f75c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 17 Nov 2015 11:28:09 GMT
Server: nginx, was
ETag: "4242-524bad1fd2486"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: application/javascript
Cache-Control: public, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 16962

GET
H/1.1 200
OK jquery-ui.min.js Show response
www.spa.gov.sa/include/js/ 248 KB
249 KB 986ms
115ms Script
application/javascript 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spa.gov.sa/include/js/jquery-ui.min.js

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

567e565582876be8ea6f7833055844a3c6ab5d136100d03b03e140bc8f6f0960

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Sun, 17 Feb 2019 10:28:13 GMT
Server: nginx, was
ETag: "3dee4-58214772617cf"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: application/javascript
Cache-Control: public, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 253668

GET
H/1.1 200
OK jquery.jclock.js Show response
www.spa.gov.sa/include/js/ 8 KB
9 KB 1051ms
93ms Script
application/javascript 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spa.gov.sa/include/js/jquery.jclock.js

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

2ff0f0b516a11623d2dea2d9a8b55f134b5ef482b007dde2c0698552cedb6359

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 22 Feb 2017 13:14:20 GMT
Server: nginx, was
ETag: "1fba-5491e4644a1d2"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: application/javascript
Cache-Control: public, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8122

GET
H/1.1 200
OK jquery.easing.min.js Show response
www.spa.gov.sa/include/js/ 3 KB
4 KB 1093ms
108ms Script
application/javascript 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spa.gov.sa/include/js/jquery.easing.min.js

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

b6984a1462c5e77cb004b7bb420d68073ca12b3b196175e0f77adee86c325cf8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 17 Nov 2015 11:28:09 GMT
Server: nginx, was
ETag: "dc5-524bad1fce77c"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: application/javascript
Cache-Control: public, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3525

GET
H/1.1 200
OK jquery.mmenu.min.all.js Show response
www.spa.gov.sa/include/js/ 24 KB
25 KB 1093ms
107ms Script
application/javascript 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spa.gov.sa/include/js/jquery.mmenu.min.all.js

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

eaab2d7fa89714fb0d2a0acc48337a9da9c1bf582abcdc4fbfc11f14896b90b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 17 Nov 2015 11:28:09 GMT
Server: nginx, was
ETag: "6042-524bad1ffba65"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: application/javascript
Cache-Control: public, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 24642

GET
H/1.1 200
OK owl.carousel.min.js Show response
www.spa.gov.sa/include/js/ 23 KB
24 KB 1144ms
92ms Script
application/javascript 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spa.gov.sa/include/js/owl.carousel.min.js

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

e0e2bc4e1d3ee5024c4e1aa58a6cad9aa42fc63a8c89ce18013a1c8f2b94875c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 17 Nov 2015 11:28:10 GMT
Server: nginx, was
ETag: "5d52-524bad20c0fb0"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: application/javascript
Cache-Control: public, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 23890

GET
H/1.1 200
OK jquery.ad-gallery.js Show response
www.spa.gov.sa/include/js/ 38 KB
39 KB 94ms
94ms Script
application/javascript 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spa.gov.sa/include/js/jquery.ad-gallery.js

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

501fe67bafaf9d1cab32bb58370ee5dea926cc33be7caf40d17c1ebc3fe9d763

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Mon, 06 Aug 2018 08:33:54 GMT
Server: nginx, was
ETag: "9746-572c023497413"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: application/javascript
Cache-Control: public, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 38726

GET
H/1.1 200
OK jquery.prettyPhoto.min.js Show response
www.spa.gov.sa/include/js/ 21 KB
22 KB 1147ms
94ms Script
application/javascript 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spa.gov.sa/include/js/jquery.prettyPhoto.min.js

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

d557a6ae3ec36af08c95109f4e50bf3e23733e04dc032f7ce1a1f515c3ff3730

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Mon, 06 Aug 2018 08:34:40 GMT
Server: nginx, was
ETag: "5502-572c026084e89"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: application/javascript
Cache-Control: public, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 21762

GET
H/1.1 200
OK jquery.jcarousel.min.js Show response
www.spa.gov.sa/include/js/ 16 KB
17 KB 1199ms
106ms Script
application/javascript 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spa.gov.sa/include/js/jquery.jcarousel.min.js

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

d00c90e4fa66012e1a8195c0ce87226cc54ab410c060d3e0a0e46a8d9c997b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 17 Nov 2015 11:28:09 GMT
Server: nginx, was
ETag: "3ee8-524bad1fd2486"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: application/javascript
Cache-Control: public, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 16104

GET
H/1.1 200
OK jquery.elastislide.js Show response
www.spa.gov.sa/include/js/ 13 KB
13 KB 1199ms
106ms Script
application/javascript 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spa.gov.sa/include/js/jquery.elastislide.js

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

512fe36f152bf3bfe134573b31da8bd8c83716bab882ebeca0865f0e1e1fe41a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 17 Nov 2015 11:28:09 GMT
Server: nginx, was
ETag: "3254-524bad1fce77c"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: application/javascript
Cache-Control: public, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12884

GET
H/1.1 200
OK jquery.cookie.js Show response
www.spa.gov.sa/include/js/ 4 KB
5 KB 1237ms
93ms Script
application/javascript 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spa.gov.sa/include/js/jquery.cookie.js

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

0c779ae95a8b1f10dcec474f7d89e001dfc1d27816dfe9e92542efdee4c6dc76

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Mon, 15 Oct 2018 11:38:59 GMT
Server: nginx, was
ETag: "10f8-57842e20aa8b1"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: application/javascript
Cache-Control: public, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4344

GET
H/1.1 200
OK twitter.png
www.spa.gov.sa/include/images/social/ 15 KB
16 KB 107ms
107ms Image
image/png 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.spa.gov.sa/include/images/social/twitter.png

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

123dea3c26414220dfc6f4e3645f3f613f29a012627154dec70ef7da0794bc5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 09 Dec 2015 14:24:02 GMT
Server: nginx, was
ETag: "3b2c-52677d789c194"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: image/png
Cache-Control: public, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15148

GET
H/1.1 200
OK facebook.png
www.spa.gov.sa/include/images/social/ 15 KB
16 KB 108ms
108ms Image
image/png 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.spa.gov.sa/include/images/social/facebook.png

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

7ed099ecf0f238578fd7f635b7afd7a2598cb526aa006c8f43d00fabc243e0d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 09 Dec 2015 14:24:02 GMT
Server: nginx, was
ETag: "3b28-52677d789aa1f"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: image/png
Cache-Control: public, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15144

GET
H/1.1 200
OK instagram.png
www.spa.gov.sa/include/images/social/ 2 KB
2 KB 94ms
93ms Image
image/png 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.spa.gov.sa/include/images/social/instagram.png

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

6a5c348d2bea7f9ee849e125961007a3f257f6b3957db77cf7500249340c73a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 28 Aug 2018 11:58:20 GMT
Server: nginx, was
ETag: "694-5747d8edfb5e0"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: image/png
Cache-Control: public, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1684

GET
H/1.1 200
OK googleplus.png
www.spa.gov.sa/include/images/social/ 15 KB
16 KB 96ms
95ms Image
image/png 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.spa.gov.sa/include/images/social/googleplus.png

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

b519c642f958215180ce1550cf10a61b04437a722796b27d817f66455dd9b7cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 09 Dec 2015 14:24:02 GMT
Server: nginx, was
ETag: "3c47-52677d789a637"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: image/png
Cache-Control: public, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15431

GET
H/1.1 200
OK rss.png
www.spa.gov.sa/include/images/social/ 15 KB
16 KB 112ms
111ms Image
image/png 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.spa.gov.sa/include/images/social/rss.png

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

6787359c73bf5b6f97050c2486162beab8d21a74a16a7f80f5bcc15760caad98

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 09 Dec 2015 14:24:02 GMT
Server: nginx, was
ETag: "3d1f-52677d789b9c2"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: image/png
Cache-Control: public, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15647

GET
H/1.1 200
OK youtube.png
www.spa.gov.sa/include/images/social/ 15 KB
16 KB 108ms
107ms Image
image/png 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.spa.gov.sa/include/images/social/youtube.png

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

a4798968ffb88995f78e45ff4b5493df16191821d4d1287a5ecfa5e5ff807b5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 09 Dec 2015 14:24:02 GMT
Server: nginx, was
ETag: "3d01-52677d789c965"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: image/png
Cache-Control: public, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15617

GET
H/1.1 200
OK logo.png
www.spa.gov.sa/include/images/ 26 KB
27 KB 94ms
93ms Image
image/png 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.spa.gov.sa/include/images/logo.png

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

0b3c0bff8937e3602a0c219094f379f4477e892eca28d3ef8c6771a3ef7f7659

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 17 Nov 2015 11:28:07 GMT
Server: nginx, was
ETag: "68b1-524bad1e6a4a4"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: image/png
Cache-Control: public, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 26801

GET
H/1.1 200
OK no-image-logo.png
cdn.spa.gov.sa/galupload/thumb/ 7 KB
8 KB 935ms
123ms Image
image/png 212.138.115.18
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.spa.gov.sa/galupload/thumb/no-image-logo.png

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.18 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

78f227a8ad7e10a17bf260afc2e29571f20bf69960e10c86fc2efb3a2c20bd64

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Mon, 21 Dec 2015 10:12:24 GMT
Server: nginx, was
ETag: "1d6c-52765b9b748ff"
Upgrade: h2
Content-Type: image/png
Cache-Control: public, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7532

GET
H2 200 DST_1615031_2624800_66_1_2021090721355890.jpg
www.mslslat.info/wp-content/uploads/2022/12/ 45 KB
46 KB 106ms
33ms Image
image/jpeg 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mslslat.info/wp-content/uploads/2022/12/DST_1615031_2624800_66_1_2021090721355890.jpg
Requested by: Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f48e82fda8006ef0c30c33b5b918ce1e962c552cdebc3f59d994501c99ca98e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:39 GMT
cf-cache-status: HIT
last-modified: Sun, 11 Dec 2022 21:21:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5466
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l%2B8oLthwQVqnt7PWuQAf4qH8wcsYF3v8UWyA1i0vXT3tkyAxptx1MQiMZpwW7PHi%2FNeXe4puga9PpO7r8RQq2PSlhp%2BdnFpLAWSoT7z51cePnaP8hZNkqQk7lXMHTHadSGlbQzTFIyOFOgC1PdUX"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7798b3f60f8d1536-DUS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 46480

GET
H/1.1 404
Not Found whatsapp_28.png
cdn.spa.gov.sa/galupload/ads/ 22 B
22 B 911ms
98ms Image
text/html 212.138.115.18
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.spa.gov.sa/galupload/ads/whatsapp_28.png

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.18 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx /

Resource Hash

812f5e64f64a738fea88f584a7d898da427ecacbdd28bbaed427b56b1c8c4a90

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Expires-Orig: None
Server: nginx
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
X-Cache-Control-Orig
Cache-Control: max-age=0, must-revalidate, private
Connection: keep-alive

GET
H2 200 gplus-16.png
www.gstatic.com/images/icons/ 737 B
1 KB 35ms
10ms Image
image/png 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/gplus-16.png

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcd07bf4ffba2d11c6d69171634486c68daa0d87587a55b9a06cf22170cbf28f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 00:57:05 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
age: 405574
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 737
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 10 Dec 2023 00:57:05 GMT

GET
H/1.1 200
OK zoomin.png
www.spa.gov.sa/include/images/ 473 B
1 KB 94ms
93ms Image
image/png 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.spa.gov.sa/include/images/zoomin.png

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

c1ac0ed1feaca258ba4b12a1da4663c9faaf28add526e969f9095565e6060055

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 17 Nov 2015 11:28:07 GMT
Server: nginx, was
ETag: "1d9-524bad1ea89ed"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: image/png
Cache-Control: public, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 473

GET
H/1.1 200
OK zoomout.png
www.spa.gov.sa/include/images/ 425 B
1 KB 94ms
94ms Image
image/png 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.spa.gov.sa/include/images/zoomout.png

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

a1bbd092918feec602a03b1ce42821dc4d3c3a17c782f1bc68f1707b343ae5b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 17 Nov 2015 11:28:07 GMT
Server: nginx, was
ETag: "1a9-524bad1ea89ed"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: image/png
Cache-Control: public, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 425

GET
H/1.1 200
OK print.png
www.spa.gov.sa/include/images/social/ 1 KB
2 KB 94ms
94ms Image
image/png 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.spa.gov.sa/include/images/social/print.png

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

efb7c108108c1967be58303d3f26713411732331a117bb7eb1a3e3882327e513

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 17 Nov 2015 11:28:08 GMT
Server: nginx, was
ETag: "496-524bad1f8b76f"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: image/png
Cache-Control: public, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1174

GET
H2 200 page.js Show response
static.addtoany.com/menu/ 3 KB
2 KB 54ms
24ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5592b1f799f3bff73a1b1d87deb4a32a820db0e2dd4a561050c7f1d27116d9a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:39 GMT
via: e1s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 34026
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 22 Nov 2022 08:09:18 GMT
server: cloudflare
etag: W/"c04-5ee0ab04c6251"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=172800
cf-ray: 7798b3f5cf8e8ffb-FRA

GET
H/1.1 200
OK 2329628.png
www.spa.gov.sa/cashdisk/barcode/news/ 300 B
1 KB 106ms
106ms Image
image/png 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.spa.gov.sa/cashdisk/barcode/news/2329628.png

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx /

Resource Hash

71aa9b7678fcd8dc6809e7825d71a357e51bda2a5368e0967ac8f841254fd924

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Last-Modified: Wed, 14 Dec 2022 15:42:51 GMT
Server: nginx
ETag: W/"12c-5efcb96d0d9da"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: image/png
Cache-Control: max-age=60, public, max-age=60
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 300
Expires: Wed, 14 Dec 2022 17:37:40 GMT

GET
H2 200 js15_as.js Show response
s10.histats.com/ 11 KB
5 KB 60ms
9ms Script
application/javascript 46.105.201.240
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://s10.histats.com/js15_as.js
Requested by: Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.105.201.240 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash: 2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:28:58 GMT
content-encoding: br
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-cacheable: Matched cache
x-cdn-pop-ip: 137.74.120.0/27
etag: "-375139978"
content-type: application/javascript; charset=UTF-8
x-cdn-pop: sbg
accept-ranges: bytes
content-length: 4364
x-request-id: 891389624

GET
H/1.1 200
OK 0.php Show response
s4.histats.com/stats/ 51 B
185 B 288ms
93ms Script
text/html 149.56.240.132
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://s4.histats.com/stats/0.php?4560416&@f16&@g1&@h1&@i1&@j1671039399359&@k0&@l1&@m%D8%B9%D8%A7%D9%85%20%2F%20%D8%A3%D9%85%D8%B1%20%D9%85%D9%84%D9%83%D9%8A%20%3A%20%D8%A7%D8%B9%D9%81%D8%A7%D8%A1%20%D8%AA%D8%B1%D9%83%D9%8A%20%D8%A7%D9%84%20%D8%A7%D9%84%D8%B4%D9%8A%D8%AE%20%D9%85%D9%86%20%D9%85%D9%86%D8%B5%D8%A8%D9%87%20%D9%85%D8%B9%20%D8%A5%D8%AD%D8%A7%D9%84%D8%AA%D9%87%20%D9%84%D9%84%D8%AA%D8%AD%D9%82%D9%8A%D9%82&@n0&@ohttps%3A%2F%2Fwww.google.com.sa%2F&@q0&@r0&@s0&@ten-US&@u1600&@b1:-151213718&@b3:1671039399&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&@w
Requested by: Host: s10.histats.com
URL: https://s10.histats.com/js15_as.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 149.56.240.132 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns534300.ip-149-56-240.net
Software: /
Resource Hash: ab4bb9417aaa009fdef6175ae8a91b85bed8698628f1b5cb1abcc27417b31302

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:39 GMT
Connection: close
Content-Length: 51
Content-Type: text/html;charset=UTF-8

GET
H/1.1 200
OK logo-footer.png
www.spa.gov.sa/include/images/ 9 KB
9 KB 106ms
106ms Image
image/png 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.spa.gov.sa/include/images/logo-footer.png

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

1e2a9c8ebb66491c06c2e59734ebba9fcc815a1f73ee8bd6a72403bc686984ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 17 Nov 2015 11:28:07 GMT
Server: nginx, was
ETag: "22be-524bad1e6a4a4"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: image/png
Cache-Control: public, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8894

GET
H3 200 wizaraLogo.png
wes-net-q8.sopq-net-q8.xyz/shaden/include/images/ 1013 B
1013 B 38ms
38ms Image
text/html 2606:4700:3033::ac43:b608
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/include/images/wizaraLogo.png
Requested by: Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:b608 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/shaden/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:39 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 14 Dec 2022 16:23:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4369
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xCtSIhjpsoE%2FHH3%2BkTCNa4AFqeZUzTn0Lq62hOaPijfagLfq283OUqhGRIAjToufe5Zxue1h1XjKgAVbqbdryXIMnoE9sKLEGIR3pTcb%2BeN3kpPgdOeI4FxH9AymoO2Y8cCtNrifMVNDj4rCHj2JZ8nU7iRxFxlHXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: max-age=14400
cf-ray: 7798b3f61cb41b07-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 383ms
13ms Script
application/javascript 2.23.192.118
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.23.192.118 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-23-192-118.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
date: Wed, 14 Dec 2022 17:36:39 GMT
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
cache-control: public, max-age=600
x-host: s7.addthis.com
content-length: 116325

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212050101/ 356 KB
117 KB 82ms
67ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212050101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3342869996252685&plah=wes-net-q8.sopq-net-q8.xyz&bust=31071168

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c1b38d975bb9b6e996ee1ba61cadb657fe5c81878a174b8e75f130aaa2f8fbad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119970
x-xss-protection: 0
server: cafe
etag: 10054862922577905489
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 14 Dec 2022 17:36:39 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221207/r20190131/ Frame DA10 10 KB
5 KB 28ms
7ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221207/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wes-net-q8.sopq-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 23705
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 11:01:34 GMT
etag: 10353107486223812946
expires: Wed, 28 Dec 2022 11:01:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 397 B
702 B 37ms
15ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=wes-net-q8.sopq-net-q8.xyz&callback=_gfp_s_&client=ca-pub-3342869996252685&gpid_exp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212050101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3342869996252685&plah=wes-net-q8.sopq-net-q8.xyz&bust=31071168

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

426e9990630704048103fc46ffd9c25a20249317fc9719b82be6ea7674c75913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 257
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 38ms
15ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=wes-net-q8.sopq-net-q8.xyz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 52ms
30ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=wes-net-q8.sopq-net-q8.xyz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 630B 109 KB
41 KB 1026ms
1011ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=600&slotname=5914239063&adk=2628446172&adf=41369079&pi=t.ma~as.5914239063&w=300&lmt=1671039399&format=300x600&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039399426&bpp=2&bdt=141&idt=222&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&correlator=785032542511&frm=20&pv=2&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1280&ady=-200&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=ryZGqTjP1V&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=246

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f9a02af5b2ff9846cc79a2f1ab50c256cc8ad82351d127ac35cbe4b75c892ebf

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPHYzO7S-fsCFV1CHQkdN5oBEw&gqi=pwmaY4KkKpq3nsEP88yvCA&layout=/sadbundle/%24csp%253Der3%24/16841678510429673680/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wes-net-q8.sopq-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 41795
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPHYzO7S-fsCFV1CHQkdN5oBEw&gqi=pwmaY4KkKpq3nsEP88yvCA&layout=/sadbundle/%24csp%253Der3%24/16841678510429673680/index.html
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:36:40 GMT
expires: Wed, 14 Dec 2022 17:36:40 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET JF-Flat-regular.woff
www.spa.gov.sa/include/fonts/ 0
0

GET
H2 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/ Frame A9A3 20 KB
6 KB 32ms
8ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/index.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=600&slotname=5914239063&adk=2628446172&adf=41369079&pi=t.ma~as.5914239063&w=300&lmt=1671039399&format=300x600&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039399426&bpp=2&bdt=141&idt=222&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&correlator=785032542511&frm=20&pv=2&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1280&ady=-200&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=ryZGqTjP1V&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=246

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ba2ea8daf45136819365c897010c0f185d534a7dc553578ec156f9c8db72449e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 408343
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 4754
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 00:10:57 GMT
expires: Sun, 10 Dec 2023 00:10:57 GMT
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 630B 0
0 49ms
49ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CJ4ixpwmaY7HpKt2E9fgPt7SGmAGAkufzbeHCk-y-EJutnJ3QNhABIOCpx0BglYKAgLQHoAGyisGqAcgBCakCdqw3YAa7qD6oAwHIA0iqBJMCT9BV8SsRVFgo_Zzwno1Z7Dz241RUWNWmws5LsOMrIeLHkrx6AxMz8qJNC1de3HlFPahZ6MAsS96yVdUCOr7EeH3g8Gbg3YWjg0I_GNjr3NDpZCM-Xi66DSGaeG09w6osrtYaaT1dtIul-Jpl2DhQJ1jVhcMtR7WHJKkyYc534g036vH-C0vKt1qTKigghAlG9CDUB0OJAfW6iCs_fa0gwI-suvSfvITay0VV2tiMRx5m10NJdtoiIOGKqxdVTNTIkOw2vGDskKtfjDpts7gGLqWcU7uJJSkrbUVhkfeZt2zT0WjD92TdhjEj0F6frAuZOfQpvYwUFDicpcvUtnJSEPfPg-kyx2u_szaprO98VZzJadvABIeFzKCiBJIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAe29b7VAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEJeDGtIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMC0BUBmBYBgBcBshccChoIABIUcHViLTMzNDI4Njk5OTYyNTI2ODUYAA&sigh=SEE0XFnZqRo&uach_m=[UACH]&cid=CAQSGwDq26N9LgP1IZrd0MVzke7JHyDEjOSkEFR-NxgBIBM&template_id=419

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=600&slotname=5914239063&adk=2628446172&adf=41369079&pi=t.ma~as.5914239063&w=300&lmt=1671039399&format=300x600&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039399426&bpp=2&bdt=141&idt=222&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&correlator=785032542511&frm=20&pv=2&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1280&ady=-200&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=ryZGqTjP1V&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=246
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 14 Dec 2022 17:36:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 14 Dec 2022 17:36:40 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/ Frame 630B 23 KB
10 KB 29ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 08:26:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33034
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 28 Dec 2022 08:26:06 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 29ms
7ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 14 Dec 2022 17:15:46 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 1254
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Wed, 14 Dec 2022 19:15:46 GMT

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame A9A3 6 KB
3 KB 52ms
11ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02ebc319500d29d704855de3d846bbb2479434953bb7b34f533122f432ce33bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 13:12:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15860
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2568
x-xss-protection: 0
server: cafe
etag: 6734328975651772599
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 15 Dec 2022 13:12:20 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame A9A3 34 KB
13 KB 47ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 19:53:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78214
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 14 Dec 2022 19:53:06 GMT

GET
H3 200 120fb889c9d3d02c8d3dd0555cf62ab3.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/ Frame A9A3 104 KB
30 KB 54ms
14ms Script
application/x-javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/120fb889c9d3d02c8d3dd0555cf62ab3.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

abf06691088fd3e48eeca737b56e448a96b06b1d7abb1495b634efcc2795aa89

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 09 Dec 2022 05:49:34 GMT
age: 474426
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30375
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 09 Dec 2023 05:49:34 GMT

GET
H/1.1 200
OK was.png
www.spa.gov.sa/include/images/ 29 KB
30 KB 93ms
93ms Image
image/png 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.spa.gov.sa/include/images/was.png

Requested by

Host: www.spa.gov.sa
URL: https://www.spa.gov.sa/include/css/allcss-cash-2-.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

060e8449d65acbc28c67dd6cf68c4980fe655ad2e68fda86564c7afe940e82a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spa.gov.sa/include/css/allcss-cash-2-.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 17 Nov 2015 11:28:07 GMT
Server: nginx, was
ETag: "74e5-524bad1ea85b3"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: image/png
Cache-Control: public, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 29925

GET
H/1.1 200
OK home_btn.png
www.spa.gov.sa/include/images/ 15 KB
16 KB 94ms
94ms Image
image/png 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.spa.gov.sa/include/images/home_btn.png

Requested by

Host: www.spa.gov.sa
URL: https://www.spa.gov.sa/include/css/allcss-cash-2-.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

6b168cd3c5a10a177f1cfc436679fa7f08706ce561ae508994b4f325d5cf9f92

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spa.gov.sa/include/css/allcss-cash-2-.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 17 Nov 2015 11:28:07 GMT
Server: nginx, was
ETag: "3d1a-524bad1e58c3a"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: image/png
Cache-Control: public, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15642

GET fontawesome-webfont.woff2
www.spa.gov.sa/include/fonts/ 0
0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D357 143 B
166 B 7ms
7ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=600&slotname=5914239063&adk=2628446172&adf=41369079&pi=t.ma~as.5914239063&w=300&lmt=1671039399&format=300x600&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039399426&bpp=2&bdt=141&idt=222&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&correlator=785032542511&frm=20&pv=2&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1280&ady=-200&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=ryZGqTjP1V&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=246
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 476
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:28:44 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 630B 3 KB
1 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 16:56:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2411
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 28 Dec 2022 16:56:29 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 630B 18 KB
7 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:04:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70311
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Dec 2022 22:04:49 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 44ms
27ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=wes-net-q8.sopq-net-q8.xyz

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 33ms
16ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=wes-net-q8.sopq-net-q8.xyz

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET ads
googleads.g.doubleclick.net/pagead/ Frame 2AE9 0
0

GET
H/1.1 200
OK tweet_button.ab4ec33f73214445796a87ce54aee452.en.html
platform.twitter.com/widgets/ Frame E0C9 31 KB
0 69ms
7ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.ab4ec33f73214445796a87ce54aee452.en.html
Requested by: Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6796) /
Resource Hash

Request headers

Referer: https://wes-net-q8.sopq-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 579306
Cache-Control: public, max-age=315569260
Content-Encoding: gzip
Content-Length: 12498
Content-Type: text/html; charset=utf-8
Date: Wed, 14 Dec 2022 17:36:40 GMT
Etag: "eeee2fd25b4a8aa51d4a22c32a818e86+gzip"
Last-Modified: Tue, 08 Dec 2015 21:36:03 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6796)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ

GET
H/1.1 404
Not Found whatsapp_28.png
cdn.spa.gov.sa/galupload/ads/ 22 B
22 B 93ms
92ms Image
text/html 212.138.115.18
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.spa.gov.sa/galupload/ads/whatsapp_28.png

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.18 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx /

Resource Hash

812f5e64f64a738fea88f584a7d898da427ecacbdd28bbaed427b56b1c8c4a90

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:40 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Expires-Orig: None
Server: nginx
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
X-Cache-Control-Orig
Cache-Control: max-age=0, must-revalidate, private
Connection: keep-alive

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 51ms
14ms Script
application/x-javascript 2a03:2880:f080:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f080:9:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

29252e13edb247b56ba684a88a88ff29d69281bf4522c82d5a83434315d3654b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 14 Dec 2022 17:36:40 GMT
content-md5: mAIWAxkDlPu9OtJOfWm0uA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1688
x-fb-rlafr: 0
x-fb-debug: IdqRWih1qBLnS5kHCOICzZx+M/5Nw6WpsOrBVLM86SScRlDZyUAoz5eEtY/S+pViepeSPWsDBBrOB2TIjmJ/Kg==
x-fb-trip-id: 1679558926
x-fb-content-md5: b793360c9d15645af8f18ed4453431a3
cross-origin-opener-policy: same-origin-allow-popups
etag: "618918cfa1b3d2e88797ef316747d306"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
priority: u=3,i
expires: Wed, 14 Dec 2022 17:49:43 GMT

GET ads
googleads.g.doubleclick.net/pagead/ Frame 15D5 0
0

GET ads
googleads.g.doubleclick.net/pagead/ Frame 8026 0
0

GET
H3 200 sm.24.html
static.addtoany.com/menu/ Frame 7BC9 677 B
0 41ms
30ms Document
text/html 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.24.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://wes-net-q8.sopq-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1934839
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=315360000, immutable
cf-cache-status: HIT
cf-ray: 7798b3ffbc499a1b-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 14 Dec 2022 17:36:40 GMT
etag: W/"2a5-5edb40e6d10d8"
last-modified: Fri, 18 Nov 2022 00:47:55 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: e4s
x-content-type-options: nosniff

GET
H3 200 core.9b4ec89f.js Show response
static.addtoany.com/menu/modules/ 70 KB
25 KB 42ms
33ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/modules/core.9b4ec89f.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b84b58bc5684e07213ce13351d3bf6b45f8fabc346f45f4a1ea17a4bbafbdd13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://wes-net-q8.sopq-net-q8.xyz/
Origin: https://wes-net-q8.sopq-net-q8.xyz
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:40 GMT
via: e4s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 98128
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 22 Nov 2022 08:09:17 GMT
server: cloudflare
etag: W/"117a5-5ee0ab045ab91"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, immutable
cf-ray: 7798b3ffbd63904c-FRA

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 33ms
7ms Script
application/x-javascript 88.221.169.143
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 88.221.169.143 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a88-221-169-143.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:40 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: B402EDC6F7271ED7
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=19472
accept-ranges: bytes
content-length: 948
x-amz-id-2: 3ZiQcYtRTuh4WJ4BUq+mWoVqgQk4EdHwIkUrSZre2GxPFo/4IUZsv5aBqLknQUvSl0wjR3iM+HQ=

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9F84 337 KB
87 KB 602ms
601ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&adk=1812271804&adf=3025194257&lmt=1671039400&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&plas=188x810_l%7C140x675_r&format=0x0&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400979&bpp=1&bdt=1694&idt=1&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600%2C872x280%2C850x280%2C850x280&nras=1&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=5&uci=a!5&fsb=1&dtd=10

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0753bc49eaa2816ff783e7f602b294d24841ab9c36d8e05a5ce5732ddddad541

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wes-net-q8.sopq-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 89035
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:36:41 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-5e993c65e0b62784/ 3 KB
974 B 71ms
71ms Script
application/javascript 2.23.192.118
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-5e993c65e0b62784/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.23.192.118 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-23-192-118.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a21b500ff6f5383f3d17c3053be87eda4e9055be704a849a9f2baa674386ccb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:41 GMT
content-encoding: gzip
etag: 1303105910--gzip
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=26, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 798

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 89 B
249 B 332ms
173ms Script
application/javascript 2.23.192.118
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=639a09a8b44b5d09&bkl=0&bl=1&pdt=617&sid=639a09a8b44b5d09&pub=ra-5e993c65e0b62784&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=wes-net-q8.sopq-net-q8.xyz&dr=www.google.com.sa&fp=shaden%2F&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=4&gen=100&chr=UTF-8&mk=%D8%B9%D8%A7%D9%85%20%2F%20%D8%A3%D9%85%D8%B1%20%D9%85%D9%84%D9%83%D9%8A%20%3A%20%D8%A7%D8%B9%D9%81%D8%A7%D8%A1%20%D8%AA%D8%B1%D9%83%D9%8A%20%D8%A7%D9%84%20%D8%A7%D9%84%D8%B4%D9%8A%D8%AE%20%D9%85%D9%86%20%D9%85%D9%86%D8%B5%D8%A8%D9%87%20%D9%85%D8%B9%20%D8%A5%D8%AD%D8%A7%D9%84%D8%AA%D9%87%20%D9%84%D9%84%D8%AA%D8%AD%D9%82%D9%8A%D9%82&colc=1671039400997&jsl=32769&uvs=639a09a86143d43d000&skipb=1&callback=addthis.cbs.jsonp__21175556763069280
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.23.192.118 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-23-192-118.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 33f6011ee1b3b09e271685bce1b4ef82d23e818adad4504a68a09a4c8f24de98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:41 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
content-length: 89
content-type: application/javascript;charset=utf-8

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame C959 0
0

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame DD03 0
0 12ms
11ms Document
text/html 2.23.192.118
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.23.192.118 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-23-192-118.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://wes-net-q8.sopq-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: public, max-age=86313600
content-encoding: gzip
content-length: 26421
content-type: text/html
date: Wed, 14 Dec 2022 17:36:41 GMT
etag: W/"5f971164-11adc"
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
p3p: CP="NON ADM OUR DEV IND COM STA"
server: nginx/1.15.8
strict-transport-security: max-age=15724800; includeSubDomains
timing-allow-origin: *
vary: Accept-Encoding
x-host: s7.addthis.com

GET ui
www.google.com/pagead/drt/ Frame D357 0
0

GET css
fonts.googleapis.com/ Frame A9A3 0
0

GET 5f95c1cc2919a9df28388531193350bf.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/media/ Frame A9A3 0
0

GET 24e8b2c8dde80786640a2d9b9270037d.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/media/ Frame A9A3 0
0

GET undefinedz9njpo
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/ Frame A9A3 0
0

GET
DATA 200
OK truncated
/ Frame E0C9 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET jot
syndication.twitter.com/i/ Frame E0C9 0
0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 08B7 113 KB
42 KB 892ms
891ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.spa.gov.sa
URL: https://www.spa.gov.sa/include/jquery3/dist/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

124b99c130da08ade01869c6be4da246da17d14e3d5b07630f7db6da1650a12b

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPuLoO_S-fsCFcyZhQodqhgPcw&gqi=qQmaY-GyA-W2nsEP2Pi6qAk&layout=/sadbundle/%24csp%253Der3%24/16841678510429673680/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wes-net-q8.sopq-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 43466
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPuLoO_S-fsCFcyZhQodqhgPcw&gqi=qQmaY-GyA-W2nsEP2Pi6qAk&layout=/sadbundle/%24csp%253Der3%24/16841678510429673680/index.html
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:36:41 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FC91 133 KB
44 KB 1010ms
1010ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=6456950493&adk=2183795468&adf=442814120&pi=t.ma~as.6456950493&w=872&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=872x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400849&bpp=6&bdt=1564&idt=6&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=518&ady=303&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=O4ozOqXuLN&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=11

Requested by

Host: www.spa.gov.sa
URL: https://www.spa.gov.sa/include/jquery3/dist/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aac8bec099aff1d246903891b4fffaf4292832998c8f8d49c5aa1fe51f002d4f

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIn7n-_S-fsCFVqDhQodLAUJaw&gqi=qQmaY_S2A8L8nsEP7-6F0Ak&layout=/sadbundle/%24csp%253Der3%24/14674112099215987585/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wes-net-q8.sopq-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 44794
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIn7n-_S-fsCFVqDhQodLAUJaw&gqi=qQmaY_S2A8L8nsEP7-6F0Ak&layout=/sadbundle/%24csp%253Der3%24/14674112099215987585/index.html
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:36:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK tweet_button.ab4ec33f73214445796a87ce54aee452.en.html Show response
platform.twitter.com/widgets/ Frame D273 31 KB
13 KB 7ms
6ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.ab4ec33f73214445796a87ce54aee452.en.html
Requested by: Host: www.spa.gov.sa
URL: https://www.spa.gov.sa/include/jquery3/dist/jquery.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6796) /
Resource Hash: cf5ca6cc63377fe5380dabc8553c8b9ce4d109b89ee6994b2c526712bf508f74

Request headers

Referer: https://wes-net-q8.sopq-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 579307
Cache-Control: public, max-age=315569260
Content-Encoding: gzip
Content-Length: 12498
Content-Type: text/html; charset=utf-8
Date: Wed, 14 Dec 2022 17:36:41 GMT
Etag: "eeee2fd25b4a8aa51d4a22c32a818e86+gzip"
Last-Modified: Tue, 08 Dec 2015 21:36:03 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6796)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E38B 133 KB
44 KB 441ms
437ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=3143842704&adk=2099682579&adf=2632187649&pi=t.ma~as.3143842704&w=850&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=850x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400864&bpp=3&bdt=1579&idt=3&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600%2C872x280&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=523&ady=1053&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=xNyXaBeZJ2&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=6

Requested by

Host: www.spa.gov.sa
URL: https://www.spa.gov.sa/include/jquery3/dist/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4457d4486e74ed3b3b703db0434942456fae1849d108e6cc9b1cd07478f86dbd

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CO_VoO_S-fsCFWlBHQkdYosIDw&gqi=qQmaY6eMBMa6kdUPo-GH0Ak&layout=/sadbundle/%24csp%253Der3%24/14674112099215987585/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wes-net-q8.sopq-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 44979
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CO_VoO_S-fsCFWlBHQkdYosIDw&gqi=qQmaY6eMBMa6kdUPo-GH0Ak&layout=/sadbundle/%24csp%253Der3%24/14674112099215987585/index.html
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:36:41 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D9AD 145 KB
48 KB 439ms
436ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=5770006049&adk=3758141296&adf=1282402278&pi=t.ma~as.5770006049&w=850&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=850x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400873&bpp=1&bdt=1588&idt=1&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600%2C872x280%2C850x280&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=523&ady=1543&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=cKfczBv04T&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=4

Requested by

Host: www.spa.gov.sa
URL: https://www.spa.gov.sa/include/jquery3/dist/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84789717527e8225851b38879c50ddc1bd883a8bdab96a2f3de89a17e94d470c

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPHNoO_S-fsCFc1CHQkdvIwK8g&gqi=qQmaY_mOBMPTnsEP1eyLuAY&layout=/sadbundle/%24csp%253Der3%24/14674112099215987585/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wes-net-q8.sopq-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 49027
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPHNoO_S-fsCFc1CHQkdvIwK8g&gqi=qQmaY_mOBMPTnsEP1eyLuAY&layout=/sadbundle/%24csp%253Der3%24/14674112099215987585/index.html
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:36:41 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sm.24.html Show response
static.addtoany.com/menu/ Frame 05A8 677 B
644 B 31ms
30ms Document
text/html 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.24.html

Requested by

Host: www.spa.gov.sa
URL: https://www.spa.gov.sa/include/jquery3/dist/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a4192e762a449dfd6e63bee835e0941627223c9159e8219acdd01881a1ac175

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://wes-net-q8.sopq-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1934840
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=315360000, immutable
cf-cache-status: HIT
cf-ray: 7798b400ae449a1b-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 14 Dec 2022 17:36:41 GMT
etag: W/"2a5-5edb40e6d10d8"
last-modified: Fri, 18 Nov 2022 00:47:55 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: e4s
x-content-type-options: nosniff

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html Show response
s7.addthis.com/static/ Frame 4875 71 KB
26 KB 12ms
11ms Document
text/html 2.23.192.118
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: www.spa.gov.sa
URL: https://www.spa.gov.sa/include/jquery3/dist/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.23.192.118 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-23-192-118.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://wes-net-q8.sopq-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: public, max-age=86313600
content-encoding: gzip
content-length: 26421
content-type: text/html
date: Wed, 14 Dec 2022 17:36:41 GMT
etag: W/"5f971164-11adc"
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
p3p: CP="NON ADM OUR DEV IND COM STA"
server: nginx/1.15.8
strict-transport-security: max-age=15724800; includeSubDomains
timing-allow-origin: *
vary: Accept-Encoding
x-host: s7.addthis.com

GET
H/1.1 200
OK preloader.gif
www.spa.gov.sa/include/images/ 29 KB
30 KB 137ms
137ms Image
image/gif 212.138.115.17
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.spa.gov.sa/include/images/preloader.gif

Requested by

Host: www.spa.gov.sa
URL: https://www.spa.gov.sa/include/css/allcss-cash-2-.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.115.17 Ta'if, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx, was /

Resource Hash

0a692c63afbfa334201a6a937c955d25b03c75657a935a3fae0f02f3262e6cc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spa.gov.sa/include/css/allcss-cash-2-.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:41 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 17 Nov 2015 11:28:07 GMT
Server: nginx, was
ETag: "734f-524bad1e81832"
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Content-Type: image/gif
Cache-Control: public, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 29519

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 306 KB
86 KB 30ms
14ms Script
application/x-javascript 2a03:2880:f080:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=a6dc8df71388650eeb18534b04379147

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f080:9:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f77dfa2154635b474380d3580b042b903320425fbee1494e69adcca03c1ae2ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://wes-net-q8.sopq-net-q8.xyz/
Origin: https://wes-net-q8.sopq-net-q8.xyz
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 14 Dec 2022 17:36:41 GMT
content-md5: CLYqP0fmXUzpdyTtHccxDQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88441
x-fb-rlafr: 0
x-fb-debug: nkrgdteLoltHwL68FTRAIoCOXQB4I8COAueEqRlzi2edkJjWprA3Mer2GzrlWkTzDt93z7Q3riaysabB8mxwEw==
x-fb-content-md5: 4e860761d101499b067a26ee6c9ce0ee
cross-origin-opener-policy: same-origin-allow-popups
etag: "b74348b825679c382caaa9ee76887bfe"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Dec 2023 15:02:05 GMT

GET
H/1.1 404
Not Found whatsapp_28.png
stgcdn.spa.gov.sa//galupload/ads/ 22 B
22 B 540ms
106ms Image
text/html 212.138.183.12
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stgcdn.spa.gov.sa//galupload/ads/whatsapp_28.png

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.183.12 Riyadh, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx /

Resource Hash

812f5e64f64a738fea88f584a7d898da427ecacbdd28bbaed427b56b1c8c4a90

Security Headers

Name	Value
Strict-Transport-Security	max-age=300000000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:30:34 GMT
Strict-Transport-Security: max-age=300000000; includeSubDomains; preload
X-Expires-Orig: None
Server: nginx
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
X-Cache-Control-Orig
Cache-Control: max-age=0, must-revalidate, private
Connection: keep-alive

GET
H3 200 a2a.js Show response
static.addtoany.com/menu/svg/icons/ 182 B
415 B 22ms
21ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/a2a.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.9b4ec89f.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dab93242ee573bbcfc22c9d15acd47794e500ed44e6bd48a35400b39d65aa43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://wes-net-q8.sopq-net-q8.xyz/
Origin: https://wes-net-q8.sopq-net-q8.xyz
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:41 GMT
via: e1s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 40231
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 18 Nov 2022 01:01:36 GMT
server: cloudflare
etag: W/"b6-5edb43f58ee38"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=7776000
cf-ray: 7798b400fffe904c-FRA

GET
H3 200 whatsapp.js Show response
static.addtoany.com/menu/svg/icons/ 1 KB
911 B 30ms
29ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/whatsapp.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.9b4ec89f.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96840bd7cc7d8edd1d1ffaff60d7f335fd866cd9a6132c8524d620482f4df64a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://wes-net-q8.sopq-net-q8.xyz/
Origin: https://wes-net-q8.sopq-net-q8.xyz
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:41 GMT
via: e2s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 98127
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 18 Nov 2022 01:01:39 GMT
server: cloudflare
etag: W/"471-5edb43f896478"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=7776000
cf-ray: 7798b400f800904c-FRA

GET
H3 200 twitter.js Show response
static.addtoany.com/menu/svg/icons/ 695 B
674 B 21ms
20ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/twitter.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.9b4ec89f.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74ec1e2bfcf647ccdeaf5b127294db846ee4a6f8ffd6c909d4938370d4187d1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://wes-net-q8.sopq-net-q8.xyz/
Origin: https://wes-net-q8.sopq-net-q8.xyz
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:41 GMT
via: e3s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 98127
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 18 Nov 2022 01:01:39 GMT
server: cloudflare
etag: W/"2b7-5edb43f86f378"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=7776000
cf-ray: 7798b400f802904c-FRA

GET
H3 200 facebook.js Show response
static.addtoany.com/menu/svg/icons/ 318 B
500 B 20ms
20ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/facebook.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.9b4ec89f.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a19ff3554a1e589f756a92be8263726674127c133feb1d333095668b77ba08c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://wes-net-q8.sopq-net-q8.xyz/
Origin: https://wes-net-q8.sopq-net-q8.xyz
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:41 GMT
via: e4s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 98127
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 18 Nov 2022 01:01:36 GMT
server: cloudflare
etag: W/"13e-5edb43f5ee978"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=7776000
cf-ray: 7798b400f804904c-FRA

GET
DATA 200
OK truncated
/ Frame D273 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 jot
syndication.twitter.com/i/ Frame D273 43 B
292 B 119ms
119ms Image
image/gif 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22language%22%3A%22en%22%2C%22message%22%3A%22m%3A%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2F%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1671039401132%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%2243d7a3f%3A1449607660032%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/tweet_button.ab4ec33f73214445796a87ce54aee452.en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-response-time: 111
date: Wed, 14 Dec 2022 17:36:40 GMT
strict-transport-security: max-age=631138519
last-modified: Wed, 14 Dec 2022 17:36:41 GMT
server: tsa_o
vary: Origin
content-type: image/gif
x-transaction-id: 13fe436f11c2ff0c
cache-control: must-revalidate, max-age=600
perf: 7626143928
x-connection-hash: 0fa1760d6a7234d233b9278d6a239f6e3e53ecbc67c80ae395cebce8a633eeeb
content-length: 43

GET
H2 200 layers.fa6cd1947ce26e890d3d.js Show response
s7.addthis.com/static/ 263 KB
76 KB 12ms
12ms Script
application/javascript 2.23.192.118
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.23.192.118 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-23-192-118.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
date: Wed, 14 Dec 2022 17:36:41 GMT
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-41cf5"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86313600
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 77641

GET JF-Flat-regular.ttf
www.spa.gov.sa/include/fonts/ 0
0

GET
H2 200 159.1c3fceccbc80f2a3615f.js Show response
s7.addthis.com/static/ 564 B
634 B 17ms
17ms Script
application/javascript 2.23.192.118
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/159.1c3fceccbc80f2a3615f.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.23.192.118 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-23-192-118.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

c02d2e4ee660f561338f717a6dc83745ea23c4ad356a57bdfee60c3643b25b1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
date: Wed, 14 Dec 2022 17:36:41 GMT
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-234"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86313600
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 394

GET
H2 200 195.461912c47007775093ae.js Show response
s7.addthis.com/static/ 384 B
538 B 17ms
16ms Script
application/javascript 2.23.192.118
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/195.461912c47007775093ae.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.23.192.118 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-23-192-118.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7b4fbd6cf87898b005b09546b1c4e82654918b11e5f64ccb8fc32ea0a04e237a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
date: Wed, 14 Dec 2022 17:36:41 GMT
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-180"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86313600
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 298

POST
H2 200 shares-post.json Show response
api-public.addthis.com/url/serviceapi/ 2 B
278 B 208ms
187ms XHR
application/json 2.23.192.118
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api-public.addthis.com/url/serviceapi/shares-post.json?services=sFbt&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.23.192.118 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-23-192-118.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://wes-net-q8.sopq-net-q8.xyz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-type: text/plain

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
date: Wed, 14 Dec 2022 17:36:41 GMT
surrogate-key: sFbt=https://wes-net-q8.sopq-net-q8.xyz/shaden/
last-modified: Wed, 14 Dec 2022 17:00:00 GMT
server: nginx/1.15.8
content-type: application/json
access-control-allow-origin: https://wes-net-q8.sopq-net-q8.xyz
cache-control: no-transform, max-age=0, s-maxage=14400
access-control-allow-credentials: true
content-length: 2

GET
H2 200 shares.json Show response
api-public.addthis.com/url/ 34 B
296 B 209ms
189ms Script
application/json 2.23.192.118
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&callback=_ate.cbs.rcb_3k430

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.23.192.118 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-23-192-118.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

cf52b1ce215fdcb207d5413f7b77a3f3097ebf08c8110faae16736e1cd921627

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
surrogate-key: wes-net-q8.sopq-net-q8.xyz/shaden/
last-modified: Wed, 14 Dec 2022 17:36:41 GMT
server: nginx/1.15.8
date: Wed, 14 Dec 2022 17:36:41 GMT
vary: Accept-Encoding
content-type: application/json
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length: 54

GET
H2 200 shares.json Show response
api-public.addthis.com/url/ 34 B
296 B 227ms
207ms Script
application/json 2.23.192.118
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api-public.addthis.com/url/shares.json?url=http%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&callback=_ate.cbs.rcb_896y0

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.23.192.118 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-23-192-118.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

191c1b1b46329ec0ca5f6a375f90eae5af18d24503309650c6b7b55cf010c7af

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
surrogate-key: wes-net-q8.sopq-net-q8.xyz/shaden/
last-modified: Wed, 14 Dec 2022 17:36:41 GMT
server: nginx/1.15.8
date: Wed, 14 Dec 2022 17:36:41 GMT
vary: Accept-Encoding
content-type: application/json
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length: 54

GET
DATA 200
OK truncated
/ 443 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET fontawesome-webfont.woff
www.spa.gov.sa/include/fonts/ 0
0

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/ Frame D7CD 20 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1aae23a1a146a8276a47a9aaa6b54f499f8f433d9acf7ae65920fd168de57e42

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 408737
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 4695
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 00:04:24 GMT
expires: Sun, 10 Dec 2023 00:04:24 GMT
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 4B9D 0
0 49ms
49ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CYqKeqQmaY7HVBM2F9fgPvJmqkA-AkufzbZnGk-y-EJutnJ3QNhABIOCpx0BglYKAgLQHoAGyisGqAcgBCakC2E_-mVTBqD6oAwHIA0iqBJYCT9BW6dxtDEeVhnw9jfye7ox0ZjxovZeyBI_Ou_BN3lb34t5uNsfNTjQ0QfOfoqgXouTO8B3pWJuT69MzyOu_kjSpfJG3navc5Af5OsOjB1x32R6L3n3F380cgJq-_9VAq7CnQ04xZsUb4euOlHmIGgglldWkYr1onZ3jsatJjSOsrixKHhXi-8LxHB--yQMI7VryZnetmhIchbq5U9HwGkZunhZPQR98xBu33CJO_oPbeiR1o6c6wwGhOfAusWmRUXPHTp7NTUQ0y-QchD0VDZeqQ4RksOL7C7QW_eyvU00fq9fqM9Yen3XzJ5odtPnoi2sywo2t8V21Jf25iigVg3TYsSqrSlMfvyFLmgWKYF_3etO7QuTABIeFzKCiBJIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAe29b7VAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEELmyC9IIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMC0BUBmBYBgBcBshccChoIABIUcHViLTMzNDI4Njk5OTYyNTI2ODUYAA&sigh=-uImOnyd7yQ&uach_m=[UACH]&cid=CAQSOwDq26N9mj9fcx5-7_nBughMuJLlm5NhjxL1VF-nsMWf_EQXvhRk3alDsmacKjeGWqKKq694_i4seZh7GAEgEw&template_id=419

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=5770006049&adk=3758141296&adf=1282402278&pi=t.ma~as.5770006049&w=850&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=850x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400873&bpp=1&bdt=1588&idt=1&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600%2C872x280%2C850x280&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=523&ady=1543&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=cKfczBv04T&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 14 Dec 2022 17:36:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/ Frame 4B9D 23 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=5770006049&adk=3758141296&adf=1282402278&pi=t.ma~as.5770006049&w=850&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=850x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400873&bpp=1&bdt=1588&idt=1&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600%2C872x280%2C850x280&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=523&ady=1543&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=cKfczBv04T&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 08:26:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33035
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 28 Dec 2022 08:26:06 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 4B9D 3 KB
1 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 16:56:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2412
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 28 Dec 2022 16:56:29 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 4B9D 18 KB
7 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:04:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70312
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Dec 2022 22:04:49 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 4B9D 0
0 15ms
14ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSe1C56xRMJFOQaoggx6ZNlTIdZazuLsUbrsiEUvCWj_JhWRExheRXe1o2MhrFrHKnVGkqpsgXf-mexSb57jO6XmgBYjg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=5770006049&adk=3758141296&adf=1282402278&pi=t.ma~as.5770006049&w=850&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=850x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400873&bpp=1&bdt=1588&idt=1&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600%2C872x280%2C850x280&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=523&ady=1543&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=cKfczBv04T&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4B9D 153 KB
47 KB 60ms
19ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 14 Dec 2022 17:36:41 GMT

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/ Frame 52AE 20 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1aae23a1a146a8276a47a9aaa6b54f499f8f433d9acf7ae65920fd168de57e42

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 408737
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 4695
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 00:04:24 GMT
expires: Sun, 10 Dec 2023 00:04:24 GMT
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 5D24 0
0 52ms
52ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C-vzIqQmaY6_dBOmC9fgP4paieICS5_NtmcaT7L4Qm62cndA2EAEg4KnHQGCVgoCAtAegAbKKwaoByAEJqQLYT_6ZVMGoPqgDAcgDSKoElgJP0MGPKyfqegmhb-QGOkGQWwJO-jCY5JIbkWi8BgB7IyuaKo768ja1rwidpGiup7aJMz6TF1FzITY2D-RPTAWWondMk2mz73ChUM1P4qHPjmLfN1TiTaaJTkPgrs2YUq5YmDk1k1QCEtZ2rUQqZEFvqpPAUCz-lN5x0i5TFI7bAr74n4Py_CW78Jr7v8UnQUv1XJE19MxWpSDFWXovkFojo5GOQVTn3BD6IxJj2FxcmO4F18BZdyibUcfm9mYI8ioHi3x7Igt7pV-9XCi4KBtkeIUDEmQVj2l90XKEibqBJQ1Qthcv1dwFTyBHZh3CGM72u1bX3Uv-cSzDl4su9JaX4i-YQOH6YUpfEnBCZONfkwWdk873mMAEh4XMoKIEkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB7b1vtUCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQp-8F0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwLQFQGYFgGAFwGyFxwKGggAEhRwdWItMzM0Mjg2OTk5NjI1MjY4NRgA&sigh=IrN8d7EE2ZI&uach_m=[UACH]&cid=CAQSOwDq26N9qe3vOpcBld-oSaTd7TMjVKNCENmYTipYt21GSdiKUZOTZKeO6P3Np55IBPu0bSBPfFUHtR-7GAEgEw&template_id=419

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=3143842704&adk=2099682579&adf=2632187649&pi=t.ma~as.3143842704&w=850&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=850x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400864&bpp=3&bdt=1579&idt=3&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600%2C872x280&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=523&ady=1053&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=xNyXaBeZJ2&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 14 Dec 2022 17:36:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/ Frame 5D24 23 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=3143842704&adk=2099682579&adf=2632187649&pi=t.ma~as.3143842704&w=850&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=850x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400864&bpp=3&bdt=1579&idt=3&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600%2C872x280&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=523&ady=1053&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=xNyXaBeZJ2&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 08:26:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33035
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 28 Dec 2022 08:26:06 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 5D24 3 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 16:56:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2412
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 28 Dec 2022 16:56:29 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 5D24 18 KB
7 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:04:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70312
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Dec 2022 22:04:49 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 5D24 0
0 33ms
15ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ3JLdU02mte2ejfZG2zGECVfgf3dTDTrTzUJnt_Rwg_U_61FQV9NT1tgSV9bPojtf9IDW2r44N292uSsshF7bKj04ySA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=3143842704&adk=2099682579&adf=2632187649&pi=t.ma~as.3143842704&w=850&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=850x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400864&bpp=3&bdt=1579&idt=3&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600%2C872x280&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=523&ady=1053&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=xNyXaBeZJ2&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=6
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5D24 153 KB
47 KB 38ms
28ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 14 Dec 2022 17:36:41 GMT

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame D7CD 6 KB
3 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02ebc319500d29d704855de3d846bbb2479434953bb7b34f533122f432ce33bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 13:12:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15861
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2568
x-xss-protection: 0
server: cafe
etag: 6734328975651772599
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 15 Dec 2022 13:12:20 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame D7CD 34 KB
13 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 19:53:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78215
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 14 Dec 2022 19:53:06 GMT

GET
H3 200 120fb889c9d3d02c8d3dd0555cf62ab3.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/ Frame D7CD 104 KB
30 KB 9ms
9ms Script
application/x-javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/120fb889c9d3d02c8d3dd0555cf62ab3.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

abf06691088fd3e48eeca737b56e448a96b06b1d7abb1495b634efcc2795aa89

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 09 Dec 2022 05:22:45 GMT
age: 476036
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30375
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 09 Dec 2023 05:22:45 GMT

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 52AE 6 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02ebc319500d29d704855de3d846bbb2479434953bb7b34f533122f432ce33bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 13:12:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15861
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2568
x-xss-protection: 0
server: cafe
etag: 6734328975651772599
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 15 Dec 2022 13:12:20 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 52AE 34 KB
13 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 19:53:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78215
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 14 Dec 2022 19:53:06 GMT

GET
H3 200 120fb889c9d3d02c8d3dd0555cf62ab3.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/ Frame 52AE 104 KB
30 KB 9ms
7ms Script
application/x-javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/120fb889c9d3d02c8d3dd0555cf62ab3.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

abf06691088fd3e48eeca737b56e448a96b06b1d7abb1495b634efcc2795aa89

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 09 Dec 2022 05:22:45 GMT
age: 476036
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30375
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 09 Dec 2023 05:22:45 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B940 143 B
166 B 8ms
6ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=5770006049&adk=3758141296&adf=1282402278&pi=t.ma~as.5770006049&w=850&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=850x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400873&bpp=1&bdt=1588&idt=1&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600%2C872x280%2C850x280&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=523&ady=1543&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=cKfczBv04T&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=4
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 477
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:28:44 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B74B 143 B
166 B 7ms
7ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=3143842704&adk=2099682579&adf=2632187649&pi=t.ma~as.3143842704&w=850&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=850x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400864&bpp=3&bdt=1579&idt=3&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600%2C872x280&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=523&ady=1053&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=xNyXaBeZJ2&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=6
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 477
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:28:44 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET fontawesome-webfont.ttf
www.spa.gov.sa/include/fonts/ 0
0

POST
H3 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame 4B9D 0
20 B 59ms
44ms Other
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPHNoO_S-fsCFc1CHQkdvIwK8g&gqi=qQmaY_mOBMPTnsEP1eyLuAY&layout=/sadbundle/%24csp%253Der3%24/14674112099215987585/index.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame 5D24 0
20 B 45ms
45ms Other
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CO_VoO_S-fsCFWlBHQkdYosIDw&gqi=qQmaY6eMBMa6kdUPo-GH0Ak&layout=/sadbundle/%24csp%253Der3%24/14674112099215987585/index.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 4B9D 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e81a08dc6c86129b7890830eb35bf825b01b3bef7050d72664fe1eba3e00b3bb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212050101/ 150 KB
51 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212050101/reactive_library_fy2021.js?bust=31071168

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d277aeef53674c3d7b3ed409b6bcb8df16d11a337cb47b5f3ba62bd28e53d25f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:41 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52345
x-xss-protection: 0
server: cafe
etag: 4672975396338035478
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Dec 2022 17:36:41 GMT

GET
DATA 200
OK truncated
/ Frame 5D24 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 468fd352348d14dc44bec2f7e695ffa0c398693d92c43b04242ce6800025600f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame D7CD 6 KB
1 KB 19ms
19ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Raleway:700|IBM+Plex+Sans+Condensed:500i|IBM+Plex+Sans+Condensed:500|IBM+Plex+Sans+Condensed:600

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/120fb889c9d3d02c8d3dd0555cf62ab3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

78631aa2658006d43b70adcf42bfef831d29315d91bfe9e67bb4acd5f9b349e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 14 Dec 2022 17:36:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 14 Dec 2022 17:10:16 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 14 Dec 2022 17:36:41 GMT

GET
H3 200 14986c7a3fcbf331142efc1cfe3dea91.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/media/ Frame D7CD 31 KB
31 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/media/14986c7a3fcbf331142efc1cfe3dea91.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f806647f88d37d884d78bdfa4bd50754cb4d3dcd8fc52c2a82ffc11e6350cfb

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Fri, 09 Dec 2022 19:23:39 GMT
x-content-type-options: nosniff
age: 425582
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31561
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 09 Dec 2023 19:23:39 GMT

GET
H3 200 28f5d8da66c1978538f89b2583693dfa.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/media/ Frame D7CD 40 KB
40 KB 11ms
10ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/media/28f5d8da66c1978538f89b2583693dfa.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fab16292a66e362f856092e0fb1fe26eeec7c620fbbfa383c7ebf7d77be81d8f

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Fri, 09 Dec 2022 03:47:31 GMT
x-content-type-options: nosniff
age: 481750
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41214
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 09 Dec 2023 03:47:31 GMT

GET
H3 404 undefinedz9njpo
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/ Frame D7CD 43 B
69 B 436ms
435ms Image
image/gif 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/undefinedz9njpo

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:42 GMT
x-content-type-options: nosniff
server: sffe
x-dns-prefetch-control: off
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Wed, 14 Dec 2022 17:36:42 GMT

GET
H3 200 14986c7a3fcbf331142efc1cfe3dea91.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/media/ Frame 52AE 31 KB
31 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/media/14986c7a3fcbf331142efc1cfe3dea91.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/120fb889c9d3d02c8d3dd0555cf62ab3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f806647f88d37d884d78bdfa4bd50754cb4d3dcd8fc52c2a82ffc11e6350cfb

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Fri, 09 Dec 2022 19:23:39 GMT
x-content-type-options: nosniff
age: 425582
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31561
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 09 Dec 2023 19:23:39 GMT

GET
H3 200 28f5d8da66c1978538f89b2583693dfa.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/media/ Frame 52AE 40 KB
40 KB 10ms
9ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/media/28f5d8da66c1978538f89b2583693dfa.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/120fb889c9d3d02c8d3dd0555cf62ab3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fab16292a66e362f856092e0fb1fe26eeec7c620fbbfa383c7ebf7d77be81d8f

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Fri, 09 Dec 2022 03:47:31 GMT
x-content-type-options: nosniff
age: 481750
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41214
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 09 Dec 2023 03:47:31 GMT

GET
H3 404 undefinedz9njpo
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/ Frame 52AE 43 B
69 B 1054ms
1053ms Image
image/gif 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/undefinedz9njpo

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/120fb889c9d3d02c8d3dd0555cf62ab3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:42 GMT
x-content-type-options: nosniff
server: sffe
x-dns-prefetch-control: off
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Wed, 14 Dec 2022 17:36:42 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 52AE 6 KB
803 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Raleway:700|IBM+Plex+Sans+Condensed:500i|IBM+Plex+Sans+Condensed:500|IBM+Plex+Sans+Condensed:600

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/120fb889c9d3d02c8d3dd0555cf62ab3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

78631aa2658006d43b70adcf42bfef831d29315d91bfe9e67bb4acd5f9b349e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 14 Dec 2022 17:36:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 14 Dec 2022 16:17:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 14 Dec 2022 17:36:41 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B940
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

27ms
26ms

Document
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:36:41 GMT
expires: Wed, 14 Dec 2022 17:36:41 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:36:41 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B74B
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

52ms
52ms

Document
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:36:41 GMT
expires: Wed, 14 Dec 2022 17:36:41 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:36:41 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 18ms
18ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=wes-net-q8.sopq-net-q8.xyz

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=wes-net-q8.sopq-net-q8.xyz

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/ Frame 4F54 10 KB
4 KB 9ms
8ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wes-net-q8.sopq-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 53691
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 02:41:50 GMT
etag: 10353107486223812946
expires: Wed, 28 Dec 2022 02:41:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/ Frame 485D 10 KB
4 KB 8ms
7ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wes-net-q8.sopq-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 53691
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 02:41:50 GMT
etag: 10353107486223812946
expires: Wed, 28 Dec 2022 02:41:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/ Frame 89D9 10 KB
4 KB 14ms
13ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wes-net-q8.sopq-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 53691
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 02:41:50 GMT
etag: 10353107486223812946
expires: Wed, 28 Dec 2022 02:41:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css2
fonts.googleapis.com/ Frame 4F54 4 KB
636 B 32ms
16ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 14 Dec 2022 17:36:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 14 Dec 2022 15:52:26 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 14 Dec 2022 17:36:41 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4F54 205 B
229 B 25ms
8ms Image
image/png 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 14:45:13 GMT
x-content-type-options: nosniff
age: 10288
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 14 Dec 2023 14:45:13 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4F54 604 B
628 B 25ms
9ms Image
image/png 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 15:49:26 GMT
x-content-type-options: nosniff
age: 6435
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 14 Dec 2023 15:49:26 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/elements/html/ Frame 4F54 19 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d0ed9630334a711204c67723b1eb52755c8316466fa7e4e601958e0c12a5da9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 01:47:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56925
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8084
x-xss-protection: 0
server: cafe
etag: 2222875591315018765
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 28 Dec 2022 01:47:56 GMT

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame 7DA3 2 KB
3 KB 73ms
46ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1jfmzdg8k9kdt4wj16eth0p5896bs4pyvhff1bvew5tfwgqrb4p1akh2st7dzmee3swa74p6acxx7rpgjmsv0yc025qz9t15y72tq0z4er6d0n3v0hrqtd4qvdzpxsytczcfvebvfw9mvtg75ehbcctxt99bxee2azc67ggfwt3w36j7xz4bk3mmq7yhmy8pz7aqgf5xdj8cc71xy5rtjv5jngfgh5ntshw807s7ywdn6g3d0zeyctrtcwbd8wbx4wv4ywch2d0bqrk1bk3yny65vm14h3zt466ys9wdn262kscx955z87qjztrzjnzz2h6cdxay2v8918ktsqd4z3vyb0wk794jt5jwe8c7jgdxa3z78s1rv8w3frc6j8v8y457qktjgd44117hmqztfmc8xatrgxfv2ytgqg8x15y64s7kzvdae&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCQSKGqQmaY_I6zYSWBNfTkeAGkOGBhFy2qMKK8ALAjbcBEAEgAGCVgoCAtAeCARdjYS1wdWItMzM0Mjg2OTk5NjI1MjY4NcgBCakCie4w4T_dsT6oAwGqBIkCT9C7spbmx3gGNYHr5fV1RyPvv1paaXGkRxGHZaD1YWjrDNBafSmeBgkeAOpe0ZmrGQjL70xMDOtcF0ue5GN4yV5LhQ6yD5e-2935CYYcbEoeoPM0t1Afh2BvbuDgcB4-ksg6LMkkktw5-VziOmjTXcWtb4Wlv3caV44aP37OzP4bS8T6uYxvaA9hannZKYvu87hLUJYhwVhLmSzaehoJwS50eGgnesHEWi-QsMbB1DIEqJjig0_5OWdxuO9W4SsgfIMsBrAyyPk3Eyi8yAriX7Vj5QLUVflXyIn2wUKi7vyKqC6nvIpT-3snjNcGI2fh_P2gZpIYiNX2B3Hi5dNCXCkhbsOe1tg3dIAGzoTKq-u7gbpUoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1abPCX73PxGlLA_mPIAOLye8Rayw%26client%3Dca-pub-3342869996252685%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37fcb92689d3f88d0fe122413be1aabc9e67c37b5907f62afd75b6b41701107c

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7798b405ef035c98-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:36:41 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 485D 3 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 16:56:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2412
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 28 Dec 2022 16:56:29 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 08C9 1 KB
643 B 10ms
7ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 23705
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 11:01:36 GMT
etag: 48472445140208031
expires: Thu, 15 Dec 2022 11:01:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 485D 18 KB
7 KB 10ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:04:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70312
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Dec 2022 22:04:49 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 485D 0
0 18ms
15ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRdoMTyshAOfZ19EEVwoWrcvssQOxCrGSqycCCpSuHVFbZDyXkWwxZXho-rJTzuJqFX7OAQd1joekJUoOz4OeqkCYFbbw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 485D 153 KB
47 KB 133ms
116ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 14 Dec 2022 17:36:42 GMT

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12406491265686199930/ Frame EB80 20 KB
5 KB 8ms
8ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12406491265686199930/index.html

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c0dade5e40511841f841814ed717788248c50490400ef63f4620391825f7444e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 412918
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 4775
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 22:54:43 GMT
expires: Sat, 09 Dec 2023 22:54:43 GMT
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 89D9 0
0 51ms
50ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cf-CaqQmaY_M6zYSWBNfTkeAGgJLn8235xJPsvhCbrZyd0DYQASDgqcdAYJWCgIC0B6ABsorBqgHIAQmpAthP_plUwag-qAMByANIqgSXAk_QbbSfopitK5SFt1Tv4cGkaC3j4iEwBVbIVlNJ7YCs-mG4LEZToUbRlNffskIk2RCbZTwEBYuTnx425nWO1H2P62zwuWHtvgi4ya7ds3flIhuGUtJrcI1XjC9Yk40y0zWgfUuiBVbSQqu9YIWzqYK2tZG9LuGHzT686cRrsmjsp0RYbC_je2E5OGjAL8swCzBHYXBEQM2TYWEPnXkdwcMESXTAxHZ70ft3qdKXgOo3U2AvWFnwX4i5Dn3-LfXty4P2xkWDEkQKs5oTTEktk8no8xf-kflaraYklCvwLpD7gK1dQQrZJtU1_GJvYwDWxc9G6QHxA6xH2P0sUADffx6FfQ0H_56urxvcwyheyRNGDRtk5kOSvsAEh4XMoKIEkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB7b1vtUCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQnIsF0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwLQFQGYFgGAFwGyFxwKGggAEhRwdWItMzM0Mjg2OTk5NjI1MjY4NRgA&sigh=qsu0T_Y-tls&uach_m=[UACH]&cid=CAQSOwDq26N9_Y5OmOf-zb0RFccQAeJEH5Wd5JqcerZ4YSotF6GY3l_xtDwKe7HPjbvi-hzBPsX2i8T2Uzp0GAEgEw&template_id=419

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 14 Dec 2022 17:36:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/ Frame 89D9 23 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 08:26:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33035
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 28 Dec 2022 08:26:06 GMT

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame EB80 6 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12406491265686199930/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02ebc319500d29d704855de3d846bbb2479434953bb7b34f533122f432ce33bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 13:12:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15861
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2568
x-xss-protection: 0
server: cafe
etag: 6734328975651772599
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 15 Dec 2022 13:12:20 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame EB80 34 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12406491265686199930/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 19:53:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78215
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 14 Dec 2022 19:53:06 GMT

GET
H3 200 120fb889c9d3d02c8d3dd0555cf62ab3.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12406491265686199930/ Frame EB80 104 KB
30 KB 9ms
8ms Script
application/x-javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12406491265686199930/120fb889c9d3d02c8d3dd0555cf62ab3.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12406491265686199930/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

abf06691088fd3e48eeca737b56e448a96b06b1d7abb1495b634efcc2795aa89

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 10 Dec 2022 03:09:46 GMT
age: 397615
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30375
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 10 Dec 2023 03:09:46 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 08C9 0
104 B 72ms
24ms Image
text/plain 2a02:fa8:8806:16::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEF8J2RFlWn8TFfKc5ZC-YsU&google_cver=1&google_push=AavPq0NzsNA_CKuElwoGUFusptBWDL02NGb0deO_yLC7ch6hSXJBC61d7IhFYKRKariiNCRMf27FveJKyMiJ-HoMj88iijuZpxJuaAs
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:42 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 08C9
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEC663wyntRQkCiiZcMp3Rbo&google_cver=1&google_push=AavPq0OUVhBFG1xedZKXkxa-tF_7NlU4JPG87PnUMPgKBTk6lstn0Do1JCfBNuXj4-LQ8K8GBmryhELJC9HyHLTJnWHCp5DjbvnBDx4
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=F48E42FE088D4A8BAEFE81B9DF6C3E1A&google_push=AavPq0OUVhBFG1xedZKXkxa-tF_7NlU4JPG87PnUMPgKBTk6lstn0Do1JCfBNuXj4-LQ8K8GBmryhELJC9HyHLT...

170 B
188 B

16ms
16ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=F48E42FE088D4A8BAEFE81B9DF6C3E1A&google_push=AavPq0OUVhBFG1xedZKXkxa-tF_7NlU4JPG87PnUMPgKBTk6lstn0Do1JCfBNuXj4-LQ8K8GBmryhELJC9HyHLTJnWHCp5DjbvnBDx4

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 14 Dec 2022 17:36:42 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=F48E42FE088D4A8BAEFE81B9DF6C3E1A&google_push=AavPq0OUVhBFG1xedZKXkxa-tF_7NlU4JPG87PnUMPgKBTk6lstn0Do1JCfBNuXj4-LQ8K8GBmryhELJC9HyHLTJnWHCp5DjbvnBDx4
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Tue, 13 Dec 2022 17:36:42 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 08C9
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEIR-JU2tIDResxZrsjZNn7s&google_cver=1&google_push=AavPq0PSz6M9R9xMgv7eAI6Lj6t7JzkTj7sh3Er9Phi_0Pxq6NKTGIWuBiQaVg98OCz9mE6vjlh263a2uGWSbYQyp...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEIR-JU2tIDResxZrsjZNn7s&google_cver=1&google_push=AavPq0PSz6M9R9xMgv7eAI6Lj6t7JzkTj7sh3Er9Phi_0Pxq6NKTGIWuBiQaVg98OCz9mE6vjlh263a2uGWSbYQyp...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AavPq0PSz6M9R9xMgv7eAI6Lj6t7JzkTj7sh3Er9Phi_0Pxq6NKTGIWuBiQaVg98OCz9mE6vjlh263a2uGWSbYQyp_1rCBY0BM7k96Ld&google_hm=F0NgtGZHZVmbWxIfRy...

170 B
188 B

17ms
17ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AavPq0PSz6M9R9xMgv7eAI6Lj6t7JzkTj7sh3Er9Phi_0Pxq6NKTGIWuBiQaVg98OCz9mE6vjlh263a2uGWSbYQyp_1rCBY0BM7k96Ld&google_hm=F0NgtGZHZVmbWxIfRyKwIWAJ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 14 Dec 2022 17:36:42 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AavPq0PSz6M9R9xMgv7eAI6Lj6t7JzkTj7sh3Er9Phi_0Pxq6NKTGIWuBiQaVg98OCz9mE6vjlh263a2uGWSbYQyp_1rCBY0BM7k96Ld&google_hm=F0NgtGZHZVmbWxIfRyKwIWAJ
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 08C9
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEBGaWrzkmee3wo6lTLA1EME&google_cver=1&google_push=AavPq0OWUculKDqQvQEQBqgmfzJBDeXf4_8_VR3sE8uGOSF3dsnYCEicGaYLnlnpq8rdyBtZAkEwh0y073mdixQw...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AavPq0OWUculKDqQvQEQBqgmfzJBDeXf4_8_VR3sE8uGOSF3dsnYCEicGaYLnlnpq8rdyBtZAkEwh0y073mdixQwnJj_WS85FmxT0C8

170 B
329 B

17ms
17ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AavPq0OWUculKDqQvQEQBqgmfzJBDeXf4_8_VR3sE8uGOSF3dsnYCEicGaYLnlnpq8rdyBtZAkEwh0y073mdixQwnJj_WS85FmxT0C8

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 14 Dec 2022 17:36:41 GMT
via: 1.1 1fd323b9134f7d940dac0d007036a604.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-P5
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AavPq0OWUculKDqQvQEQBqgmfzJBDeXf4_8_VR3sE8uGOSF3dsnYCEicGaYLnlnpq8rdyBtZAkEwh0y073mdixQwnJj_WS85FmxT0C8
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: PKdJrh-xgLY1g1j6GNHuNvJLqMmnlHn-vZqKPpaS8AE8Je__AUObOA==

GET
H/1.1 200
OK sync
ssbsync.smartadserver.com/api/ Frame 08C9 0
75 B 120ms
17ms Image
text/plain 185.86.137.122
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEInWElDnMX4IGth42VZxwPo&google_cver=1&google_push=AavPq0OLudHdrjnMEhx0X8Wm1AzFnjfaQ_igV42TI_CPt47zfygqqH_BOhUHADclMgX6JQXzPpM2NttCZUupq09tEjeEnSDV7stzWrYg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.122 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:42 GMT
content-length: 0

GET
H2

200

/
onetag-sys.com/match/ Frame 08C9
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEIkDgzDXCPCB_QA9LUqiK6U&google_cver=1&google_push=AavPq0MhQtow1SeNGhfJa5CS0DkJ80IFrqttVjNKa5MkRsg3vKLKJQivNvdiBxGRTatdq14fcomdSWdORdz...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AavPq0MhQtow1SeNGhfJa5CS0DkJ80IFrqttVjNKa5MkRsg3vKLKJQivNvdiBxGRTatdq14fcomdSWdORdzETJzwgD_tPz2SdAnMmXhG
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

12ms
8ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:42 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

report
sync.teads.tv/um/ Frame 08C9
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEIfAY1kaK1caMYaK7dldAN4&...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AavPq0MSyKdsG9YeB0dxsl5UHRRKP55Gal8CI_vZm0ZeJQJdYe9OISoi477-2JkSGVJJ-tWEP4YgV7Ek_Wc1XokT5-lE2RfhtODfTLhZAg
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
172 B

57ms
57ms

Image
image/gif

23.218.209.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Server: 23.218.209.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-56.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires: Wed, 14 Dec 2022 17:36:42 GMT
pragma: no-cache
date: Wed, 14 Dec 2022 17:36:42 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:42 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 08C9 0
223 B 68ms
17ms Image
text/html 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KBMU3AfQ6nh3NB1ATR92Ka9N05nQTenHDzEL6ozg1w7VMPRssVGHAN0rBuamogPpAmt4o2bBI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:42 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 css
fonts.googleapis.com/ Frame 7732 8 KB
895 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 14 Dec 2022 17:36:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 14 Dec 2022 17:35:35 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 14 Dec 2022 17:36:41 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 7732 2 KB
774 B 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:12:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 69881
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Dec 2022 22:12:00 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/ Frame 7732 23 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 08:26:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33035
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 28 Dec 2022 08:26:06 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 7732 3 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 16:56:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2412
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 28 Dec 2022 16:56:29 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 7732 18 KB
7 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:04:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70312
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Dec 2022 22:04:49 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7732 153 KB
47 KB 50ms
50ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 14 Dec 2022 17:36:42 GMT

GET
H3 200 148b897ed20242fb53e65c70a8c63c89.js Show response
www.gstatic.com/mysidia/ Frame 7732 34 KB
14 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/148b897ed20242fb53e65c70a8c63c89.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a49f15294007bad4031449fd145bfe309092999eebdb428925aa0403215f56d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 19:37:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 424765
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14307
x-xss-protection: 0
last-modified: Fri, 09 Dec 2022 19:06:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 09 Mar 2023 19:37:16 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 1633 143 B
166 B 7ms
6ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 477
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:28:44 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 89D9 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 16:56:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2412
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 28 Dec 2022 16:56:29 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 207C 1 KB
643 B 8ms
7ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 23705
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 11:01:36 GMT
etag: 48472445140208031
expires: Thu, 15 Dec 2022 11:01:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 89D9 18 KB
7 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:04:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70312
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Dec 2022 22:04:49 GMT

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.27/one-ad/ Frame 7DA3 89 KB
12 KB 69ms
58ms Stylesheet
text/css 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.27/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1jfmzdg8k9kdt4wj16eth0p5896bs4pyvhff1bvew5tfwgqrb4p1akh2st7dzmee3swa74p6acxx7rpgjmsv0yc025qz9t15y72tq0z4er6d0n3v0hrqtd4qvdzpxsytczcfvebvfw9mvtg75ehbcctxt99bxee2azc67ggfwt3w36j7xz4bk3mmq7yhmy8pz7aqgf5xdj8cc71xy5rtjv5jngfgh5ntshw807s7ywdn6g3d0zeyctrtcwbd8wbx4wv4ywch2d0bqrk1bk3yny65vm14h3zt466ys9wdn262kscx955z87qjztrzjnzz2h6cdxay2v8918ktsqd4z3vyb0wk794jt5jwe8c7jgdxa3z78s1rv8w3frc6j8v8y457qktjgd44117hmqztfmc8xatrgxfv2ytgqg8x15y64s7kzvdae&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCQSKGqQmaY_I6zYSWBNfTkeAGkOGBhFy2qMKK8ALAjbcBEAEgAGCVgoCAtAeCARdjYS1wdWItMzM0Mjg2OTk5NjI1MjY4NcgBCakCie4w4T_dsT6oAwGqBIkCT9C7spbmx3gGNYHr5fV1RyPvv1paaXGkRxGHZaD1YWjrDNBafSmeBgkeAOpe0ZmrGQjL70xMDOtcF0ue5GN4yV5LhQ6yD5e-2935CYYcbEoeoPM0t1Afh2BvbuDgcB4-ksg6LMkkktw5-VziOmjTXcWtb4Wlv3caV44aP37OzP4bS8T6uYxvaA9hannZKYvu87hLUJYhwVhLmSzaehoJwS50eGgnesHEWi-QsMbB1DIEqJjig0_5OWdxuO9W4SsgfIMsBrAyyPk3Eyi8yAriX7Vj5QLUVflXyIn2wUKi7vyKqC6nvIpT-3snjNcGI2fh_P2gZpIYiNX2B3Hi5dNCXCkhbsOe1tg3dIAGzoTKq-u7gbpUoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1abPCX73PxGlLA_mPIAOLye8Rayw%26client%3Dca-pub-3342869996252685%26adurl%3D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ab995345cf38f3951bc840ab2c0d043269e700e59f1c6d6cb7fb8946268b358

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1jfmzdg8k9kdt4wj16eth0p5896bs4pyvhff1bvew5tfwgqrb4p1akh2st7dzmee3swa74p6acxx7rpgjmsv0yc025qz9t15y72tq0z4er6d0n3v0hrqtd4qvdzpxsytczcfvebvfw9mvtg75ehbcctxt99bxee2azc67ggfwt3w36j7xz4bk3mmq7yhmy8pz7aqgf5xdj8cc71xy5rtjv5jngfgh5ntshw807s7ywdn6g3d0zeyctrtcwbd8wbx4wv4ywch2d0bqrk1bk3yny65vm14h3zt466ys9wdn262kscx955z87qjztrzjnzz2h6cdxay2v8918ktsqd4z3vyb0wk794jt5jwe8c7jgdxa3z78s1rv8w3frc6j8v8y457qktjgd44117hmqztfmc8xatrgxfv2ytgqg8x15y64s7kzvdae&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCQSKGqQmaY_I6zYSWBNfTkeAGkOGBhFy2qMKK8ALAjbcBEAEgAGCVgoCAtAeCARdjYS1wdWItMzM0Mjg2OTk5NjI1MjY4NcgBCakCie4w4T_dsT6oAwGqBIkCT9C7spbmx3gGNYHr5fV1RyPvv1paaXGkRxGHZaD1YWjrDNBafSmeBgkeAOpe0ZmrGQjL70xMDOtcF0ue5GN4yV5LhQ6yD5e-2935CYYcbEoeoPM0t1Afh2BvbuDgcB4-ksg6LMkkktw5-VziOmjTXcWtb4Wlv3caV44aP37OzP4bS8T6uYxvaA9hannZKYvu87hLUJYhwVhLmSzaehoJwS50eGgnesHEWi-QsMbB1DIEqJjig0_5OWdxuO9W4SsgfIMsBrAyyPk3Eyi8yAriX7Vj5QLUVflXyIn2wUKi7vyKqC6nvIpT-3snjNcGI2fh_P2gZpIYiNX2B3Hi5dNCXCkhbsOe1tg3dIAGzoTKq-u7gbpUoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1abPCX73PxGlLA_mPIAOLye8Rayw%26client%3Dca-pub-3342869996252685%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1670930538
age: 103768
cf-polished: origSize=91628
x-guploader-uploadid: ADPycduR5Ol9pg3grc4HAIdmrbMEndwceyBRaKPEzp4btA3cKENGM-ZcNqNRgrH_pFRA6eQ6LFPYNJBaKno_nvJ48NOr
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 11:22:46 GMT
server: cloudflare
etag: W/"575def06e70febb0cbd25403e37880bf"
vary: Accept-Encoding
x-goog-generation: 1670930566724484
content-type: text/css
x-goog-hash: crc32c=ttlcew==, md5=V13vBucP67DL0lQD43iAvw==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wL%2Bnh8D%2FCPx%2BTNUC0FBf%2FaBJ%2BIUI8bl8gFL%2BSKJG91GzgUouQaOj5XqZege4YJhXtCQTTSEo3rIvs972ZHObeO7LKY0%2FTg0tpdD3KUij7Mtc9xPXamZr0y3YHGjtwSIDMnT52L84Wss%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 91628
cf-ray: 7798b4069bcb9b51-FRA
expires: Wed, 14 Dec 2022 18:36:42 GMT

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame 7DA3 35 KB
12 KB 60ms
37ms Script
application/javascript 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1jfmzdg8k9kdt4wj16eth0p5896bs4pyvhff1bvew5tfwgqrb4p1akh2st7dzmee3swa74p6acxx7rpgjmsv0yc025qz9t15y72tq0z4er6d0n3v0hrqtd4qvdzpxsytczcfvebvfw9mvtg75ehbcctxt99bxee2azc67ggfwt3w36j7xz4bk3mmq7yhmy8pz7aqgf5xdj8cc71xy5rtjv5jngfgh5ntshw807s7ywdn6g3d0zeyctrtcwbd8wbx4wv4ywch2d0bqrk1bk3yny65vm14h3zt466ys9wdn262kscx955z87qjztrzjnzz2h6cdxay2v8918ktsqd4z3vyb0wk794jt5jwe8c7jgdxa3z78s1rv8w3frc6j8v8y457qktjgd44117hmqztfmc8xatrgxfv2ytgqg8x15y64s7kzvdae&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCQSKGqQmaY_I6zYSWBNfTkeAGkOGBhFy2qMKK8ALAjbcBEAEgAGCVgoCAtAeCARdjYS1wdWItMzM0Mjg2OTk5NjI1MjY4NcgBCakCie4w4T_dsT6oAwGqBIkCT9C7spbmx3gGNYHr5fV1RyPvv1paaXGkRxGHZaD1YWjrDNBafSmeBgkeAOpe0ZmrGQjL70xMDOtcF0ue5GN4yV5LhQ6yD5e-2935CYYcbEoeoPM0t1Afh2BvbuDgcB4-ksg6LMkkktw5-VziOmjTXcWtb4Wlv3caV44aP37OzP4bS8T6uYxvaA9hannZKYvu87hLUJYhwVhLmSzaehoJwS50eGgnesHEWi-QsMbB1DIEqJjig0_5OWdxuO9W4SsgfIMsBrAyyPk3Eyi8yAriX7Vj5QLUVflXyIn2wUKi7vyKqC6nvIpT-3snjNcGI2fh_P2gZpIYiNX2B3Hi5dNCXCkhbsOe1tg3dIAGzoTKq-u7gbpUoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1abPCX73PxGlLA_mPIAOLye8Rayw%26client%3Dca-pub-3342869996252685%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9624c9f30634be84a224d007e5df178a51107bff3e456e2a90b504cbf350d190

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 22 Nov 2022 06:17:51 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 127113
etag: W/"49e3b0ffd5e74f27b691e89cf271d672"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mrRtOSLNoCa9Ep8T0SJTtCZTba2d9zxBP18wWKptFuYKuUk6K0JGzDXtQ%2FG7j%2B3MJsgs0Ow20fIjzlPeRLLXAzun8RKqKcY2Vh1z7r3DbFGzh2XDqhRNYcIbENW5iaJ5x3T2jbY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 7798b406a86b5c98-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Tue, 13 Dec 2022 06:18:09 GMT

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/ Frame 99A5 20 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/index.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ba2ea8daf45136819365c897010c0f185d534a7dc553578ec156f9c8db72449e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 408345
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 4754
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 00:10:57 GMT
expires: Sun, 10 Dec 2023 00:10:57 GMT
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 08B7 0
0 48ms
48ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CMiT4qQmaY7uTBMyzlgSqsbyYB4CS5_Nt4cKT7L4Qm62cndA2EAEg4KnHQGCVgoCAtAegAbKKwaoByAEJqQLeEWsQMbyoPqgDAcgDSKoEkwJP0EIr0lYWhlUDlGzo4RDnmr0JRAAV008KTESUJxv_mo0sVFYLeKcXKWoag8fdypvxAjR2xQldtS9ESrk4hIt-iqhWb-UFecdkpbA0fgVFRTcSjsxdqfgqdKyiquZKmly2MLT5w1RfyS0lZ8g6m8uPScuSv0D-fTJQFvb5Mn1Sf8QdgO-W6KsNmWBySthLmrmgH6LRhDdh16Pfp_3m7Ffd-Bkbn7igOV0JbsuQaNs1SWtN2gq0i69EG9F1wEqADSDBTbgZ8HDw82u06rQ6MuFD830I5arHxCJP1XBG3_kn4VdsQFfvWgMJ2pKtbDic0v2TDtibdkAii4tV4o0jtYmkFEo-F-xzViMEpqaDNGGhIShFycAEh4XMoKIEkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB7b1vtUCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQ6LQx0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwLQFQGYFgGAFwGyFxwKGggAEhRwdWItMzM0Mjg2OTk5NjI1MjY4NRgA&sigh=Ap17n6f3TS0&uach_m=[UACH]&cid=CAQSKQDq26N9nuX_CYsB8PV6pciS9Kr-GTh8sEXYH6vt2_0unRmuHQAw3Q58GAEgEw&template_id=419

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=600&slotname=5914239063&adk=2628446172&adf=41369079&pi=t.ma~as.5914239063&w=300&lmt=1671039399&format=300x600&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039399426&bpp=2&bdt=141&idt=222&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&correlator=785032542511&frm=20&pv=2&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1280&ady=-200&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=ryZGqTjP1V&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=246
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 14 Dec 2022 17:36:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/ Frame 08B7 23 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 08:26:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33036
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 28 Dec 2022 08:26:06 GMT

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 99A5 6 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02ebc319500d29d704855de3d846bbb2479434953bb7b34f533122f432ce33bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 13:12:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15862
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2568
x-xss-protection: 0
server: cafe
etag: 6734328975651772599
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 15 Dec 2022 13:12:20 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 99A5 34 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 19:53:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78216
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 14 Dec 2022 19:53:06 GMT

GET
H3 200 120fb889c9d3d02c8d3dd0555cf62ab3.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/ Frame 99A5 104 KB
30 KB 9ms
8ms Script
application/x-javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/120fb889c9d3d02c8d3dd0555cf62ab3.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

abf06691088fd3e48eeca737b56e448a96b06b1d7abb1495b634efcc2795aa89

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 09 Dec 2022 05:49:34 GMT
age: 474428
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30375
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 09 Dec 2023 05:49:34 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 207C
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEAVtMkpS2hrPMW9yV1p2voo&google_cver=1&google_push=ASkJ3FZ4TI0hU_3QbPjKTKajV_D4cDmd-Q0GkAGb8yHAPjgvSqsnkct4SVUCg8Yt_GKpIIZDpCBDGddDXseRbO3a...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ASkJ3FZ4TI0hU_3QbPjKTKajV_D4cDmd-Q0GkAGb8yHAPjgvSqsnkct4SVUCg8Yt_GKpIIZDpCBDGddDXseRbO3addcK2XyfI2yxMB2w

170 B
188 B

18ms
17ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ASkJ3FZ4TI0hU_3QbPjKTKajV_D4cDmd-Q0GkAGb8yHAPjgvSqsnkct4SVUCg8Yt_GKpIIZDpCBDGddDXseRbO3addcK2XyfI2yxMB2w

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 14 Dec 2022 17:36:42 GMT
Server: MT3 213 8a239d6 master cdg-pixel-x10 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ASkJ3FZ4TI0hU_3QbPjKTKajV_D4cDmd-Q0GkAGb8yHAPjgvSqsnkct4SVUCg8Yt_GKpIIZDpCBDGddDXseRbO3addcK2XyfI2yxMB2w
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 14 Dec 2022 17:36:41 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 207C 70 B
265 B 104ms
30ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEJ_Nl2SG0l3tzO_4nJzlK3s&google_cver=1&google_push=ASkJ3FbX35jWuqoVDI1jzWk-YZgkGNQV2asena9AKUB4vpMPtvUSPRn9rfoBuJJ1uOyfMGnrtskxEx1RNi4WgXZfnmR_EG26H86HYd8
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 14 Dec 2022 17:36:42 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 207C
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEKqD3BbzaD27NedQwO4hjj8&google_cver=1&google_push=ASkJ3FYUVDCNkNgeYJEFHinUMGlZ_jHOFUx5fxsEIczYa7bm2Ey9UOyjDXGcs6YC8bpaJqkntbooWsi-6jCDGY...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE3NzA1OTU4MTkyNDQ3Mjk3Ng%3D%3D&google_push=ASkJ3FYUVDCNkNgeYJEFHinUMGlZ_jHOFUx5fxsEIczYa7bm2Ey9UOyjDXGcs6YC8bpaJqkntbooWsi-6jCDGY0QEA...

170 B
188 B

17ms
17ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE3NzA1OTU4MTkyNDQ3Mjk3Ng%3D%3D&google_push=ASkJ3FYUVDCNkNgeYJEFHinUMGlZ_jHOFUx5fxsEIczYa7bm2Ey9UOyjDXGcs6YC8bpaJqkntbooWsi-6jCDGY0QEAyJQ9wkB2Un4Ew

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE3NzA1OTU4MTkyNDQ3Mjk3Ng%3D%3D&google_push=ASkJ3FYUVDCNkNgeYJEFHinUMGlZ_jHOFUx5fxsEIczYa7bm2Ey9UOyjDXGcs6YC8bpaJqkntbooWsi-6jCDGY0QEAyJQ9wkB2Un4Ew
Date: Wed, 14 Dec 2022 17:36:42 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 207C
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEK6DrYP6c7p0g0VPYa8oBuo&google_cver=1&google_push=ASkJ3FZvpvPInRugY7m10txxQPRSbGKa-qgEKKrBNG3ZF87YYOSFU1Wwf5RmhIjNCK3mp3tIsaT8eK8wPT32qeX2SSj8rd0...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEK6DrYP6c7p0g0VPYa8oBuo&google_cver=1&google_push=ASkJ3FZvpvPInRugY7m10txxQPRSbGKa-qgEKKrBNG3ZF87YYOSFU1Wwf5RmhIjNCK3mp3tIsaT8eK8wPT32qeX2SSj8r...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ASkJ3FZvpvPInRugY7m10txxQPRSbGKa-qgEKKrBNG3ZF87YYOSFU1Wwf5RmhIjNCK3mp3tIsaT8eK8wPT32qeX2SSj8rd0ln3JZRUq7

170 B
188 B

19ms
19ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ASkJ3FZvpvPInRugY7m10txxQPRSbGKa-qgEKKrBNG3ZF87YYOSFU1Wwf5RmhIjNCK3mp3tIsaT8eK8wPT32qeX2SSj8rd0ln3JZRUq7

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ASkJ3FZvpvPInRugY7m10txxQPRSbGKa-qgEKKrBNG3ZF87YYOSFU1Wwf5RmhIjNCK3mp3tIsaT8eK8wPT32qeX2SSj8rd0ln3JZRUq7
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 207C
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEAtvhnpCzXITgXJ0cjDtTg&google_cver=1&google_push=ASkJ3FY9bx7DdOJ2LnkhTQaQtdnITxtt4wuA67V9vZYdIz3wJ_HoZ9_pXwULEoQlGqODr5jKE7P...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEJOWFBRUVItMUQtM0xGUw==&google_push=ASkJ3FY9bx7DdOJ2LnkhTQaQtdnITxtt4wuA67V9vZYdIz3wJ_HoZ9_pXwULEoQlGqODr5jKE7PEsuKYN1Q3N9xx6WxP0xtIO8zSQTnr

170 B
188 B

18ms
18ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEJOWFBRUVItMUQtM0xGUw==&google_push=ASkJ3FY9bx7DdOJ2LnkhTQaQtdnITxtt4wuA67V9vZYdIz3wJ_HoZ9_pXwULEoQlGqODr5jKE7PEsuKYN1Q3N9xx6WxP0xtIO8zSQTnr

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEJOWFBRUVItMUQtM0xGUw==&google_push=ASkJ3FY9bx7DdOJ2LnkhTQaQtdnITxtt4wuA67V9vZYdIz3wJ_HoZ9_pXwULEoQlGqODr5jKE7PEsuKYN1Q3N9xx6WxP0xtIO8zSQTnr
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 207C
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEFQjvxepd3XZ0jY8Qb0qpQY&google_cver=1&google_push=ASkJ3Fbzb2dbpk6nadP8zo43mSDv-GkDpie0XT9zqNUgo1UOilYOpF6ge4x_44wwpBTKVXdQ2F...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEFQjvxepd3XZ0jY8Qb0qpQY&google_cver=1&google_push=ASkJ3Fbzb2dbpk6nadP8zo43mSDv-GkDpie0XT9zqNUgo1UOilYOpF6ge4x_44wwpBTKVXdQ2F...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1MUjRWRWt4RTJ1SEFkRTBnMVgzTmVuQmMxT09yWjVHdH5B&google_push=ASkJ3Fbzb2dbpk6nadP8zo43mSDv-GkDpie0XT9zqNUgo1UOilYOpF6ge...

170 B
188 B

17ms
17ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1MUjRWRWt4RTJ1SEFkRTBnMVgzTmVuQmMxT09yWjVHdH5B&google_push=ASkJ3Fbzb2dbpk6nadP8zo43mSDv-GkDpie0XT9zqNUgo1UOilYOpF6ge4x_44wwpBTKVXdQ2FfUdGtVLVe96DLFP_JikS6jtkrCnCed

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1MUjRWRWt4RTJ1SEFkRTBnMVgzTmVuQmMxT09yWjVHdH5B&google_push=ASkJ3Fbzb2dbpk6nadP8zo43mSDv-GkDpie0XT9zqNUgo1UOilYOpF6ge4x_44wwpBTKVXdQ2FfUdGtVLVe96DLFP_JikS6jtkrCnCed
date: Wed, 14 Dec 2022 17:36:42 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 207C
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESELrqM-Qh2...
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESELr...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=25d7f847-571f-40bf-aef3-d0f2ffd887e9&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

17ms
17ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=25d7f847-571f-40bf-aef3-d0f2ffd887e9&%%GOOGLE_PUSH_PAIR%%

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=25d7f847-571f-40bf-aef3-d0f2ffd887e9&%%GOOGLE_PUSH_PAIR%%
date: Wed, 14 Dec 2022 17:36:42 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 207C 0
12 B 15ms
15ms Image
text/html 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Lgii_k1rJLpCZ5WeMXfwdT0vogr1BDJfQL6M-wMuqCZH5R2_6Gq9m9W2TDBBHCMa5cqt0e4eA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:42 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7130 143 B
166 B 8ms
7ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 478
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:28:44 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 66C1 1 KB
643 B 7ms
7ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 23706
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 11:01:36 GMT
etag: 48472445140208031
expires: Thu, 15 Dec 2022 11:01:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame EB80 6 KB
730 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Raleway:700|IBM+Plex+Sans+Condensed:500i|IBM+Plex+Sans+Condensed:500|IBM+Plex+Sans+Condensed:600

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12406491265686199930/120fb889c9d3d02c8d3dd0555cf62ab3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

78631aa2658006d43b70adcf42bfef831d29315d91bfe9e67bb4acd5f9b349e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 14 Dec 2022 17:36:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 14 Dec 2022 16:37:41 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 14 Dec 2022 17:36:42 GMT

GET
H3 200 7296e22ca20ac6472628647a52a912af.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12406491265686199930/media/ Frame EB80 9 KB
9 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12406491265686199930/media/7296e22ca20ac6472628647a52a912af.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12406491265686199930/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6847a453292f6db177d022b32b68ec91da611dd1bc18c6e33d26ed726339bc60

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Fri, 09 Dec 2022 15:18:00 GMT
x-content-type-options: nosniff
age: 440322
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8880
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 09 Dec 2023 15:18:00 GMT

GET
H3 200 0eeebe2aab7fa2fb99c2a447383fb9a6.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12406491265686199930/media/ Frame EB80 9 KB
9 KB 10ms
9ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12406491265686199930/media/0eeebe2aab7fa2fb99c2a447383fb9a6.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12406491265686199930/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a842670e0c9a10d0c42dc6de87889c6b9de065232e6bf125d5ca43a163f6d9fd

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Fri, 09 Dec 2022 14:43:50 GMT
x-content-type-options: nosniff
age: 442372
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9647
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 09 Dec 2023 14:43:50 GMT

GET
H3 404 undefinedz9njpo
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12406491265686199930/ Frame EB80 43 B
69 B 433ms
433ms Image
image/gif 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12406491265686199930/undefinedz9njpo

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12406491265686199930/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:42 GMT
x-content-type-options: nosniff
server: sffe
x-dns-prefetch-control: off
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Wed, 14 Dec 2022 17:36:42 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame EB6F 143 B
166 B 11ms
10ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=600&slotname=5914239063&adk=2628446172&adf=41369079&pi=t.ma~as.5914239063&w=300&lmt=1671039399&format=300x600&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039399426&bpp=2&bdt=141&idt=222&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&correlator=785032542511&frm=20&pv=2&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1280&ady=-200&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=ryZGqTjP1V&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=246
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 478
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:28:44 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 08B7 3 KB
1 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 16:56:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2413
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 28 Dec 2022 16:56:29 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 08B7 18 KB
7 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:04:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70313
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Dec 2022 22:04:49 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 1633
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

16ms
15ms

Document
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:36:42 GMT
expires: Wed, 14 Dec 2022 17:36:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:36:42 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 l
www.google.com/ads/measurement/ Frame 89D9 0
0 23ms
18ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR_VXmFzfB963ns5w6_jKj_CCIWpuWQOVabQJkqtRDfuyqa74LK1tZrRzGEIEX3cY8iyJYquQl87A5swq3o3jUuxAdaFQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 89D9 153 KB
47 KB 20ms
15ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 14 Dec 2022 17:36:42 GMT

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/ Frame 5CEC 20 KB
5 KB 8ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1aae23a1a146a8276a47a9aaa6b54f499f8f433d9acf7ae65920fd168de57e42

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 408738
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 4695
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 00:04:24 GMT
expires: Sun, 10 Dec 2023 00:04:24 GMT
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 83B1 0
0 53ms
53ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cwj7gqQmaY8mCBNqGlgSsiqTYBoCS5_NtmcaT7L4Qm62cndA2EAEg4KnHQGCVgoCAtAegAbKKwaoByAEJqQLYT_6ZVMGoPqgDAcgDSKoElgJP0AF9hlkSlElqDXH5PfObCDvkwN0Sa4m6rum4AcoFxwXtKfMDBiM_kOJef97-HEfvlfKVh52TOCd2m2PeH2Yv5lM9UEcjcK6WuKNA5wkj3NDITU0lW1OOcoNaUQZlwQnoASfrQT7TQOkWQdBXHdW3--e-8wr45Ct033XCctZMLmx1WWRDqCdyjiXFuBurVaC074X6tsoqsnKbUOUIqGv3FruokaCUKlgNBZFxyjhlrk5RvYIWazkj-IPUf_puGmW9X69lBD1aWit-X9qZ5WwHYuDU2m5vtIJ8HE8jOevveGLBqFFfB0_hcFMcwWfmPOEvTNEeQaklakZcP4rrcQgOSPIn24LC2pIEjQPQydZq_pgczjs_GcAEh4XMoKIEkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB7b1vtUCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQnu4F0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwLQFQGYFgGAFwGyFxwKGggAEhRwdWItMzM0Mjg2OTk5NjI1MjY4NRgA&sigh=-Oq2siw9Pm8&uach_m=[UACH]&cid=CAQSOwDq26N9vBZtb4cVXk4O9hlZV9KtAAQHOYozTnpQGRz0vRuVP2D_V0zCY_rJSDDZk5_nl-qWdZ_cOMMZGAEgEw&template_id=419

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=6456950493&adk=2183795468&adf=442814120&pi=t.ma~as.6456950493&w=872&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=872x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400849&bpp=6&bdt=1564&idt=6&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=518&ady=303&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=O4ozOqXuLN&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=11
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 14 Dec 2022 17:36:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/ Frame 83B1 23 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=6456950493&adk=2183795468&adf=442814120&pi=t.ma~as.6456950493&w=872&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=872x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400849&bpp=6&bdt=1564&idt=6&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=518&ady=303&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=O4ozOqXuLN&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=11

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 08:26:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33036
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 28 Dec 2022 08:26:06 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 83B1 3 KB
1 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 16:56:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2413
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 28 Dec 2022 16:56:29 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/ Frame 83B1 18 KB
7 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 22:04:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70313
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Dec 2022 22:04:49 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 83B1 153 KB
47 KB 35ms
34ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 14 Dec 2022 17:36:42 GMT

GET
DATA 200
OK truncated
/ Frame 89D9 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 86e9f0cb107b108b8f2fe7307cc87e0e928639b6ca9cde88375b5522af242bf3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame 08B7 0
20 B 44ms
44ms Other
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPuLoO_S-fsCFcyZhQodqhgPcw&gqi=qQmaY-GyA-W2nsEP2Pi6qAk&layout=/sadbundle/%24csp%253Der3%24/16841678510429673680/index.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 5CEC 6 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02ebc319500d29d704855de3d846bbb2479434953bb7b34f533122f432ce33bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 13:12:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15862
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2568
x-xss-protection: 0
server: cafe
etag: 6734328975651772599
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 15 Dec 2022 13:12:20 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 5CEC 34 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 19:53:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78216
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 14 Dec 2022 19:53:06 GMT

GET
H3 200 120fb889c9d3d02c8d3dd0555cf62ab3.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/ Frame 5CEC 104 KB
30 KB 8ms
8ms Script
application/x-javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/120fb889c9d3d02c8d3dd0555cf62ab3.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

abf06691088fd3e48eeca737b56e448a96b06b1d7abb1495b634efcc2795aa89

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 09 Dec 2022 05:22:45 GMT
age: 476037
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30375
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 09 Dec 2023 05:22:45 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 99A5 6 KB
730 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Raleway:700|IBM+Plex+Sans+Condensed:500i|IBM+Plex+Sans+Condensed:500|IBM+Plex+Sans+Condensed:600

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/120fb889c9d3d02c8d3dd0555cf62ab3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

78631aa2658006d43b70adcf42bfef831d29315d91bfe9e67bb4acd5f9b349e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 14 Dec 2022 17:36:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 14 Dec 2022 17:07:12 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 14 Dec 2022 17:36:42 GMT

GET
H3 200 5f95c1cc2919a9df28388531193350bf.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/media/ Frame 99A5 27 KB
27 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/media/5f95c1cc2919a9df28388531193350bf.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1bf984fa8148b2e414f2ae7d828c483accdd0426ad8cb1883280a2c801cedae5

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Fri, 09 Dec 2022 10:32:30 GMT
x-content-type-options: nosniff
age: 457452
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28070
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 09 Dec 2023 10:32:30 GMT

GET
H3 200 24e8b2c8dde80786640a2d9b9270037d.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/media/ Frame 99A5 30 KB
30 KB 9ms
8ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/media/24e8b2c8dde80786640a2d9b9270037d.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

764a79d7e8c4a84d8286fd262e201b8dc9ce28ef0f7650efefbcd5c1f6f61efc

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Fri, 09 Dec 2022 03:52:18 GMT
x-content-type-options: nosniff
age: 481464
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30583
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 09 Dec 2023 03:52:18 GMT

GET
H3 404 undefinedz9njpo
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/ Frame 99A5 43 B
69 B 127ms
127ms Image
image/gif 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/undefinedz9njpo

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:42 GMT
x-content-type-options: nosniff
server: sffe
x-dns-prefetch-control: off
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Wed, 14 Dec 2022 17:36:42 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 66C1 35 B
464 B 54ms
9ms Image
image/gif 2620:116:800d:21:e365:4988:e8a7:3270
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJgo3wEhctGHT0uwAgKUlHk&google_cver=1&google_push=AavPq0PZOc--RZFSW444KhdmguATx-11Mjohlslx-9h7CYDTACcsvU4_1YCqA3rxiE2jEui02J32zGK3JE5kReyvG_FV5lSCzMTOAmmG5KPTQtEfzz0T_QQ1J67ZpsWdexNxwPT097JE4plxJA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:e365:4988:e8a7:3270 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:42 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 66C1
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEC663wyntRQkCiiZcMp3Rbo&google_cver=1&google_push=AavPq0NKW1EYnXCYJS8om3-wWrRIHuoilh8vogGXIcy_FJFnsqMV2EORvscu7DKG59kli7eEGXbPUPk3YIs7sepm8xWVMm_1EM49SW...
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=F48E42FE088D4A8BAEFE81B9DF6C3E1A&google_push=AavPq0NKW1EYnXCYJS8om3-wWrRIHuoilh8vogGXIcy_FJFnsqMV2EORvscu7DKG59kli7eEGXbPUPk3YIs7sep...

170 B
188 B

20ms
19ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=F48E42FE088D4A8BAEFE81B9DF6C3E1A&google_push=AavPq0NKW1EYnXCYJS8om3-wWrRIHuoilh8vogGXIcy_FJFnsqMV2EORvscu7DKG59kli7eEGXbPUPk3YIs7sepm8xWVMm_1EM49SWeXS_4XkvESqS_A-YToey01652Dos6_eDoZcpmMoi1saw

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 14 Dec 2022 17:36:42 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=F48E42FE088D4A8BAEFE81B9DF6C3E1A&google_push=AavPq0NKW1EYnXCYJS8om3-wWrRIHuoilh8vogGXIcy_FJFnsqMV2EORvscu7DKG59kli7eEGXbPUPk3YIs7sepm8xWVMm_1EM49SWeXS_4XkvESqS_A-YToey01652Dos6_eDoZcpmMoi1saw
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Tue, 13 Dec 2022 17:36:42 GMT

GET
H2 451 466606.gif
id.rlcdn.com/ Frame 66C1 0
98 B 55ms
18ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DAavPq0O8JuPZCNPHCEHw39LiI1ueZEMe7dSoYORiHupKSh8wZb5-tv_IisAiwdiDQu_M-UfSPeGHfXi34LXQUWp42VkD9ky7uVWzVv9zuZu-qj6s5ixSpND4d-gjuPniyWmkue9A_vcjBYzyGA&google_gid=CAESEC2N2cP-za2wuzaJwMvKL2U&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:42 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 66C1
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEKqD3BbzaD27NedQwO4hjj8&google_cver=1&google_push=AavPq0Mq5fu7ojdGGAiDRywLr9XRKNHE4ndtr9fgvNSnyc8_jQyjNidIb_70PToNM9PjlzJE11tWyRPZ-0zSFN...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE3NzA1OTU4MTkyNDQ3Mjk3Ng%3D%3D&google_push=AavPq0Mq5fu7ojdGGAiDRywLr9XRKNHE4ndtr9fgvNSnyc8_jQyjNidIb_70PToNM9PjlzJE11tWyRPZ-0zSFNZLLv...

170 B
188 B

17ms
16ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE3NzA1OTU4MTkyNDQ3Mjk3Ng%3D%3D&google_push=AavPq0Mq5fu7ojdGGAiDRywLr9XRKNHE4ndtr9fgvNSnyc8_jQyjNidIb_70PToNM9PjlzJE11tWyRPZ-0zSFNZLLvGoD8_s-cfwQHQUgWHVDAtVJdUhyfJhgNZXSeqeB2agF6qBNFuLH7Hg

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE3NzA1OTU4MTkyNDQ3Mjk3Ng%3D%3D&google_push=AavPq0Mq5fu7ojdGGAiDRywLr9XRKNHE4ndtr9fgvNSnyc8_jQyjNidIb_70PToNM9PjlzJE11tWyRPZ-0zSFNZLLvGoD8_s-cfwQHQUgWHVDAtVJdUhyfJhgNZXSeqeB2agF6qBNFuLH7Hg
Date: Wed, 14 Dec 2022 17:36:42 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 66C1
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEN...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AavPq0POVq8-VFDzDSzzDAtJdlw7N_8LT-otFkU0wWWKw9yd3evfbuXDOt24n66cjQRzDYrsGLPaxE6HIIY-V9s6QvmKci17q8Ujo-_6GgRuNel8LAc0q-69_53tonnGQIq...
https://sync.targeting.unrulymedia.com/csync/RX-648117c9-225b-481a-9979-259d7dfd0bc7-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAavPq0POVq8-VFDzDSzzDAtJd...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AavPq0POVq8-VFDzDSzzDAtJdlw7N_8LT-otFkU0wWWKw9yd3evfbuXDOt24n66cjQRzDYrsGLPaxE6HIIY-V9s6QvmKci17q8Ujo-_6GgRuNel8LAc0q-69_53tonnGQIqPx6ii...

170 B
188 B

22ms
22ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AavPq0POVq8-VFDzDSzzDAtJdlw7N_8LT-otFkU0wWWKw9yd3evfbuXDOt24n66cjQRzDYrsGLPaxE6HIIY-V9s6QvmKci17q8Ujo-_6GgRuNel8LAc0q-69_53tonnGQIqPx6ii8-UWh8Sb&google_hm=A2SBF8kiW0gamXklnX39C8c

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AavPq0POVq8-VFDzDSzzDAtJdlw7N_8LT-otFkU0wWWKw9yd3evfbuXDOt24n66cjQRzDYrsGLPaxE6HIIY-V9s6QvmKci17q8Ujo-_6GgRuNel8LAc0q-69_53tonnGQIqPx6ii8-UWh8Sb&google_hm=A2SBF8kiW0gamXklnX39C8c
date: Wed, 14 Dec 2022 17:36:42 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX648117c9225b481a9979259d7dfd0bc7003
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 66C1
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEDswE7aqfqniaKe0RL0d1Ts&google_cver=1&google_push=AavPq0MYMEWnzOE8y7ZRs-JNCTl_aUC7LaALq6cIyokLMGdu6alyWb0aMAmfa4bEsWER591AVS5cYABSuE3R3avwziTiBFIMxT...
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AavPq0MYMEWnzOE8y7ZRs-JNCTl_aUC7LaALq6cIyokLMGdu6alyWb0aMAmfa4bEsWER591AVS5cYABSuE3R3avwziTiBFIMxTj...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjY5NTk0Mjg1NzYyNjExOTkyNjk0NA%3D%3D&google_push=AavPq0MYMEWnzOE8y7ZRs-JNCTl_aUC7LaALq6cIyokLMGdu6alyWb0a...

170 B
188 B

21ms
21ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjY5NTk0Mjg1NzYyNjExOTkyNjk0NA%3D%3D&google_push=AavPq0MYMEWnzOE8y7ZRs-JNCTl_aUC7LaALq6cIyokLMGdu6alyWb0aMAmfa4bEsWER591AVS5cYABSuE3R3avwziTiBFIMxTjJ3GO2avm2rWzjNrHsIDug5nu0oR4sBQu7bZwtf1Iv7hgL

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjY5NTk0Mjg1NzYyNjExOTkyNjk0NA%3D%3D&google_push=AavPq0MYMEWnzOE8y7ZRs-JNCTl_aUC7LaALq6cIyokLMGdu6alyWb0aMAmfa4bEsWER591AVS5cYABSuE3R3avwziTiBFIMxTjJ3GO2avm2rWzjNrHsIDug5nu0oR4sBQu7bZwtf1Iv7hgL
date: Wed, 14 Dec 2022 17:36:42 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

report
sync.teads.tv/um/ Frame 66C1
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEIfAY1kaK1caMYaK7dldAN4&...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AavPq0MnDEtIaE52VxgPIp9avYuqUIaEWOkG3IZHp-pOjqIwc3GSm9n0MfJegOUzsrcAFSPWQwzUDBPc2lozTE2dvisZA20FyMZ38gVrPuw80dMNLIxXm...
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
172 B

32ms
32ms

Image
image/gif

23.218.209.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/
Protocol: H2
Server: 23.218.209.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-56.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires: Wed, 14 Dec 2022 17:36:42 GMT
pragma: no-cache
date: Wed, 14 Dec 2022 17:36:42 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:42 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 66C1 0
12 B 18ms
15ms Image
text/html 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IhxaWaFTU3jd-6tWL7qFlacvrdXNcKbMApQGlAboUlY28fa_43bnrNbJNM8UHqZbNX_I-mxA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:42 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame 485D 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 31bbffee7e9e057e1b6a1c0e2b2af2eacaf9604d3fa1202dba460efa29b3da2c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D5FC 143 B
166 B 8ms
7ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=6456950493&adk=2183795468&adf=442814120&pi=t.ma~as.6456950493&w=872&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=872x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400849&bpp=6&bdt=1564&idt=6&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=518&ady=303&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=O4ozOqXuLN&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=11
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 478
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:28:44 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7130
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

17ms
17ms

Document
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:36:42 GMT
expires: Wed, 14 Dec 2022 17:36:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:36:42 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame 7DA3 3 KB
4 KB 80ms
50ms Image
image/png 2606:4700:20::681a:71b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.27/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:71b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 27943684
x-guploader-uploadid: ADPycdvuqSd5z7x-P6zciDvJguhfevnTZzPv-sFvdv4VVTj2cCVUndir5fZqBzjNPOlq80uW-sAFhIkV33WDoT1aRSnwIseHrQ
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3262
x-goog-meta-
last-modified: Wed, 09 Jun 2021 12:35:14 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
vary: Accept-Encoding
x-goog-generation: 1623242114099744
content-type: image/png
x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
cache-control: public, max-age=31536000, immutable
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wjBcGqvDI%2FPK1MSgvBwHivk2I5HB8FAqkM7yBeCru8qMkxD%2Bi1C2g0VYYPAkruBReIe%2BfvJKcb3nXoJMje9C0Co58zRbkcAfx1UhQeTKETztBaqlHPKcCgBAZzTBkXt3OD8gXvcSVZMTkeeex%2FfnWeVi"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 7798b4089851695d-FRA
expires: Wed, 25 Jan 2023 07:28:38 GMT

GET
H3 200 Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js Show response
pagead2.googlesyndication.com/bg/ Frame F5C3 36 KB
16 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

264edf8b1a4e2c1a8fb3c2e5d422381c5ca291ea2697b51bfd8da36697b977fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:17:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1138
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15923
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Dec 2023 17:17:44 GMT

GET
H3 200 frame.html Show response
ad4m.at/ Frame DD51 2 KB
1 KB 27ms
26ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1546288
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=3600
cf-cache-status: HIT
cf-ray: 7798b4086f3a9b51-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Wed, 14 Dec 2022 17:36:42 GMT
expires: Wed, 26 Oct 2022 23:22:52 GMT
last-modified: Thu, 25 Aug 2022 14:12:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z4yiI4DXCDKjR2ORkH8aq%2FK72yHfjV4j928aQoDsezCcIwpTwjBW7WY3VLlUTRje1durmJinEN57OXqrbUBrjC1WMS6lUCnbQmU2qHuuAEs%2FChpbrp6vZdIYRAVzp%2Bkkm3x%2BBNA%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3 200 14986c7a3fcbf331142efc1cfe3dea91.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/media/ Frame D7CD 31 KB
31 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/media/14986c7a3fcbf331142efc1cfe3dea91.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f806647f88d37d884d78bdfa4bd50754cb4d3dcd8fc52c2a82ffc11e6350cfb

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Fri, 09 Dec 2022 19:23:39 GMT
x-content-type-options: nosniff
age: 425583
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31561
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 09 Dec 2023 19:23:39 GMT

GET
H3 200 28f5d8da66c1978538f89b2583693dfa.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/media/ Frame D7CD 40 KB
40 KB 8ms
7ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/media/28f5d8da66c1978538f89b2583693dfa.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fab16292a66e362f856092e0fb1fe26eeec7c620fbbfa383c7ebf7d77be81d8f

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Fri, 09 Dec 2022 03:47:31 GMT
x-content-type-options: nosniff
age: 481751
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41214
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 09 Dec 2023 03:47:31 GMT

GET
H2 200 Gg8gN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHY527LvspYY.woff2
fonts.gstatic.com/s/ibmplexsanscondensed/v13/ Frame D7CD 18 KB
18 KB 34ms
10ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsanscondensed/v13/Gg8gN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHY527LvspYY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:700|IBM+Plex+Sans+Condensed:500i|IBM+Plex+Sans+Condensed:500|IBM+Plex+Sans+Condensed:600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b4f873f3371bd426336178dfe982cf8366df7592c21738d0e1261e67a0cb2e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 20:48:04 GMT
x-content-type-options: nosniff
age: 420518
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18688
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:21:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Dec 2023 20:48:04 GMT

GET
H2 200 Gg8gN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHY5a67vspYY.woff2
fonts.gstatic.com/s/ibmplexsanscondensed/v13/ Frame D7CD 18 KB
19 KB 31ms
8ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsanscondensed/v13/Gg8gN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHY5a67vspYY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:700|IBM+Plex+Sans+Condensed:500i|IBM+Plex+Sans+Condensed:500|IBM+Plex+Sans+Condensed:600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71fe56560b9eba788c8ff58e084f24ca95ff3b89aff510345fab96de36ec8101

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 12 Dec 2022 17:51:13 GMT
x-content-type-options: nosniff
age: 171929
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18740
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:21:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Dec 2023 17:51:13 GMT

GET
H2 200 Gg8iN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHYas8F_olYQtEw.woff2
fonts.gstatic.com/s/ibmplexsanscondensed/v13/ Frame D7CD 20 KB
20 KB 42ms
19ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsanscondensed/v13/Gg8iN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHYas8F_olYQtEw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:700|IBM+Plex+Sans+Condensed:500i|IBM+Plex+Sans+Condensed:500|IBM+Plex+Sans+Condensed:600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

09591867279cfa308e6366b2d6be5033904ef3de3c86b6f89cbe47e3022b7d99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 12:05:28 GMT
x-content-type-options: nosniff
age: 451874
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20496
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:21:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Dec 2023 12:05:28 GMT

GET
H2 200 1Ptxg8zYS_SKggPN4iEgvnHyvveLxVs9pbCIPrE.woff2
fonts.gstatic.com/s/raleway/v28/ Frame D7CD 21 KB
21 KB 39ms
16ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/raleway/v28/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVs9pbCIPrE.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:700|IBM+Plex+Sans+Condensed:500i|IBM+Plex+Sans+Condensed:500|IBM+Plex+Sans+Condensed:600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80f4e592fb822c98ea06e6553fbb20d8c6161644a39de94baaa9c448c6aba20a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 12 Dec 2022 23:13:56 GMT
x-content-type-options: nosniff
age: 152566
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21440
x-xss-protection: 0
last-modified: Mon, 18 Jul 2022 19:57:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Dec 2023 23:13:56 GMT

POST
H3 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame 83B1 0
20 B 45ms
44ms Other
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIn7n-_S-fsCFVqDhQodLAUJaw&gqi=qQmaY_S2A8L8nsEP7-6F0Ak&layout=/sadbundle/%24csp%253Der3%24/14674112099215987585/index.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame EB6F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

18ms
17ms

Document
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:36:42 GMT
expires: Wed, 14 Dec 2022 17:36:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:36:42 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 485D 0
17 B 50ms
50ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CUmZNqQmaY_I6zYSWBNfTkeAGkOGBhFy2qMKK8ALAjbcBEAEgAGCVgoCAtAeCARdjYS1wdWItMzM0Mjg2OTk5NjI1MjY4NcgBCakCie4w4T_dsT6oAwGqBIYCT9C7spbmx3gGNYHr5fV1RyPvv1paaXGkRxGHZaD1YWjrDNBafSmeBgkeAOpe0ZmrGQjL70xMDOtcF0ue5GN4yV5LhQ6yD5e-2935CYYcbEoeoPM0t1Afh2BvbuDgcB4-ksg6LMkkktw5-VziOmjTXcWtb4Wlv3caV44aP37OzP4bS8T6uYxvaA9hannZKYvu87hLUJYhwVhLmSzaehoJwS50eGgnesHEWi-QsMbB1DIEqJjig0_5OWdxuO9W4SsgfIMsBrAyyPk3Eyi8yAriX7Vj5QLUVflXyIn2wUKi7vzIqg81a3PUu7OgxEHcavUTxemqy5g2kAh2xThwHUdccDH0slzeHoAGzoTKq-u7gbpUoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQIAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi0zMzQyODY5OTk2MjUyNjg1GAA&sigh=7IgU0--Q9Sg&uach_m=[UACH]&cid=CAQSOwDq26N9_Y5OmOf-zb0RFccQAeJEH5Wd5JqcerZ4YSotF6GY3l_xtDwKe7HPjbvi-hzBPsX2i8T2Uzp0GAEgEw&vis=1

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 14 Dec 2022 17:36:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame 485D 0
103 B 42ms
17ms Image
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1j9s6fzw45wqtdqsc2s40c4ddj07tv9j3hf3r89yv40na116gqx10mxz4nkjxd5w6wexeywb8rhzjj7fjw25ef1z4c1gre2xyax4fbmnxr34gshz76p42afakm9sf2zmvkwssk6h1kck5fz3zt3bj8p1scyb12e9ty1n03kd36hdn6c65bs442cc4t4p9xzd8p82hy6gzh5ctd9kp7x1cyz7bnpqv861kate9f3taybccx8aag9stj98gm60fks2zskq8pbjf4zmxpysfmep7wsqpm1fng1ca4ackcq8df0c0pwfw5c78n7jt1ffsckb4kf9y2xknmyp93pkwth4fwzb7skfmv8rxh9xe24nfvwwnt1wjfkg5pp4873v18p1h5cwd5a5tr&b=Y5oJqQAAHXIKhYJNAARp17wvCB47ZlKPl9n_yA
Requested by: Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 14 Dec 2022 17:36:42 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
DATA 200
OK truncated
/ Frame 83B1 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d249cd7a84fd9b3953a5d49e8a1ea195bcbcbc17e82fbf730bc274102881d7cb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 l
www.google.com/ads/measurement/ Frame 08B7 0
0 15ms
14ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSIfQrzVp9Yai51SQguKlQQzqngJjMHhTxPZOSeSXHaJUYwcw4H8yHryX5bHCGkGtmLlhaQcBo3bB7SKsHbYKdEgACAfA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=600&slotname=5914239063&adk=2628446172&adf=41369079&pi=t.ma~as.5914239063&w=300&lmt=1671039399&format=300x600&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039399426&bpp=2&bdt=141&idt=222&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&correlator=785032542511&frm=20&pv=2&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1280&ady=-200&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=ryZGqTjP1V&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=246
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 08B7 153 KB
47 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 14 Dec 2022 17:36:42 GMT

GET
DATA 200
OK truncated
/ Frame 08B7 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fc69849dade6a39bee991117d3834376a23684146ae8b3ddbeeb03967c1fdc5b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Gg8gN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHY527LvspYY.woff2
fonts.gstatic.com/s/ibmplexsanscondensed/v13/ Frame 99A5 18 KB
18 KB 28ms
13ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsanscondensed/v13/Gg8gN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHY527LvspYY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:700|IBM+Plex+Sans+Condensed:500i|IBM+Plex+Sans+Condensed:500|IBM+Plex+Sans+Condensed:600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b4f873f3371bd426336178dfe982cf8366df7592c21738d0e1261e67a0cb2e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 20:48:04 GMT
x-content-type-options: nosniff
age: 420518
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18688
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:21:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Dec 2023 20:48:04 GMT

GET
H3 200 Gg8gN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHY5a67vspYY.woff2
fonts.gstatic.com/s/ibmplexsanscondensed/v13/ Frame 99A5 18 KB
18 KB 23ms
8ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsanscondensed/v13/Gg8gN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHY5a67vspYY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:700|IBM+Plex+Sans+Condensed:500i|IBM+Plex+Sans+Condensed:500|IBM+Plex+Sans+Condensed:600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71fe56560b9eba788c8ff58e084f24ca95ff3b89aff510345fab96de36ec8101

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 12 Dec 2022 17:51:13 GMT
x-content-type-options: nosniff
age: 171929
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18740
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:21:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Dec 2023 17:51:13 GMT

GET
H3 200 Gg8iN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHYas8F_olYQtEw.woff2
fonts.gstatic.com/s/ibmplexsanscondensed/v13/ Frame 99A5 20 KB
20 KB 26ms
11ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsanscondensed/v13/Gg8iN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHYas8F_olYQtEw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:700|IBM+Plex+Sans+Condensed:500i|IBM+Plex+Sans+Condensed:500|IBM+Plex+Sans+Condensed:600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

09591867279cfa308e6366b2d6be5033904ef3de3c86b6f89cbe47e3022b7d99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 12:05:28 GMT
x-content-type-options: nosniff
age: 451874
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20496
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:21:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Dec 2023 12:05:28 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D5FC
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

25ms
24ms

Document
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:36:42 GMT
expires: Wed, 14 Dec 2022 17:36:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:36:42 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 14986c7a3fcbf331142efc1cfe3dea91.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/media/ Frame 5CEC 31 KB
31 KB 11ms
11ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/media/14986c7a3fcbf331142efc1cfe3dea91.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/120fb889c9d3d02c8d3dd0555cf62ab3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f806647f88d37d884d78bdfa4bd50754cb4d3dcd8fc52c2a82ffc11e6350cfb

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Fri, 09 Dec 2022 19:23:39 GMT
x-content-type-options: nosniff
age: 425583
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31561
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 09 Dec 2023 19:23:39 GMT

GET
H3 200 28f5d8da66c1978538f89b2583693dfa.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/media/ Frame 5CEC 40 KB
40 KB 12ms
12ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/media/28f5d8da66c1978538f89b2583693dfa.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/120fb889c9d3d02c8d3dd0555cf62ab3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fab16292a66e362f856092e0fb1fe26eeec7c620fbbfa383c7ebf7d77be81d8f

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Fri, 09 Dec 2022 03:47:31 GMT
x-content-type-options: nosniff
age: 481751
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41214
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 09 Dec 2023 03:47:31 GMT

GET
H3 404 undefinedz9njpo
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/ Frame 5CEC 43 B
69 B 387ms
386ms Image
image/gif 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/undefinedz9njpo

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/120fb889c9d3d02c8d3dd0555cf62ab3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:42 GMT
x-content-type-options: nosniff
server: sffe
x-dns-prefetch-control: off
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Wed, 14 Dec 2022 17:36:42 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 5CEC 6 KB
730 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Raleway:700|IBM+Plex+Sans+Condensed:500i|IBM+Plex+Sans+Condensed:500|IBM+Plex+Sans+Condensed:600

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/120fb889c9d3d02c8d3dd0555cf62ab3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

78631aa2658006d43b70adcf42bfef831d29315d91bfe9e67bb4acd5f9b349e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 14 Dec 2022 17:36:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 14 Dec 2022 15:50:27 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 14 Dec 2022 17:36:42 GMT

GET
H3 200 Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js Show response
pagead2.googlesyndication.com/bg/ Frame D7CD 36 KB
16 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

264edf8b1a4e2c1a8fb3c2e5d422381c5ca291ea2697b51bfd8da36697b977fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:17:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1138
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15923
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Dec 2023 17:17:44 GMT

POST
H3 200 rs Show response
ad4m.at/ Frame 7DA3 2 KB
2 KB 34ms
33ms XHR
text/plain 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4448f8a1508bb549fb080886b2b6b7f0672bc18bf1830b07357058073b997957

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 14 Dec 2022 17:36:42 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hPkoB5xEWg7MRXWlHHVe7nlcLxyPGqEgXfZXQG0ko9cp0caLE0dlbr7lvjrl2pY7iQqNsXOqY1mXNzKWfeTRz2Gvc93D7o2%2BwgdQip%2FuprsJJje9y7R6Apj0zlpuH1VcbAOuC94%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
cf-ray: 7798b40a1a28bbe6-FRA
x-backend-server: aa-reachservice-group-europe-west1-4wk7
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 42ms
29ms Preflight
text/plain 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://as.ad4m.at
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7798b409e9c4bbe6-FRA
content-length: 24
content-type: text/plain
date: Wed, 14 Dec 2022 17:36:42 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9z%2BpQm23Mkp0BFmYs3mJwyN14ciwLZQZSwF%2BCWYg29DU8GJo31eA8FaW1J6noYZnPrmbcE%2BG4bE1GIAipHdtOt4GT6PmnTGpzzTD4omNTmmzgx3nBaYNYOswVeHggwO%2BQ5wqHIc%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-v578

GET
H3 200 Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js Show response
pagead2.googlesyndication.com/bg/ Frame 99A5 36 KB
16 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

264edf8b1a4e2c1a8fb3c2e5d422381c5ca291ea2697b51bfd8da36697b977fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:17:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1138
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15923
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Dec 2023 17:17:44 GMT

GET
H3 200 Gg8gN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHY527LvspYY.woff2
fonts.gstatic.com/s/ibmplexsanscondensed/v13/ Frame EB80 18 KB
18 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsanscondensed/v13/Gg8gN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHY527LvspYY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:700|IBM+Plex+Sans+Condensed:500i|IBM+Plex+Sans+Condensed:500|IBM+Plex+Sans+Condensed:600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b4f873f3371bd426336178dfe982cf8366df7592c21738d0e1261e67a0cb2e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 20:48:04 GMT
x-content-type-options: nosniff
age: 420518
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18688
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:21:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Dec 2023 20:48:04 GMT

GET
H3 200 Gg8gN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHY5a67vspYY.woff2
fonts.gstatic.com/s/ibmplexsanscondensed/v13/ Frame EB80 18 KB
18 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsanscondensed/v13/Gg8gN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHY5a67vspYY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:700|IBM+Plex+Sans+Condensed:500i|IBM+Plex+Sans+Condensed:500|IBM+Plex+Sans+Condensed:600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71fe56560b9eba788c8ff58e084f24ca95ff3b89aff510345fab96de36ec8101

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 12 Dec 2022 17:51:13 GMT
x-content-type-options: nosniff
age: 171929
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18740
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:21:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Dec 2023 17:51:13 GMT

GET
H3 200 Gg8iN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHYas8F_olYQtEw.woff2
fonts.gstatic.com/s/ibmplexsanscondensed/v13/ Frame EB80 20 KB
20 KB 9ms
9ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsanscondensed/v13/Gg8iN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHYas8F_olYQtEw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:700|IBM+Plex+Sans+Condensed:500i|IBM+Plex+Sans+Condensed:500|IBM+Plex+Sans+Condensed:600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

09591867279cfa308e6366b2d6be5033904ef3de3c86b6f89cbe47e3022b7d99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 12:05:28 GMT
x-content-type-options: nosniff
age: 451874
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20496
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:21:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Dec 2023 12:05:28 GMT

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame 0122 10 KB
4 KB 41ms
40ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=192347%2C19491%2C322829&b=72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCM%2CR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7%2CbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJ&f=EzqfDf4EsEBxZczHAHjt6C441HqTVTzbF7%2CQpKH4fdjUWX7axH5HYt9CZZrTDT4TzPFV%2C3bgFpf14UV1xMf7HrHAtXC9REt8TWTRead&c=120&d=600&e=&g=cae369a0010692f24ac1c45db0e09588%2F16109878252448596710&i=20774%2C20773%2C21596&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1671039402596&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j49tjm57mfk6sx10g8kfs4ctp9jmajj0hhttfj8kjtkgh7q7ezjvm1tf5vf95qvsc6wyc53nv71w285vefn5m68byybse2gq0q7z476vffa18d4kp5ak1b3447km2fy59bwfwvfr30h4qpwvv24gwcz4sq9vr41bxn49ryb4ehsf5hbna3db5mqvswqxagn82nzd83p45xgsec4xw650csk4cr9g19trt2e4502mpnz1rdkskbvmgxmt2p3gy18gykz4bbef4c3k8n667rg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCQSKGqQmaY_I6zYSWBNfTkeAGkOGBhFy2qMKK8ALAjbcBEAEgAGCVgoCAtAeCARdjYS1wdWItMzM0Mjg2OTk5NjI1MjY4NcgBCakCie4w4T_dsT6oAwGqBIkCT9C7spbmx3gGNYHr5fV1RyPvv1paaXGkRxGHZaD1YWjrDNBafSmeBgkeAOpe0ZmrGQjL70xMDOtcF0ue5GN4yV5LhQ6yD5e-2935CYYcbEoeoPM0t1Afh2BvbuDgcB4-ksg6LMkkktw5-VziOmjTXcWtb4Wlv3caV44aP37OzP4bS8T6uYxvaA9hannZKYvu87hLUJYhwVhLmSzaehoJwS50eGgnesHEWi-QsMbB1DIEqJjig0_5OWdxuO9W4SsgfIMsBrAyyPk3Eyi8yAriX7Vj5QLUVflXyIn2wUKi7vyKqC6nvIpT-3snjNcGI2fh_P2gZpIYiNX2B3Hi5dNCXCkhbsOe1tg3dIAGzoTKq-u7gbpUoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1abPCX73PxGlLA_mPIAOLye8Rayw%2526client%253Dca-pub-3342869996252685%2526adurl%253D&y=1&s=&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccc209333b554936406b1eb81ee3dee2df1d4321f46c9047991ebaf532f63d12

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/dr?ed=1jfmzdg8k9kdt4wj16eth0p5896bs4pyvhff1bvew5tfwgqrb4p1akh2st7dzmee3swa74p6acxx7rpgjmsv0yc025qz9t15y72tq0z4er6d0n3v0hrqtd4qvdzpxsytczcfvebvfw9mvtg75ehbcctxt99bxee2azc67ggfwt3w36j7xz4bk3mmq7yhmy8pz7aqgf5xdj8cc71xy5rtjv5jngfgh5ntshw807s7ywdn6g3d0zeyctrtcwbd8wbx4wv4ywch2d0bqrk1bk3yny65vm14h3zt466ys9wdn262kscx955z87qjztrzjnzz2h6cdxay2v8918ktsqd4z3vyb0wk794jt5jwe8c7jgdxa3z78s1rv8w3frc6j8v8y457qktjgd44117hmqztfmc8xatrgxfv2ytgqg8x15y64s7kzvdae&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCQSKGqQmaY_I6zYSWBNfTkeAGkOGBhFy2qMKK8ALAjbcBEAEgAGCVgoCAtAeCARdjYS1wdWItMzM0Mjg2OTk5NjI1MjY4NcgBCakCie4w4T_dsT6oAwGqBIkCT9C7spbmx3gGNYHr5fV1RyPvv1paaXGkRxGHZaD1YWjrDNBafSmeBgkeAOpe0ZmrGQjL70xMDOtcF0ue5GN4yV5LhQ6yD5e-2935CYYcbEoeoPM0t1Afh2BvbuDgcB4-ksg6LMkkktw5-VziOmjTXcWtb4Wlv3caV44aP37OzP4bS8T6uYxvaA9hannZKYvu87hLUJYhwVhLmSzaehoJwS50eGgnesHEWi-QsMbB1DIEqJjig0_5OWdxuO9W4SsgfIMsBrAyyPk3Eyi8yAriX7Vj5QLUVflXyIn2wUKi7vyKqC6nvIpT-3snjNcGI2fh_P2gZpIYiNX2B3Hi5dNCXCkhbsOe1tg3dIAGzoTKq-u7gbpUoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1abPCX73PxGlLA_mPIAOLye8Rayw%26client%3Dca-pub-3342869996252685%26adurl%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7798b40a9b9b9b51-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:36:42 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js Show response
pagead2.googlesyndication.com/bg/ Frame EB80 36 KB
16 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

264edf8b1a4e2c1a8fb3c2e5d422381c5ca291ea2697b51bfd8da36697b977fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:17:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1138
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15923
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Dec 2023 17:17:44 GMT

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.27/one-ad/ Frame 0122 89 KB
11 KB 36ms
36ms Stylesheet
text/css 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.27/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=192347%2C19491%2C322829&b=72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCM%2CR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7%2CbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJ&f=EzqfDf4EsEBxZczHAHjt6C441HqTVTzbF7%2CQpKH4fdjUWX7axH5HYt9CZZrTDT4TzPFV%2C3bgFpf14UV1xMf7HrHAtXC9REt8TWTRead&c=120&d=600&e=&g=cae369a0010692f24ac1c45db0e09588%2F16109878252448596710&i=20774%2C20773%2C21596&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1671039402596&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j49tjm57mfk6sx10g8kfs4ctp9jmajj0hhttfj8kjtkgh7q7ezjvm1tf5vf95qvsc6wyc53nv71w285vefn5m68byybse2gq0q7z476vffa18d4kp5ak1b3447km2fy59bwfwvfr30h4qpwvv24gwcz4sq9vr41bxn49ryb4ehsf5hbna3db5mqvswqxagn82nzd83p45xgsec4xw650csk4cr9g19trt2e4502mpnz1rdkskbvmgxmt2p3gy18gykz4bbef4c3k8n667rg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCQSKGqQmaY_I6zYSWBNfTkeAGkOGBhFy2qMKK8ALAjbcBEAEgAGCVgoCAtAeCARdjYS1wdWItMzM0Mjg2OTk5NjI1MjY4NcgBCakCie4w4T_dsT6oAwGqBIkCT9C7spbmx3gGNYHr5fV1RyPvv1paaXGkRxGHZaD1YWjrDNBafSmeBgkeAOpe0ZmrGQjL70xMDOtcF0ue5GN4yV5LhQ6yD5e-2935CYYcbEoeoPM0t1Afh2BvbuDgcB4-ksg6LMkkktw5-VziOmjTXcWtb4Wlv3caV44aP37OzP4bS8T6uYxvaA9hannZKYvu87hLUJYhwVhLmSzaehoJwS50eGgnesHEWi-QsMbB1DIEqJjig0_5OWdxuO9W4SsgfIMsBrAyyPk3Eyi8yAriX7Vj5QLUVflXyIn2wUKi7vyKqC6nvIpT-3snjNcGI2fh_P2gZpIYiNX2B3Hi5dNCXCkhbsOe1tg3dIAGzoTKq-u7gbpUoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1abPCX73PxGlLA_mPIAOLye8Rayw%2526client%253Dca-pub-3342869996252685%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ab995345cf38f3951bc840ab2c0d043269e700e59f1c6d6cb7fb8946268b358

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=192347%2C19491%2C322829&b=72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCM%2CR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7%2CbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJ&f=EzqfDf4EsEBxZczHAHjt6C441HqTVTzbF7%2CQpKH4fdjUWX7axH5HYt9CZZrTDT4TzPFV%2C3bgFpf14UV1xMf7HrHAtXC9REt8TWTRead&c=120&d=600&e=&g=cae369a0010692f24ac1c45db0e09588%2F16109878252448596710&i=20774%2C20773%2C21596&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1671039402596&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j49tjm57mfk6sx10g8kfs4ctp9jmajj0hhttfj8kjtkgh7q7ezjvm1tf5vf95qvsc6wyc53nv71w285vefn5m68byybse2gq0q7z476vffa18d4kp5ak1b3447km2fy59bwfwvfr30h4qpwvv24gwcz4sq9vr41bxn49ryb4ehsf5hbna3db5mqvswqxagn82nzd83p45xgsec4xw650csk4cr9g19trt2e4502mpnz1rdkskbvmgxmt2p3gy18gykz4bbef4c3k8n667rg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCQSKGqQmaY_I6zYSWBNfTkeAGkOGBhFy2qMKK8ALAjbcBEAEgAGCVgoCAtAeCARdjYS1wdWItMzM0Mjg2OTk5NjI1MjY4NcgBCakCie4w4T_dsT6oAwGqBIkCT9C7spbmx3gGNYHr5fV1RyPvv1paaXGkRxGHZaD1YWjrDNBafSmeBgkeAOpe0ZmrGQjL70xMDOtcF0ue5GN4yV5LhQ6yD5e-2935CYYcbEoeoPM0t1Afh2BvbuDgcB4-ksg6LMkkktw5-VziOmjTXcWtb4Wlv3caV44aP37OzP4bS8T6uYxvaA9hannZKYvu87hLUJYhwVhLmSzaehoJwS50eGgnesHEWi-QsMbB1DIEqJjig0_5OWdxuO9W4SsgfIMsBrAyyPk3Eyi8yAriX7Vj5QLUVflXyIn2wUKi7vyKqC6nvIpT-3snjNcGI2fh_P2gZpIYiNX2B3Hi5dNCXCkhbsOe1tg3dIAGzoTKq-u7gbpUoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1abPCX73PxGlLA_mPIAOLye8Rayw%2526client%253Dca-pub-3342869996252685%2526adurl%253D&y=1&s=&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1670930538
age: 103768
cf-polished: origSize=91628
x-guploader-uploadid: ADPycduR5Ol9pg3grc4HAIdmrbMEndwceyBRaKPEzp4btA3cKENGM-ZcNqNRgrH_pFRA6eQ6LFPYNJBaKno_nvJ48NOr
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 11:22:46 GMT
server: cloudflare
etag: W/"575def06e70febb0cbd25403e37880bf"
vary: Accept-Encoding
x-goog-generation: 1670930566724484
content-type: text/css
x-goog-hash: crc32c=ttlcew==, md5=V13vBucP67DL0lQD43iAvw==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2CwDS7NWwWI6mBwCfo%2F7nZbdjWhzbjWAfRtSoZl1QoG6CIBEYkLtjuSarQ9TIBDEqlkyJ2YzJLDaIHRzx5%2BXjYc%2BYRl9XB0kAEz%2BcHbnJBD6qL1gry3oRZVT3DHUT8g2SCIUlC8FU7M%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 91628
cf-ray: 7798b40afc7d9b51-FRA
expires: Wed, 14 Dec 2022 18:36:42 GMT

GET
H2 200 D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
assets.ad4m.at/logo/ Frame 0122 53 KB
54 KB 34ms
23ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=192347%2C19491%2C322829&b=72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCM%2CR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7%2CbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJ&f=EzqfDf4EsEBxZczHAHjt6C441HqTVTzbF7%2CQpKH4fdjUWX7axH5HYt9CZZrTDT4TzPFV%2C3bgFpf14UV1xMf7HrHAtXC9REt8TWTRead&c=120&d=600&e=&g=cae369a0010692f24ac1c45db0e09588%2F16109878252448596710&i=20774%2C20773%2C21596&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1671039402596&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j49tjm57mfk6sx10g8kfs4ctp9jmajj0hhttfj8kjtkgh7q7ezjvm1tf5vf95qvsc6wyc53nv71w285vefn5m68byybse2gq0q7z476vffa18d4kp5ak1b3447km2fy59bwfwvfr30h4qpwvv24gwcz4sq9vr41bxn49ryb4ehsf5hbna3db5mqvswqxagn82nzd83p45xgsec4xw650csk4cr9g19trt2e4502mpnz1rdkskbvmgxmt2p3gy18gykz4bbef4c3k8n667rg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCQSKGqQmaY_I6zYSWBNfTkeAGkOGBhFy2qMKK8ALAjbcBEAEgAGCVgoCAtAeCARdjYS1wdWItMzM0Mjg2OTk5NjI1MjY4NcgBCakCie4w4T_dsT6oAwGqBIkCT9C7spbmx3gGNYHr5fV1RyPvv1paaXGkRxGHZaD1YWjrDNBafSmeBgkeAOpe0ZmrGQjL70xMDOtcF0ue5GN4yV5LhQ6yD5e-2935CYYcbEoeoPM0t1Afh2BvbuDgcB4-ksg6LMkkktw5-VziOmjTXcWtb4Wlv3caV44aP37OzP4bS8T6uYxvaA9hannZKYvu87hLUJYhwVhLmSzaehoJwS50eGgnesHEWi-QsMbB1DIEqJjig0_5OWdxuO9W4SsgfIMsBrAyyPk3Eyi8yAriX7Vj5QLUVflXyIn2wUKi7vyKqC6nvIpT-3snjNcGI2fh_P2gZpIYiNX2B3Hi5dNCXCkhbsOe1tg3dIAGzoTKq-u7gbpUoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1abPCX73PxGlLA_mPIAOLye8Rayw%2526client%253Dca-pub-3342869996252685%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7cdf71044448cb736733f5163fff96081d51ba4101567d61d22ee5998a7a399

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 15246
cf-polished: origFmt=png, origSize=115129
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 54564
cf-bgj: imgq:85,h2pri
last-modified: Tue, 09 Feb 2021 15:11:24 GMT
server: cloudflare
etag: "0a277d59efca0369a6983645e273659e"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zea7fJikNs6L80zzcgZCRKbxGu90Dv%2F2SRgV%2ByOQ2PAuDfPA3XYMqkWg06dOcgiSSxRHtNIO8v5pjkenB%2BN0%2BO7S%2FZYzeSOV0BZLOUJnEJUS5kSZPfiQc6DIxvsyelqwsYOK2FFQGrzrSqQd"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7798b40b091b5c98-FRA
expires: Thu, 15 Dec 2022 17:36:42 GMT

GET
H2 200 3778CF797E3A529087D97C23A5BCA9FADE012AB01E21FB1929557E8BD70A789A1F44E5D867099979B17313F69D44515CF12B8C937634907539AB1C54C4F5334B
assets.ad4m.at/product_image/ Frame 0122 11 KB
11 KB 59ms
51ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/3778CF797E3A529087D97C23A5BCA9FADE012AB01E21FB1929557E8BD70A789A1F44E5D867099979B17313F69D44515CF12B8C937634907539AB1C54C4F5334B
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=192347%2C19491%2C322829&b=72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCM%2CR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7%2CbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJ&f=EzqfDf4EsEBxZczHAHjt6C441HqTVTzbF7%2CQpKH4fdjUWX7axH5HYt9CZZrTDT4TzPFV%2C3bgFpf14UV1xMf7HrHAtXC9REt8TWTRead&c=120&d=600&e=&g=cae369a0010692f24ac1c45db0e09588%2F16109878252448596710&i=20774%2C20773%2C21596&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1671039402596&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j49tjm57mfk6sx10g8kfs4ctp9jmajj0hhttfj8kjtkgh7q7ezjvm1tf5vf95qvsc6wyc53nv71w285vefn5m68byybse2gq0q7z476vffa18d4kp5ak1b3447km2fy59bwfwvfr30h4qpwvv24gwcz4sq9vr41bxn49ryb4ehsf5hbna3db5mqvswqxagn82nzd83p45xgsec4xw650csk4cr9g19trt2e4502mpnz1rdkskbvmgxmt2p3gy18gykz4bbef4c3k8n667rg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCQSKGqQmaY_I6zYSWBNfTkeAGkOGBhFy2qMKK8ALAjbcBEAEgAGCVgoCAtAeCARdjYS1wdWItMzM0Mjg2OTk5NjI1MjY4NcgBCakCie4w4T_dsT6oAwGqBIkCT9C7spbmx3gGNYHr5fV1RyPvv1paaXGkRxGHZaD1YWjrDNBafSmeBgkeAOpe0ZmrGQjL70xMDOtcF0ue5GN4yV5LhQ6yD5e-2935CYYcbEoeoPM0t1Afh2BvbuDgcB4-ksg6LMkkktw5-VziOmjTXcWtb4Wlv3caV44aP37OzP4bS8T6uYxvaA9hannZKYvu87hLUJYhwVhLmSzaehoJwS50eGgnesHEWi-QsMbB1DIEqJjig0_5OWdxuO9W4SsgfIMsBrAyyPk3Eyi8yAriX7Vj5QLUVflXyIn2wUKi7vyKqC6nvIpT-3snjNcGI2fh_P2gZpIYiNX2B3Hi5dNCXCkhbsOe1tg3dIAGzoTKq-u7gbpUoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1abPCX73PxGlLA_mPIAOLye8Rayw%2526client%253Dca-pub-3342869996252685%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0fc6327e965679b41a818cf88fdaf0b16e586c0ac03bc72d49c4f47e2ed02336

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1275137
cf-polished: qual=85, origFmt=jpeg, origSize=46259
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10888
cf-bgj: imgq:85,h2pri
last-modified: Wed, 16 Nov 2022 16:09:44 GMT
server: cloudflare
etag: "b2cf554576629d98986c459034c76d1a"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L8vAE8rBqVKecS2t2fW3lmTzS%2FAv%2FmDQRNLBIjQZoDc6ujz%2BV%2B%2BLssG666LBXHI3nz9kXZLK3sZKnpeaFBgjD1cM9KCUSvWEFE3NtNSyRfbvh7t3KahBJpuibPQ43dngWbnA34VeaQv%2FWJ1%2B"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7798b40b09165c98-FRA
expires: Thu, 15 Dec 2022 17:36:42 GMT

GET
H/1.1

200
OK

/
partner.o2online.de/a/ Frame 0122
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_t...
https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_pre=COjfhvDS-fsCFcT0EQgdcCcBQw;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=...
https://www.telefonica-partner.de/tpv.php?t=117703V1226132702M&subid=viewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&gdpr_pd=0
https://www.lead-alliance.net/tpv.php?t=117703V1226132702M&subid=viewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&gdpr_pd=0
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=117703&s_id=2022121418364279507489173X117703V1226132702MSviewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_N...

49 B
1 KB

165ms
23ms

Image
image/gif

46.4.62.19
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=117703&s_id=2022121418364279507489173X117703V1226132702MSviewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&cons=0&spid=2022121418364279507489173X117703V1226132702MSviewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_Netmix_Reach43_TopRotaMonth&wfid=117703&partnerid=12218
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=192347%2C19491%2C322829&b=72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCM%2CR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7%2CbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJ&f=EzqfDf4EsEBxZczHAHjt6C441HqTVTzbF7%2CQpKH4fdjUWX7axH5HYt9CZZrTDT4TzPFV%2C3bgFpf14UV1xMf7HrHAtXC9REt8TWTRead&c=120&d=600&e=&g=cae369a0010692f24ac1c45db0e09588%2F16109878252448596710&i=20774%2C20773%2C21596&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1671039402596&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j49tjm57mfk6sx10g8kfs4ctp9jmajj0hhttfj8kjtkgh7q7ezjvm1tf5vf95qvsc6wyc53nv71w285vefn5m68byybse2gq0q7z476vffa18d4kp5ak1b3447km2fy59bwfwvfr30h4qpwvv24gwcz4sq9vr41bxn49ryb4ehsf5hbna3db5mqvswqxagn82nzd83p45xgsec4xw650csk4cr9g19trt2e4502mpnz1rdkskbvmgxmt2p3gy18gykz4bbef4c3k8n667rg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCQSKGqQmaY_I6zYSWBNfTkeAGkOGBhFy2qMKK8ALAjbcBEAEgAGCVgoCAtAeCARdjYS1wdWItMzM0Mjg2OTk5NjI1MjY4NcgBCakCie4w4T_dsT6oAwGqBIkCT9C7spbmx3gGNYHr5fV1RyPvv1paaXGkRxGHZaD1YWjrDNBafSmeBgkeAOpe0ZmrGQjL70xMDOtcF0ue5GN4yV5LhQ6yD5e-2935CYYcbEoeoPM0t1Afh2BvbuDgcB4-ksg6LMkkktw5-VziOmjTXcWtb4Wlv3caV44aP37OzP4bS8T6uYxvaA9hannZKYvu87hLUJYhwVhLmSzaehoJwS50eGgnesHEWi-QsMbB1DIEqJjig0_5OWdxuO9W4SsgfIMsBrAyyPk3Eyi8yAriX7Vj5QLUVflXyIn2wUKi7vyKqC6nvIpT-3snjNcGI2fh_P2gZpIYiNX2B3Hi5dNCXCkhbsOe1tg3dIAGzoTKq-u7gbpUoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1abPCX73PxGlLA_mPIAOLye8Rayw%2526client%253Dca-pub-3342869996252685%2526adurl%253D&y=1&s=&z=0
Protocol: HTTP/1.1
Server: 46.4.62.19 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nonstopads4.sunbonet.de
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:43 GMT
X-NODEIP: 46.4.62.19
Server: nginx/1.10.3 (Ubuntu)
RM-PrivacyPolicy: https://www.nonstoppartner.net/
Content-Type: image/gif
P3P: policyref="https://a.nonstoppartner.net/w3c/p3p.a.xml", CP="NOI CUR OUR STP"
Connection: keep-alive
Keep-Alive: timeout=10
Content-Length: 49

Redirect headers

location: https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=117703&s_id=2022121418364279507489173X117703V1226132702MSviewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&cons=0&spid=2022121418364279507489173X117703V1226132702MSviewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_Netmix_Reach43_TopRotaMonth&wfid=117703&partnerid=12218
date: Wed, 14 Dec 2022 17:36:42 GMT
x-content-type-options: nosniff
server: nginx
x-xss-protection: 1; mode=block
content-type: text/html; charset=UTF-8

GET
H2 200 DF9A32151D42BCC835EC0C9BE62CF0094313EE46FD4E5D3DC0F1217B7F8F1AD49F0F4DDF5D50AE1511A12D11F97A6BCA3DF8CE9D056CE7A3DC11AF6ED1255D71
assets.ad4m.at/logo/ Frame 0122 9 KB
9 KB 34ms
27ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/DF9A32151D42BCC835EC0C9BE62CF0094313EE46FD4E5D3DC0F1217B7F8F1AD49F0F4DDF5D50AE1511A12D11F97A6BCA3DF8CE9D056CE7A3DC11AF6ED1255D71
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=192347%2C19491%2C322829&b=72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCM%2CR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7%2CbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJ&f=EzqfDf4EsEBxZczHAHjt6C441HqTVTzbF7%2CQpKH4fdjUWX7axH5HYt9CZZrTDT4TzPFV%2C3bgFpf14UV1xMf7HrHAtXC9REt8TWTRead&c=120&d=600&e=&g=cae369a0010692f24ac1c45db0e09588%2F16109878252448596710&i=20774%2C20773%2C21596&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1671039402596&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j49tjm57mfk6sx10g8kfs4ctp9jmajj0hhttfj8kjtkgh7q7ezjvm1tf5vf95qvsc6wyc53nv71w285vefn5m68byybse2gq0q7z476vffa18d4kp5ak1b3447km2fy59bwfwvfr30h4qpwvv24gwcz4sq9vr41bxn49ryb4ehsf5hbna3db5mqvswqxagn82nzd83p45xgsec4xw650csk4cr9g19trt2e4502mpnz1rdkskbvmgxmt2p3gy18gykz4bbef4c3k8n667rg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCQSKGqQmaY_I6zYSWBNfTkeAGkOGBhFy2qMKK8ALAjbcBEAEgAGCVgoCAtAeCARdjYS1wdWItMzM0Mjg2OTk5NjI1MjY4NcgBCakCie4w4T_dsT6oAwGqBIkCT9C7spbmx3gGNYHr5fV1RyPvv1paaXGkRxGHZaD1YWjrDNBafSmeBgkeAOpe0ZmrGQjL70xMDOtcF0ue5GN4yV5LhQ6yD5e-2935CYYcbEoeoPM0t1Afh2BvbuDgcB4-ksg6LMkkktw5-VziOmjTXcWtb4Wlv3caV44aP37OzP4bS8T6uYxvaA9hannZKYvu87hLUJYhwVhLmSzaehoJwS50eGgnesHEWi-QsMbB1DIEqJjig0_5OWdxuO9W4SsgfIMsBrAyyPk3Eyi8yAriX7Vj5QLUVflXyIn2wUKi7vyKqC6nvIpT-3snjNcGI2fh_P2gZpIYiNX2B3Hi5dNCXCkhbsOe1tg3dIAGzoTKq-u7gbpUoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1abPCX73PxGlLA_mPIAOLye8Rayw%2526client%253Dca-pub-3342869996252685%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5eeedf9055f9efab9127642b4c44135be9f404caa7ce08e51a5ea734dfd28828

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2490168
cf-polished: origFmt=png, origSize=24833
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9258
cf-bgj: imgq:85,h2pri
last-modified: Tue, 09 Feb 2021 15:11:57 GMT
server: cloudflare
etag: "174bb0dc35647e204b09aa120965604a"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XAEvSOHUI4Lzlhbs46rdwB9UacSFc8p9eYJJYN7df9oSlRh2zSfGi8SXYSndqUk56dqqXqcq1J1AXJ1%2FBGzIVqTTWamajiIkKer5HrelclYMYSxN7SMl2mGGZbhyRO%2BiCkA%2Fm1bHeMtG2mK0"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7798b40b091c5c98-FRA
expires: Thu, 15 Dec 2022 17:36:42 GMT

GET
H2 200 FDA524315CF1A84E9D46619FD10F0264DD2260394DD71198EE8FEC75572B31C1B960B5E4A647F88B6C04B0DBC247510EFFF5F03328E33405460FFEDC3D0CE020
assets.ad4m.at/product_image/ Frame 0122 20 KB
20 KB 37ms
30ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/FDA524315CF1A84E9D46619FD10F0264DD2260394DD71198EE8FEC75572B31C1B960B5E4A647F88B6C04B0DBC247510EFFF5F03328E33405460FFEDC3D0CE020
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=192347%2C19491%2C322829&b=72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCM%2CR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7%2CbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJ&f=EzqfDf4EsEBxZczHAHjt6C441HqTVTzbF7%2CQpKH4fdjUWX7axH5HYt9CZZrTDT4TzPFV%2C3bgFpf14UV1xMf7HrHAtXC9REt8TWTRead&c=120&d=600&e=&g=cae369a0010692f24ac1c45db0e09588%2F16109878252448596710&i=20774%2C20773%2C21596&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1671039402596&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j49tjm57mfk6sx10g8kfs4ctp9jmajj0hhttfj8kjtkgh7q7ezjvm1tf5vf95qvsc6wyc53nv71w285vefn5m68byybse2gq0q7z476vffa18d4kp5ak1b3447km2fy59bwfwvfr30h4qpwvv24gwcz4sq9vr41bxn49ryb4ehsf5hbna3db5mqvswqxagn82nzd83p45xgsec4xw650csk4cr9g19trt2e4502mpnz1rdkskbvmgxmt2p3gy18gykz4bbef4c3k8n667rg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCQSKGqQmaY_I6zYSWBNfTkeAGkOGBhFy2qMKK8ALAjbcBEAEgAGCVgoCAtAeCARdjYS1wdWItMzM0Mjg2OTk5NjI1MjY4NcgBCakCie4w4T_dsT6oAwGqBIkCT9C7spbmx3gGNYHr5fV1RyPvv1paaXGkRxGHZaD1YWjrDNBafSmeBgkeAOpe0ZmrGQjL70xMDOtcF0ue5GN4yV5LhQ6yD5e-2935CYYcbEoeoPM0t1Afh2BvbuDgcB4-ksg6LMkkktw5-VziOmjTXcWtb4Wlv3caV44aP37OzP4bS8T6uYxvaA9hannZKYvu87hLUJYhwVhLmSzaehoJwS50eGgnesHEWi-QsMbB1DIEqJjig0_5OWdxuO9W4SsgfIMsBrAyyPk3Eyi8yAriX7Vj5QLUVflXyIn2wUKi7vyKqC6nvIpT-3snjNcGI2fh_P2gZpIYiNX2B3Hi5dNCXCkhbsOe1tg3dIAGzoTKq-u7gbpUoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1abPCX73PxGlLA_mPIAOLye8Rayw%2526client%253Dca-pub-3342869996252685%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6b094a140ea1c9e6edece62a54ab0d4fb5a600ba71495dc8835a12621e49204e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2420931
cf-polished: qual=85, origFmt=jpeg, origSize=85977
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 20094
cf-bgj: imgq:85,h2pri
last-modified: Wed, 16 Nov 2022 16:32:10 GMT
server: cloudflare
etag: "115bea0885590f780802fd14548a1cde"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2cdi2OKViqcSgYM3JVXCNoCu%2BBzVroeDV8xHplyY1q5DGGnyEyzHnifnmmFqD0bxJswjUJx1ZblTnfQpeWLFN99%2FGhE8BQmXbb1KEUeg%2BrowTGFmD4imrXhN%2BRsQqViqsgQ7FWWy1352E%2BaR"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7798b40b091e5c98-FRA
expires: Thu, 15 Dec 2022 17:36:42 GMT

GET
H/1.1

200
OK

/
partner.blau.de/a/ Frame 0122
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N773418.3163536BLAU_AFFILIATE/B25532621.345088000;dc_trk_aid=536454876;dc_trk_cid=177082088;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed...
https://ad.doubleclick.net/ddm/trackimp/N773418.3163536BLAU_AFFILIATE/B25532621.345088000;dc_pre=CJ3chvDS-fsCFWuF_QcdGSUAKA;dc_trk_aid=536454876;dc_trk_cid=177082088;ord=%7B%7Btimestamp%7D%7D;dc_la...
https://www.telefonica-partner.de/tpv.php?t=113752V1225131106M&subid=viewoneidR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7oneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&gdpr_pd=0
https://www.lead-alliance.net/tpv.php?t=113752V1225131106M&subid=viewoneidR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7oneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&gdpr_pd=0
https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=113752&s_id=2022121418364279507489175X113752V1225131106MSviewoneidR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7oneid__suite_Netm...

49 B
1 KB

67ms
21ms

Image
image/gif

78.46.85.162
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=113752&s_id=2022121418364279507489175X113752V1225131106MSviewoneidR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7oneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&cons=0
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=192347%2C19491%2C322829&b=72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCM%2CR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7%2CbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJ&f=EzqfDf4EsEBxZczHAHjt6C441HqTVTzbF7%2CQpKH4fdjUWX7axH5HYt9CZZrTDT4TzPFV%2C3bgFpf14UV1xMf7HrHAtXC9REt8TWTRead&c=120&d=600&e=&g=cae369a0010692f24ac1c45db0e09588%2F16109878252448596710&i=20774%2C20773%2C21596&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1671039402596&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j49tjm57mfk6sx10g8kfs4ctp9jmajj0hhttfj8kjtkgh7q7ezjvm1tf5vf95qvsc6wyc53nv71w285vefn5m68byybse2gq0q7z476vffa18d4kp5ak1b3447km2fy59bwfwvfr30h4qpwvv24gwcz4sq9vr41bxn49ryb4ehsf5hbna3db5mqvswqxagn82nzd83p45xgsec4xw650csk4cr9g19trt2e4502mpnz1rdkskbvmgxmt2p3gy18gykz4bbef4c3k8n667rg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCQSKGqQmaY_I6zYSWBNfTkeAGkOGBhFy2qMKK8ALAjbcBEAEgAGCVgoCAtAeCARdjYS1wdWItMzM0Mjg2OTk5NjI1MjY4NcgBCakCie4w4T_dsT6oAwGqBIkCT9C7spbmx3gGNYHr5fV1RyPvv1paaXGkRxGHZaD1YWjrDNBafSmeBgkeAOpe0ZmrGQjL70xMDOtcF0ue5GN4yV5LhQ6yD5e-2935CYYcbEoeoPM0t1Afh2BvbuDgcB4-ksg6LMkkktw5-VziOmjTXcWtb4Wlv3caV44aP37OzP4bS8T6uYxvaA9hannZKYvu87hLUJYhwVhLmSzaehoJwS50eGgnesHEWi-QsMbB1DIEqJjig0_5OWdxuO9W4SsgfIMsBrAyyPk3Eyi8yAriX7Vj5QLUVflXyIn2wUKi7vyKqC6nvIpT-3snjNcGI2fh_P2gZpIYiNX2B3Hi5dNCXCkhbsOe1tg3dIAGzoTKq-u7gbpUoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1abPCX73PxGlLA_mPIAOLye8Rayw%2526client%253Dca-pub-3342869996252685%2526adurl%253D&y=1&s=&z=0
Protocol: HTTP/1.1
Server: 78.46.85.162 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nonstopads1.sunbonet.de
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:36:43 GMT
X-NODEIP: 78.46.85.162
Server: nginx/1.10.3 (Ubuntu)
RM-PrivacyPolicy: https://www.nonstoppartner.net/
Content-Type: image/gif
P3P: policyref="https://a.nonstoppartner.net/w3c/p3p.a.xml", CP="NOI CUR OUR STP"
Connection: keep-alive
Keep-Alive: timeout=10
Content-Length: 49

Redirect headers

location: https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=113752&s_id=2022121418364279507489175X113752V1225131106MSviewoneidR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7oneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&cons=0
date: Wed, 14 Dec 2022 17:36:42 GMT
x-content-type-options: nosniff
server: nginx
x-xss-protection: 1; mode=block
content-type: text/html; charset=UTF-8

GET
H2 200 CE11F4A269236C0AF074ADB7F1ADA1F8C472CD7AC3290EFBF4A7DADA0100B8792254D4F2CF871D3311E6317269487774B650CDD0B207BED389DBEA35CD2DBC8F
assets.ad4m.at/logo/ Frame 0122 16 KB
16 KB 36ms
29ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/CE11F4A269236C0AF074ADB7F1ADA1F8C472CD7AC3290EFBF4A7DADA0100B8792254D4F2CF871D3311E6317269487774B650CDD0B207BED389DBEA35CD2DBC8F
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=192347%2C19491%2C322829&b=72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCM%2CR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7%2CbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJ&f=EzqfDf4EsEBxZczHAHjt6C441HqTVTzbF7%2CQpKH4fdjUWX7axH5HYt9CZZrTDT4TzPFV%2C3bgFpf14UV1xMf7HrHAtXC9REt8TWTRead&c=120&d=600&e=&g=cae369a0010692f24ac1c45db0e09588%2F16109878252448596710&i=20774%2C20773%2C21596&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1671039402596&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j49tjm57mfk6sx10g8kfs4ctp9jmajj0hhttfj8kjtkgh7q7ezjvm1tf5vf95qvsc6wyc53nv71w285vefn5m68byybse2gq0q7z476vffa18d4kp5ak1b3447km2fy59bwfwvfr30h4qpwvv24gwcz4sq9vr41bxn49ryb4ehsf5hbna3db5mqvswqxagn82nzd83p45xgsec4xw650csk4cr9g19trt2e4502mpnz1rdkskbvmgxmt2p3gy18gykz4bbef4c3k8n667rg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCQSKGqQmaY_I6zYSWBNfTkeAGkOGBhFy2qMKK8ALAjbcBEAEgAGCVgoCAtAeCARdjYS1wdWItMzM0Mjg2OTk5NjI1MjY4NcgBCakCie4w4T_dsT6oAwGqBIkCT9C7spbmx3gGNYHr5fV1RyPvv1paaXGkRxGHZaD1YWjrDNBafSmeBgkeAOpe0ZmrGQjL70xMDOtcF0ue5GN4yV5LhQ6yD5e-2935CYYcbEoeoPM0t1Afh2BvbuDgcB4-ksg6LMkkktw5-VziOmjTXcWtb4Wlv3caV44aP37OzP4bS8T6uYxvaA9hannZKYvu87hLUJYhwVhLmSzaehoJwS50eGgnesHEWi-QsMbB1DIEqJjig0_5OWdxuO9W4SsgfIMsBrAyyPk3Eyi8yAriX7Vj5QLUVflXyIn2wUKi7vyKqC6nvIpT-3snjNcGI2fh_P2gZpIYiNX2B3Hi5dNCXCkhbsOe1tg3dIAGzoTKq-u7gbpUoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1abPCX73PxGlLA_mPIAOLye8Rayw%2526client%253Dca-pub-3342869996252685%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e07d58c68b83a3c283f75063f562aadc164ebb7cf068ffaef89bdde5011c3da8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 168592
cf-polished: origFmt=png, origSize=39979
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15996
cf-bgj: imgq:85,h2pri
last-modified: Wed, 22 Jan 2020 13:07:55 GMT
server: cloudflare
etag: "ad9334664514d900a0c3b76d17ca960f"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qO1v5VeTP8Mi2jt1%2BtlN79mSmk2RLxiRUQqOSdnHCEtLxjQRp54j%2FGRuqniyK83W2%2FIx9yKgDAHe8gMzCOT8%2BxI7moiwiEWKm1dLXEhdxwDeTzxKL695sdacrhrMD73gaaV7VPdDkk6hVBdN"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7798b40b09205c98-FRA
expires: Thu, 15 Dec 2022 17:36:42 GMT

GET
H2 200 EC9093D4AF3799CF781B1E590A25D192F3BFBB8EF4C33117758FB5ADF524B34A287AF80FDD08D80A46541DEAE1FFA692B6F4CA688E7C199182253AEB01A2863C
assets.ad4m.at/product_image/ Frame 0122 222 KB
222 KB 61ms
54ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/EC9093D4AF3799CF781B1E590A25D192F3BFBB8EF4C33117758FB5ADF524B34A287AF80FDD08D80A46541DEAE1FFA692B6F4CA688E7C199182253AEB01A2863C
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=192347%2C19491%2C322829&b=72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCM%2CR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7%2CbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJ&f=EzqfDf4EsEBxZczHAHjt6C441HqTVTzbF7%2CQpKH4fdjUWX7axH5HYt9CZZrTDT4TzPFV%2C3bgFpf14UV1xMf7HrHAtXC9REt8TWTRead&c=120&d=600&e=&g=cae369a0010692f24ac1c45db0e09588%2F16109878252448596710&i=20774%2C20773%2C21596&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1671039402596&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j49tjm57mfk6sx10g8kfs4ctp9jmajj0hhttfj8kjtkgh7q7ezjvm1tf5vf95qvsc6wyc53nv71w285vefn5m68byybse2gq0q7z476vffa18d4kp5ak1b3447km2fy59bwfwvfr30h4qpwvv24gwcz4sq9vr41bxn49ryb4ehsf5hbna3db5mqvswqxagn82nzd83p45xgsec4xw650csk4cr9g19trt2e4502mpnz1rdkskbvmgxmt2p3gy18gykz4bbef4c3k8n667rg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCQSKGqQmaY_I6zYSWBNfTkeAGkOGBhFy2qMKK8ALAjbcBEAEgAGCVgoCAtAeCARdjYS1wdWItMzM0Mjg2OTk5NjI1MjY4NcgBCakCie4w4T_dsT6oAwGqBIkCT9C7spbmx3gGNYHr5fV1RyPvv1paaXGkRxGHZaD1YWjrDNBafSmeBgkeAOpe0ZmrGQjL70xMDOtcF0ue5GN4yV5LhQ6yD5e-2935CYYcbEoeoPM0t1Afh2BvbuDgcB4-ksg6LMkkktw5-VziOmjTXcWtb4Wlv3caV44aP37OzP4bS8T6uYxvaA9hannZKYvu87hLUJYhwVhLmSzaehoJwS50eGgnesHEWi-QsMbB1DIEqJjig0_5OWdxuO9W4SsgfIMsBrAyyPk3Eyi8yAriX7Vj5QLUVflXyIn2wUKi7vyKqC6nvIpT-3snjNcGI2fh_P2gZpIYiNX2B3Hi5dNCXCkhbsOe1tg3dIAGzoTKq-u7gbpUoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1abPCX73PxGlLA_mPIAOLye8Rayw%2526client%253Dca-pub-3342869996252685%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41b9b9d488e3a57902a671111dd089363c2f7d3a41ec3177f196abbb7cbac078

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 168795
cf-polished: origFmt=png, origSize=342797
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 226916
cf-bgj: imgq:85,h2pri
last-modified: Wed, 15 Jun 2022 14:01:11 GMT
server: cloudflare
etag: "82c7de0f42ff55fdd0acc07731664031"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wc6QPD1g9zrRwCfjAeVV17vdgUl9WX59PXDjagjdnro6LgHydllLrG173UeptuL5pj6%2BVvMrpXhtGVmRZDtChc6DNeMo0mH%2Fh%2FjlSnqttRvxjDkhIFb7kZZwnJED38n%2B4iM5YytnDI6FL5vy"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7798b40b09225c98-FRA
expires: Thu, 15 Dec 2022 17:36:42 GMT

GET
H2

200

ztpv.php
www.conrad.de/ Frame 0122
Redirect Chain

https://www.awin1.com/cshow.php?s=2470185&v=11354&q=377129&r=412871&pv=1&pref3=oneidbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJoneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&gdpr_pd=0
https://www.conrad.de/ztpv.php?awc=11354_412871_1671039402_df96b5c0-7bd5-11ed-bfbc-22342ff4a6f7&insert=AW&&gdpr=0&gdpr_consent=

0
639 B

90ms
56ms

Image
text/html

2606:4700::6812:7e05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.conrad.de/ztpv.php?awc=11354_412871_1671039402_df96b5c0-7bd5-11ed-bfbc-22342ff4a6f7&insert=AW&&gdpr=0&gdpr_consent=

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=192347%2C19491%2C322829&b=72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCM%2CR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7%2CbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJ&f=EzqfDf4EsEBxZczHAHjt6C441HqTVTzbF7%2CQpKH4fdjUWX7axH5HYt9CZZrTDT4TzPFV%2C3bgFpf14UV1xMf7HrHAtXC9REt8TWTRead&c=120&d=600&e=&g=cae369a0010692f24ac1c45db0e09588%2F16109878252448596710&i=20774%2C20773%2C21596&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1671039402596&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j49tjm57mfk6sx10g8kfs4ctp9jmajj0hhttfj8kjtkgh7q7ezjvm1tf5vf95qvsc6wyc53nv71w285vefn5m68byybse2gq0q7z476vffa18d4kp5ak1b3447km2fy59bwfwvfr30h4qpwvv24gwcz4sq9vr41bxn49ryb4ehsf5hbna3db5mqvswqxagn82nzd83p45xgsec4xw650csk4cr9g19trt2e4502mpnz1rdkskbvmgxmt2p3gy18gykz4bbef4c3k8n667rg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCQSKGqQmaY_I6zYSWBNfTkeAGkOGBhFy2qMKK8ALAjbcBEAEgAGCVgoCAtAeCARdjYS1wdWItMzM0Mjg2OTk5NjI1MjY4NcgBCakCie4w4T_dsT6oAwGqBIkCT9C7spbmx3gGNYHr5fV1RyPvv1paaXGkRxGHZaD1YWjrDNBafSmeBgkeAOpe0ZmrGQjL70xMDOtcF0ue5GN4yV5LhQ6yD5e-2935CYYcbEoeoPM0t1Afh2BvbuDgcB4-ksg6LMkkktw5-VziOmjTXcWtb4Wlv3caV44aP37OzP4bS8T6uYxvaA9hannZKYvu87hLUJYhwVhLmSzaehoJwS50eGgnesHEWi-QsMbB1DIEqJjig0_5OWdxuO9W4SsgfIMsBrAyyPk3Eyi8yAriX7Vj5QLUVflXyIn2wUKi7vyKqC6nvIpT-3snjNcGI2fh_P2gZpIYiNX2B3Hi5dNCXCkhbsOe1tg3dIAGzoTKq-u7gbpUoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1abPCX73PxGlLA_mPIAOLye8Rayw%2526client%253Dca-pub-3342869996252685%2526adurl%253D&y=1&s=&z=0

Protocol

Server

2606:4700::6812:7e05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:42 GMT
via: 1.1 additional-webserver-blue-115j (Varnish/7.2)
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
strict-transport-security: max-age=15552000
age: 0
content-type: text/html; charset=UTF-8
p3p: policyref="http://www.conrad.de/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
x-varnish: 605579725
cache-control: no-cache
cf-ray: 7798b40bdd1a9170-FRA
expires: -1

Redirect headers

Date: Wed, 14 Dec 2022 17:36:42 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://www.conrad.de/ztpv.php?awc=11354_412871_1671039402_df96b5c0-7bd5-11ed-bfbc-22342ff4a6f7&insert=AW&&gdpr=0&gdpr_consent=
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5D24 42 B
64 B 47ms
47ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsspNKx-v1tFOaGXObOktVxEYv0z_IRNpkKF_oeU_s2VN4WnSMwtt36L6IjL_uPJ6yeakFl-Um_3UUWtml-n-cjPiA40GUdrV-6YUlHxy3hOgaChOiW_LxfDU_IAf7gtQ9pqxPiXnw&sai=AMfl-YRmUJltmp8K0Hf5d9sL7NLsg6VsoYXDaKSKlr6z1PZo1hmVUCDnW7L6O239lfsCRzUihYx9E5gY-E8tjQ2wnLNx4GW8i-VMF-iByV5LP_Fh58vOwnU8aKfiDPkevw&sig=Cg0ArKJSzOkGaX1THfsVEAE&cid=CAQSOwDq26N9qe3vOpcBld-oSaTd7TMjVKNCENmYTipYt21GSdiKUZOTZKeO6P3Np55IBPu0bSBPfFUHtR-7GAEgEw&id=lidar2&mcvt=1020&p=0,0,219.09375,850&mtos=0,0,1020,1020,1020&tos=0,0,1020,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=0.52&if=1&vu=1&app=0&itpl=2&adk=2099682579&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1671039401554&rpt=202&met=mue&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 14986c7a3fcbf331142efc1cfe3dea91.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/media/ Frame 52AE 31 KB
31 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/media/14986c7a3fcbf331142efc1cfe3dea91.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f806647f88d37d884d78bdfa4bd50754cb4d3dcd8fc52c2a82ffc11e6350cfb

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Fri, 09 Dec 2022 19:23:39 GMT
x-content-type-options: nosniff
age: 425583
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31561
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 09 Dec 2023 19:23:39 GMT

GET
H3 200 28f5d8da66c1978538f89b2583693dfa.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/media/ Frame 52AE 40 KB
40 KB 8ms
7ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/media/28f5d8da66c1978538f89b2583693dfa.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fab16292a66e362f856092e0fb1fe26eeec7c620fbbfa383c7ebf7d77be81d8f

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Fri, 09 Dec 2022 03:47:31 GMT
x-content-type-options: nosniff
age: 481751
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41214
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 09 Dec 2023 03:47:31 GMT

GET
H3 200 Gg8gN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHY527LvspYY.woff2
fonts.gstatic.com/s/ibmplexsanscondensed/v13/ Frame 52AE 18 KB
18 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsanscondensed/v13/Gg8gN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHY527LvspYY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:700|IBM+Plex+Sans+Condensed:500i|IBM+Plex+Sans+Condensed:500|IBM+Plex+Sans+Condensed:600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b4f873f3371bd426336178dfe982cf8366df7592c21738d0e1261e67a0cb2e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 20:48:04 GMT
x-content-type-options: nosniff
age: 420518
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18688
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:21:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Dec 2023 20:48:04 GMT

GET
H3 200 Gg8gN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHY5a67vspYY.woff2
fonts.gstatic.com/s/ibmplexsanscondensed/v13/ Frame 52AE 18 KB
18 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsanscondensed/v13/Gg8gN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHY5a67vspYY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:700|IBM+Plex+Sans+Condensed:500i|IBM+Plex+Sans+Condensed:500|IBM+Plex+Sans+Condensed:600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71fe56560b9eba788c8ff58e084f24ca95ff3b89aff510345fab96de36ec8101

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 12 Dec 2022 17:51:13 GMT
x-content-type-options: nosniff
age: 171929
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18740
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:21:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Dec 2023 17:51:13 GMT

GET
H3 200 Gg8iN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHYas8F_olYQtEw.woff2
fonts.gstatic.com/s/ibmplexsanscondensed/v13/ Frame 52AE 20 KB
20 KB 10ms
10ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsanscondensed/v13/Gg8iN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHYas8F_olYQtEw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:700|IBM+Plex+Sans+Condensed:500i|IBM+Plex+Sans+Condensed:500|IBM+Plex+Sans+Condensed:600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

09591867279cfa308e6366b2d6be5033904ef3de3c86b6f89cbe47e3022b7d99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 12:05:28 GMT
x-content-type-options: nosniff
age: 451874
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20496
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:21:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Dec 2023 12:05:28 GMT

GET
H3 200 1Ptxg8zYS_SKggPN4iEgvnHyvveLxVs9pbCIPrE.woff2
fonts.gstatic.com/s/raleway/v28/ Frame 52AE 21 KB
21 KB 10ms
10ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/raleway/v28/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVs9pbCIPrE.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:700|IBM+Plex+Sans+Condensed:500i|IBM+Plex+Sans+Condensed:500|IBM+Plex+Sans+Condensed:600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80f4e592fb822c98ea06e6553fbb20d8c6161644a39de94baaa9c448c6aba20a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 12 Dec 2022 23:13:56 GMT
x-content-type-options: nosniff
age: 152566
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21440
x-xss-protection: 0
last-modified: Mon, 18 Jul 2022 19:57:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Dec 2023 23:13:56 GMT

GET
H3 200 14986c7a3fcbf331142efc1cfe3dea91.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/media/ Frame 5CEC 31 KB
31 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/media/14986c7a3fcbf331142efc1cfe3dea91.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f806647f88d37d884d78bdfa4bd50754cb4d3dcd8fc52c2a82ffc11e6350cfb

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Fri, 09 Dec 2022 19:23:39 GMT
x-content-type-options: nosniff
age: 425583
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31561
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 09 Dec 2023 19:23:39 GMT

GET
H3 200 28f5d8da66c1978538f89b2583693dfa.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/media/ Frame 5CEC 40 KB
40 KB 8ms
6ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/media/28f5d8da66c1978538f89b2583693dfa.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fab16292a66e362f856092e0fb1fe26eeec7c620fbbfa383c7ebf7d77be81d8f

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Fri, 09 Dec 2022 03:47:31 GMT
x-content-type-options: nosniff
age: 481751
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41214
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 19:23:26 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 09 Dec 2023 03:47:31 GMT

GET
H3 200 Gg8gN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHY527LvspYY.woff2
fonts.gstatic.com/s/ibmplexsanscondensed/v13/ Frame 5CEC 18 KB
18 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsanscondensed/v13/Gg8gN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHY527LvspYY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:700|IBM+Plex+Sans+Condensed:500i|IBM+Plex+Sans+Condensed:500|IBM+Plex+Sans+Condensed:600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b4f873f3371bd426336178dfe982cf8366df7592c21738d0e1261e67a0cb2e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 20:48:04 GMT
x-content-type-options: nosniff
age: 420518
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18688
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:21:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Dec 2023 20:48:04 GMT

GET
H3 200 Gg8gN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHY5a67vspYY.woff2
fonts.gstatic.com/s/ibmplexsanscondensed/v13/ Frame 5CEC 18 KB
18 KB 10ms
8ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsanscondensed/v13/Gg8gN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHY5a67vspYY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:700|IBM+Plex+Sans+Condensed:500i|IBM+Plex+Sans+Condensed:500|IBM+Plex+Sans+Condensed:600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71fe56560b9eba788c8ff58e084f24ca95ff3b89aff510345fab96de36ec8101

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 12 Dec 2022 17:51:13 GMT
x-content-type-options: nosniff
age: 171929
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18740
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:21:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Dec 2023 17:51:13 GMT

GET
H3 200 Gg8iN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHYas8F_olYQtEw.woff2
fonts.gstatic.com/s/ibmplexsanscondensed/v13/ Frame 5CEC 20 KB
20 KB 11ms
9ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsanscondensed/v13/Gg8iN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHYas8F_olYQtEw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:700|IBM+Plex+Sans+Condensed:500i|IBM+Plex+Sans+Condensed:500|IBM+Plex+Sans+Condensed:600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

09591867279cfa308e6366b2d6be5033904ef3de3c86b6f89cbe47e3022b7d99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 12:05:28 GMT
x-content-type-options: nosniff
age: 451874
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20496
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:21:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Dec 2023 12:05:28 GMT

GET
H3 200 1Ptxg8zYS_SKggPN4iEgvnHyvveLxVs9pbCIPrE.woff2
fonts.gstatic.com/s/raleway/v28/ Frame 5CEC 21 KB
21 KB 11ms
10ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/raleway/v28/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVs9pbCIPrE.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:700|IBM+Plex+Sans+Condensed:500i|IBM+Plex+Sans+Condensed:500|IBM+Plex+Sans+Condensed:600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80f4e592fb822c98ea06e6553fbb20d8c6161644a39de94baaa9c448c6aba20a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 12 Dec 2022 23:13:56 GMT
x-content-type-options: nosniff
age: 152566
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21440
x-xss-protection: 0
last-modified: Mon, 18 Jul 2022 19:57:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Dec 2023 23:13:56 GMT

GET
H/1.1 404
Not Found whatsapp_28.png
stgcdn.spa.gov.sa//galupload/ads/ 22 B
22 B 106ms
106ms Image
text/html 212.138.183.12
ISU Internet Serv...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stgcdn.spa.gov.sa//galupload/ads/whatsapp_28.png

Requested by

Host: wes-net-q8.sopq-net-q8.xyz
URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.138.183.12 Riyadh, Saudi Arabia, ASN8895 (ISU Internet Services Unit ISU, SA),

Reverse DNS

Software

nginx /

Resource Hash

812f5e64f64a738fea88f584a7d898da427ecacbdd28bbaed427b56b1c8c4a90

Security Headers

Name	Value
Strict-Transport-Security	max-age=300000000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 14 Dec 2022 17:30:35 GMT
Strict-Transport-Security: max-age=300000000; includeSubDomains; preload
X-Expires-Orig: None
Server: nginx
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
X-Cache-Control-Orig
Cache-Control: max-age=0, must-revalidate, private
Connection: keep-alive

GET
H3 200 Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js Show response
pagead2.googlesyndication.com/bg/ Frame 52AE 36 KB
16 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

264edf8b1a4e2c1a8fb3c2e5d422381c5ca291ea2697b51bfd8da36697b977fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:17:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1139
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15923
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Dec 2023 17:17:44 GMT

GET
H3 200 Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js Show response
pagead2.googlesyndication.com/bg/ Frame 5CEC 36 KB
16 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

264edf8b1a4e2c1a8fb3c2e5d422381c5ca291ea2697b51bfd8da36697b977fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:17:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1139
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15923
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Dec 2023 17:17:44 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 61ms
61ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221207&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a680fc981edec5930412177d57fe2cb0c2c956c4ed3ec7a772772365bd97f149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11305
x-xss-protection: 0

GET
H2 200 like.php Show response
www.facebook.com/v2.5/plugins/ Frame E9D2 0
3 KB 181ms
95ms Document
text/html 2a03:2880:f128:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.5/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df36e78625573b18%26domain%3Dwes-net-q8.sopq-net-q8.xyz%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwes-net-q8.sopq-net-q8.xyz%252Ff1fe382f6c3446%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.spa.gov.sa%2Fviewstory.php%3Flang%3Dar%26newsid%3D2329628&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=true

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=a6dc8df71388650eeb18534b04379147

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f128:83:face:b00c:0:25de Sofia, Bulgaria, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wes-net-q8.sopq-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-length: 0
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: text/html;charset=utf-8
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 14 Dec 2022 17:36:43 GMT
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-content-type-options: nosniff
x-fb-debug: JL5JFLUih9qGRzLKL1XyID6QSTFtzTSUu7wD/W2tljamm66Qmtu9xlC6vTqCZvX8pA3pZ0NZe/SffvNujARUIQ==
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 14 Dec 2022 17:36:43 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 7A89 13 KB
5 KB 8ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wes-net-q8.sopq-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1139
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:17:44 GMT
expires: Thu, 14 Dec 2023 17:17:44 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 200F 783 B
534 B 16ms
16ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bda5ff29ed9309ae5b134383bb0468623730e46ae281b441fede38bec33f0a0e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-T-a7yyG4Qcu6uPyKOdYZ1g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://wes-net-q8.sopq-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-T-a7yyG4Qcu6uPyKOdYZ1g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 14 Dec 2022 17:36:43 GMT
expires: Wed, 14 Dec 2022 17:36:43 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 89D9 42 B
64 B 48ms
48ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstkWfbtw5QQ9Jv4ml0d_5EnVUbKrp_uYhe2AP-AnAzkVEHDd2OfbrXApgmh0N50PfhXx0ZKWgnwWqdRlw9wJjXykRfKVS4F8tj9EgMiH0AwOgDJvmIRsmeBg-8nd7ODV2oaFwmzBQ&sai=AMfl-YQ-Gpg8QXRCjOLrZyHhOZ3zZEHZ7Sxlx5TeO8NIvhObLxJ80xAukdeeaG6QSQDeangVE_hJfmWweF4RFtStPlt-j_L63LgVfCEhGUgF3eZU2CoI3f4a6R03lNaSxw&sig=Cg0ArKJSzPGH8BmYNnr_EAE&cid=CAQSOwDq26N9_Y5OmOf-zb0RFccQAeJEH5Wd5JqcerZ4YSotF6GY3l_xtDwKe7HPjbvi-hzBPsX2i8T2Uzp0GAEgEw&id=lidar2&mcvt=1024&p=0,1,124.25,1006&mtos=0,808,1024,1024,1024&tos=0,808,216,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=0.8&if=1&vu=1&app=0&itpl=2&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1671039401828&rpt=432&met=mue&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 200F 0
0 41ms
41ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20221207&jk=3895632432115720&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 485D 42 B
64 B 41ms
41ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu7dvdvWRb0AShj2ihgdRLU1KXMirUx-1FYbiCHQ9LjvfmB1JttPmPOoaBZv22pwcLRdXcUknpCESmf2rJK0MO0_VMa&sig=Cg0ArKJSzP49qYaKPt82EAE&cid=CAASF-Ro9B3T1lIyN5-ONHa_hivtzYCbl9f9&id=lidar2&mcvt=1025&p=0,0,600,120&mtos=1025,1025,1025,1025,1025&tos=1025,0,0,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1671039401825&rpt=252&met=ie&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 83B1 42 B
64 B 49ms
48ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstaeFgAP6d1FFxweng5psys1yA99VsIyBbbiJ_cHVwXuF63q0T-gV6xg_cfzeVkyLjJwdRusrWSKiR2-cJs3BNbbPGeQo29NL1v-kMUrVR-skV507g02DzqhBRrqQnfThu1vve8VQ&sai=AMfl-YRNeQlSli07OGIshQq2TjvSkD37d0q5qjHYDeMm2LonSGhRgHzlfPX5YhgkyHW5Enojck6PILglu0511PsSmrU6zaTNPo0CJSwsCfUtbAnb9XeYZZLVj7eor1iAOg&sig=Cg0ArKJSzDgDOdfnbT30EAE&cid=CAQSOwDq26N9vBZtb4cVXk4O9hlZV9KtAAQHOYozTnpQGRz0vRuVP2D_V0zCY_rJSDDZk5_nl-qWdZ_cOMMZGAEgEw&id=lidar2&mcvt=1027&p=1,0,225.75,872&mtos=1027,1027,1027,1027,1027&tos=1027,0,0,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=2&adk=2183795468&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1671039402156&rpt=205&met=mue&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js Show response
pagead2.googlesyndication.com/bg/ Frame 7A89 36 KB
16 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jk7fixpOLBqPs8Ll1CI4HFyikeoml7Ub_Y2jZpe5d_o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

264edf8b1a4e2c1a8fb3c2e5d422381c5ca291ea2697b51bfd8da36697b977fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:17:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1139
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15923
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Dec 2023 17:17:44 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 08B7 42 B
64 B 47ms
47ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssGpRKkv_vH8ALa47TejnNv6jUxo57wD9L6mR3GXNwiv9uvV49XHLgi1MWfi-LlWaPDxM5ROVfRnMVHUqLHWfCyL3qeAQl4ZgzOWCpxcCfGbYWj_ydYtyQmBdAHEjxBkIPTF1-vvg&sai=AMfl-YTaE-knif7k7_b28BIwo2IW000plKjQcjccYl6DB1vHmaAsXk2fyNiMr4B0n2AxQ2eUMOeQHZVR73DlpoTT65NnWH5pipblCjxQig&sig=Cg0ArKJSzDjqyaJMbB4-EAE&cid=CAQSKQDq26N9nuX_CYsB8PV6pciS9Kr-GTh8sEXYH6vt2_0unRmuHQAw3Q58GAEgEw&id=lidar2&mcvt=1024&p=0,0,600,300&mtos=0,0,1024,1024,1024&tos=0,0,1024,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=0.67&if=1&vu=1&app=0&itpl=2&adk=2628446172&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1671039401051&rpt=1461&met=mue&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Dec 2022 17:36:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 7A89 0
12 B 6ms
6ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?OxCPAQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 17:36:43 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 45ms
44ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20221207&jk=3895632432115720&bg=!AwClAETNAAYgquz3AKo7ACkAdvg8WiKXKuZCYfkkkWJH_LlRRBZoic_bjQDZa4Lgb_NP_aHfJLikugIAAAEYUgAAAARoAQeZAvlJpinD516XABNuimbA4RsQLOGov5VHQ_5oSwNYDyGr3zSXPxcpjMChnc7cxlfOaiLimrQoGxG-GXsE2LTia46w3pOK_W68ex0iEA6soPi-Ms4yS9WnLEd0Gk5GVVeDefC_-oDYCtEAJAcZXbTppdM9epWyyzCuB0j7WLKpGSGUpm8ZatDsHtaFAvrfBhU8p65cyNlOKfeLlkB-sSG8_EsJbx5KdII4GXEX_t-L7R7YTECl1PTLrBJ4Rr1ve2USpUiPUvD4eI2b-WyxVw4oDrJIEOJBPhYKlow362gABV8mUwLlthC4dA-kV65btM5co1M8nFV5EaWYrmchryo7z2UIB0fdDYx4pZRMQq4MeJH2zb4UwDTUWdY1ghvADoCGSmm2ezl7_F4Fk0cCt2tVcZSdc1F-xBO98IhpopKErLTgruPwHO9EBmZktXK70SrwVqTy2gaXBJJwxJ7t-BuK508YwJYnr9j4vli7EzMF0U_voNeJSc6jiJfl8h0BDFT5RsZigt-tbKnTYRoZhsDH73BjDeKRk89uVwCFhJFQkPg5tBfEf4odH0oiWBBEwM275kPP_MvtwLXl1FVpFL2IlYSOH9dD4SRwIZWkf2spK8j2HcO7J5IyLJ2a8X79Sf4Hz4eLtpDLsK2MBGpdvUdZC7REvtNpeiJlqjotd4PigtdhDtmZvxX-25sZ9BvnIeSb0Qy9YH3xDpKL7UKGfLij7OdUmSQ8mL0opPruYccL7jJYPY80fmtJcPf6u40sYroFvmzuO6RkUKOtYYTSLVNvDhUbJTln7YMN5ZvrEiPI8QfFVRguV7O0NksoX8LUQWo0mdLqrdMkJ1A6G39VbAhXMcPJiPglkCRWbiHBRu6EtHlCbj26X6FD3fHg_cb7HVyqC0K90cuWI6BT2KeMW4aLY4uIGwFkuctyQSJIaCB88FD1cs1Svrk6Jp_AHdmGtGQ0MGNB5SDD_WUDxHvPCHSkSUYzawXZwIw3pa_grnvEXBE91UYcORfQGCsEnQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wes-net-q8.sopq-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.spa.gov.sa
URL: https://www.spa.gov.sa/include/fonts/JF-Flat-regular.woff

Domain: www.spa.gov.sa
URL: https://www.spa.gov.sa/include/fonts/fontawesome-webfont.woff2?v=4.3.0

Domain: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=6456950493&adk=2183795468&adf=442814120&pi=t.ma~as.6456950493&w=872&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=872x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400849&bpp=6&bdt=1564&idt=6&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=518&ady=303&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=O4ozOqXuLN&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=11

Domain: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=3143842704&adk=2099682579&adf=2632187649&pi=t.ma~as.3143842704&w=850&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=850x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400864&bpp=3&bdt=1579&idt=3&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600%2C872x280&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=523&ady=1053&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=xNyXaBeZJ2&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=6

Domain: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=5770006049&adk=3758141296&adf=1282402278&pi=t.ma~as.5770006049&w=850&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=850x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400873&bpp=1&bdt=1588&idt=1&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600%2C872x280%2C850x280&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=523&ady=1543&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=cKfczBv04T&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=4

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Domain: www.google.com
URL: https://www.google.com/pagead/drt/ui

Domain: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:700|IBM+Plex+Sans+Condensed:500i|IBM+Plex+Sans+Condensed:500|IBM+Plex+Sans+Condensed:600

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/media/5f95c1cc2919a9df28388531193350bf.jpg

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/media/24e8b2c8dde80786640a2d9b9270037d.png

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/undefinedz9njpo

Domain: syndication.twitter.com
URL: https://syndication.twitter.com/i/jot?l=%7B%22language%22%3A%22en%22%2C%22message%22%3A%22m%3A%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2F%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1671039401015%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%2243d7a3f%3A1449607660032%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D

Domain: www.spa.gov.sa
URL: https://www.spa.gov.sa/include/fonts/JF-Flat-regular.ttf

Domain: www.spa.gov.sa
URL: https://www.spa.gov.sa/include/fonts/fontawesome-webfont.woff?v=4.3.0

Domain: www.spa.gov.sa
URL: https://www.spa.gov.sa/include/fonts/fontawesome-webfont.ttf?v=4.3.0

Verdicts & Comments Add Verdict or Comment

106 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

46 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.google.com.sa/	1970-01-20 17:40:26	Name: __Secure-ENID Value: 9.SE=U4z6MMn3mGp_FR53YvQiUdUL_cXZlXwjNFRkrdgVQizxVEueQ09Y8qcc_RfNpJssuD61y6sNwfe_tSxQozrTLxZI3C7zYXpv_BH8M_AAkBhtDEIRDE9g4GOAJyJCCnhd1o3EXACOguz4l3E_5RXJPLz7XHRfMt9vL_k96y8tJGQ
.google.com.sa/	1970-01-20 17:46:39	Name: CONSENT Value: PENDING+874
wes-net-q8.sopq-net-q8.xyz/	1970-01-20 16:56:15	Name: HstCfa4560416 Value: 1671039399359
wes-net-q8.sopq-net-q8.xyz/	1970-01-20 16:56:15	Name: HstCla4560416 Value: 1671039399359
wes-net-q8.sopq-net-q8.xyz/	1970-01-20 16:56:15	Name: HstCmu4560416 Value: 1671039399359
wes-net-q8.sopq-net-q8.xyz/	1970-01-20 16:56:15	Name: HstPn4560416 Value: 1
wes-net-q8.sopq-net-q8.xyz/	1970-01-20 16:56:15	Name: HstPt4560416 Value: 1
wes-net-q8.sopq-net-q8.xyz/	1970-01-20 16:56:15	Name: HstCnv4560416 Value: 1
wes-net-q8.sopq-net-q8.xyz/	1970-01-20 16:56:15	Name: HstCns4560416 Value: 1
wes-net-q8.sopq-net-q8.xyz/	1970-01-20 16:56:15	Name: c_ref_4560416 Value: https%3A%2F%2Fwww.google.com.sa%2F
.sopq-net-q8.xyz/	1970-01-20 17:32:15	Name: __gads Value: ID=63c842b2cfab5eac-22efc05e14da0068:T=1671039399:RT=1671039399:S=ALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ
.sopq-net-q8.xyz/	1970-01-20 17:32:15	Name: __gpi Value: UID=00000b9282adad6e:T=1671039399:RT=1671039399:S=ALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg
wes-net-q8.sopq-net-q8.xyz/	1969-12-31 23:59:59	Name: resolution Value: 1600
.doubleclick.net/	1970-01-20 17:32:15	Name: IDE Value: AHWqTUnV0aLwLOafSg1UCvIeeYzuaiqEBa7XAhYxCiarK9ZPRHIdRZlVOnCfxyxmJ8A
wes-net-q8.sopq-net-q8.xyz/	1970-01-20 17:40:53	Name: __atuvc Value: 1%7C50
wes-net-q8.sopq-net-q8.xyz/	1970-01-20 08:10:41	Name: __atuvs Value: 639a09a86143d43d000
.addthis.com/	1970-01-20 17:40:53	Name: uvc Value: 1%7C50
.addthis.com/	1970-01-20 17:40:53	Name: loc Value: MDAwMDBFVURFSEUyMzAxMTg4NzAwMzAwMDBDSA==
.doubleclick.net/	1970-01-20 08:10:43	Name: DSID Value: NO_DATA
.lijit.com/	1970-01-20 16:56:15	Name: ljt_reader Value: F0NgtGZHZVmbWxIfRyKwIWAJ
.simpli.fi/	1970-01-20 16:57:41	Name: suid Value: F48E42FE088D4A8BAEFE81B9DF6C3E1A
.bidswitch.net/	1970-01-20 16:56:15	Name: tuuid Value: 25d7f847-571f-40bf-aef3-d0f2ffd887e9
.bidswitch.net/	1970-01-20 16:56:15	Name: c Value: 1671039402
.bidswitch.net/	1970-01-20 16:56:15	Name: tuuid_lu Value: 1671039402
.yahoo.com/	1970-01-20 16:56:37	Name: A3 Value: d=AQABBKoJmmMCEK8nI4SBeYaWJx8d3qukduEFEgEBAQFbm2OjYwAAAAAA_eMAAA&S=AQAAAhD-S5ecpuTuXc88L-0WagI
.adfarm1.adition.com/	1970-01-20 10:20:15	Name: UserID1 Value: 7177059581924472976
.de17a.com/	1970-01-20 16:49:03	Name: guid Value: 1.782152647903409582
.mathtag.com/	1970-01-20 17:36:34	Name: uuid Value: 9096639a-09aa-4c00-8c3e-cae45bf034ef
.mathtag.com/	1970-01-20 08:53:51	Name: mt_mop Value: 4:1671039402
.analytics.yahoo.com/	1970-01-20 16:56:15	Name: IDSYNC Value: 18yx~28uh
.3lift.com/	1970-01-20 10:20:15	Name: tluid Value: 2695942857626119926944
.quantserve.com/	1970-01-20 10:20:15	Name: d Value: EFgBCQHnJ4EA
.quantserve.com/	1970-01-20 17:40:53	Name: mc Value: 639a09aa-447b5-bed0b-32891
.1rx.io/	1970-01-20 16:56:15	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-648117c9-225b-481a-9979-259d7dfd0bc7-003%22%7D
.targeting.unrulymedia.com/	1970-01-20 16:56:15	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-648117c9-225b-481a-9979-259d7dfd0bc7-003%22%7D
.awin1.com/	1970-01-20 08:14:58	Name: awpv11354 Value: 412871\|1671039402\|df96b5c0-7bd5-11ed-bfbc-22342ff4a6f7
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 377129:2470185
www.conrad.de/	1970-01-20 08:17:51	Name: HTLP_timestamp Value: 1671039402
www.conrad.de/	1970-01-20 08:17:51	Name: CEAffHA Value: YD
.www.conrad.de/	1970-01-20 08:10:41	Name: __cf_bm Value: ORB3uXJzQDud6LZiQr9P5NH1.2i49zLunUFa7ZP4JBc-1671039402-0-AbHnmt5wmJNoqTm/3JYHgRqtkFNkDlvphvAd6HWd6aoI3DtfnTYIpxA+hWJfuHBhtP0Bk/fIn8Yz+6fseXQsEjw=
.blau.de/	1970-01-20 08:20:44	Name: nscT486 Value: v01MTQyMTExMzExMTExMTExMTEwMTQyMTI3MDAwMDAwMDA2MTY3MTAzOTQwM3ZsZWExZGUyMDIyMTIxNDE4MzY0Mjc5NTA3NDg5MTc1WDExMzc1MlYxMjI1MTMxMTA2TVN2aWV3b25laWRSNVhmZ2Y2UUZYMjdUa0h3SDN0UXRkZEFGd1R6VDdnczdvbmVpZF9fc3VpdGVfTmV0bWl4X1JlYWNoNDNfVG9wUm90YU1vbnRoMTEzNzUy
.blau.de/	1970-01-20 08:20:44	Name: nscQ486 Value: V
.blau.de/	1970-01-20 08:20:44	Name: webShopPV Value: ?partnerId=BLU_AFF_POV_EXA_35008&mediacode=AFF_la_113752_-HTLP&utm_term=AFF_la_113752_-HTLP&utm_content=BLU_AFF_POV_EXA_35008&spid=2022121418364279507489175X113752V1225131106MSviewoneidR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7oneid__suite_Netmix_Reach43_TopRotaMonth&wfid=113752
.o2online.de/	1970-01-20 08:20:44	Name: nscT485 Value: v01MTQyMTExMzExMTExMTExMTEwMTQyMTI4MDAwMDAwMDA2MTY3MTAzOTQwM3ZsZWExZGUyMDIyMTIxNDE4MzY0Mjc5NTA3NDg5MTczWDExNzcwM1YxMjI2MTMyNzAyTVN2aWV3b25laWQ3MnhjcWZnekhqWG1ydXJIWEhndEF0VlZlZkdUMVRNSkNNb25laWRfX3N1aXRlX05ldG1peF9SZWFjaDQzX1RvcFJvdGFNb250aDExNzcwMw
.o2online.de/	1970-01-20 08:20:44	Name: nscQ485 Value: V
.o2online.de/	1970-01-20 08:20:44	Name: webShopPV Value: ?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_117703_-HTLP&utm_term=AFF_la_117703_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=2022121418364279507489173X117703V1226132702MSviewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_Netmix_Reach43_TopRotaMonth&wfid=117703&affiliateId=v01MTQyMTExMzExMTExMTExMTEwMTQyMTI4MDAwMDAwMDA2MTY3MTAzOTQwM3ZsZWExZGUyMDIyMTIxNDE4MzY0Mjc5NTA3NDg5MTczWDExNzcwM1YxMjI2MTMyNzAyT

30 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'unload'.
network	error	URL: https://cdn.spa.gov.sa/galupload/ads/whatsapp_28.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://cdn.spa.gov.sa/galupload/ads/whatsapp_28.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	error	URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/ Message: Access to font at 'https://www.spa.gov.sa/include/fonts/JF-Flat-regular.woff' from origin 'https://wes-net-q8.sopq-net-q8.xyz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.spa.gov.sa/include/fonts/JF-Flat-regular.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/ Message: Access to font at 'https://www.spa.gov.sa/include/fonts/fontawesome-webfont.woff2?v=4.3.0' from origin 'https://wes-net-q8.sopq-net-q8.xyz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.spa.gov.sa/include/fonts/fontawesome-webfont.woff2?v=4.3.0 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/ Message: Access to font at 'https://www.spa.gov.sa/include/fonts/JF-Flat-regular.ttf' from origin 'https://wes-net-q8.sopq-net-q8.xyz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.spa.gov.sa/include/fonts/JF-Flat-regular.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/ Message: Access to font at 'https://www.spa.gov.sa/include/fonts/fontawesome-webfont.woff?v=4.3.0' from origin 'https://wes-net-q8.sopq-net-q8.xyz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.spa.gov.sa/include/fonts/fontawesome-webfont.woff?v=4.3.0 Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://stgcdn.spa.gov.sa//galupload/ads/whatsapp_28.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
security	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=5770006049&adk=3758141296&adf=1282402278&pi=t.ma~as.5770006049&w=850&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=850x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400873&bpp=1&bdt=1588&idt=1&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600%2C872x280%2C850x280&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=523&ady=1543&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=cKfczBv04T&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=4 Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/14674112099215987585/index.html".
security	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=5770006049&adk=3758141296&adf=1282402278&pi=t.ma~as.5770006049&w=850&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=850x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400873&bpp=1&bdt=1588&idt=1&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600%2C872x280%2C850x280&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=523&ady=1543&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=cKfczBv04T&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=4 Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/14674112099215987585/index.html".
security	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=3143842704&adk=2099682579&adf=2632187649&pi=t.ma~as.3143842704&w=850&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=850x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400864&bpp=3&bdt=1579&idt=3&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600%2C872x280&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=523&ady=1053&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=xNyXaBeZJ2&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=6 Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/14674112099215987585/index.html".
security	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=3143842704&adk=2099682579&adf=2632187649&pi=t.ma~as.3143842704&w=850&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=850x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400864&bpp=3&bdt=1579&idt=3&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600%2C872x280&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=523&ady=1053&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=xNyXaBeZJ2&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=6 Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/14674112099215987585/index.html".
security	error	URL: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20110914/zrt_lookup.html?fsb=1(Line 21) Message: The Content Security Policy 'child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12406491265686199930/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12406491265686199930/index.html' was delivered via a <meta> element outside the document's <head>, which is disallowed. The policy has been ignored.
javascript	error	URL: https://wes-net-q8.sopq-net-q8.xyz/shaden/ Message: Access to font at 'https://www.spa.gov.sa/include/fonts/fontawesome-webfont.ttf?v=4.3.0' from origin 'https://wes-net-q8.sopq-net-q8.xyz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.spa.gov.sa/include/fonts/fontawesome-webfont.ttf?v=4.3.0 Message: Failed to load resource: net::ERR_FAILED
security	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=600&slotname=5914239063&adk=2628446172&adf=41369079&pi=t.ma~as.5914239063&w=300&lmt=1671039399&format=300x600&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039399426&bpp=2&bdt=141&idt=222&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&correlator=785032542511&frm=20&pv=2&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1280&ady=-200&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=ryZGqTjP1V&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=246 Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/16841678510429673680/index.html".
security	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=600&slotname=5914239063&adk=2628446172&adf=41369079&pi=t.ma~as.5914239063&w=300&lmt=1671039399&format=300x600&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039399426&bpp=2&bdt=141&idt=222&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&correlator=785032542511&frm=20&pv=2&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1280&ady=-200&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=ryZGqTjP1V&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=246 Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/16841678510429673680/index.html".
network	error	URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/undefinedz9njpo Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DAavPq0O8JuPZCNPHCEHw39LiI1ueZEMe7dSoYORiHupKSh8wZb5-tv_IisAiwdiDQu_M-UfSPeGHfXi34LXQUWp42VkD9ky7uVWzVv9zuZu-qj6s5ixSpND4d-gjuPniyWmkue9A_vcjBYzyGA&google_gid=CAESEC2N2cP-za2wuzaJwMvKL2U&google_cver=1 Message: Failed to load resource: the server responded with a status of 451 ()
security	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=6456950493&adk=2183795468&adf=442814120&pi=t.ma~as.6456950493&w=872&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=872x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400849&bpp=6&bdt=1564&idt=6&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=518&ady=303&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=O4ozOqXuLN&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=11 Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/14674112099215987585/index.html".
security	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3342869996252685&output=html&h=280&slotname=6456950493&adk=2183795468&adf=442814120&pi=t.ma~as.6456950493&w=872&fwrn=4&fwrnh=100&lmt=1671039400&rafmt=1&format=872x280&url=https%3A%2F%2Fwes-net-q8.sopq-net-q8.xyz%2Fshaden%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1671039400849&bpp=6&bdt=1564&idt=6&shv=r20221207&mjsv=m202212050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D63c842b2cfab5eac-22efc05e14da0068%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MYlZCpSvE0IsO8LLvdwDSq81p9NWQ&gpic=UID%3D00000b9282adad6e%3AT%3D1671039399%3ART%3D1671039399%3AS%3DALNI_MbdBMLmkNwz1mIxdWMsTNi-G5fosg&prev_fmts=300x600&correlator=785032542511&frm=20&pv=1&ga_vid=2094467600.1671039400&ga_sid=1671039400&ga_hid=1944481297&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=518&ady=303&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071168%2C44779793%2C44780792&oid=2&pvsid=3895632432115720&tmod=1695766692&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com.sa%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=O4ozOqXuLN&p=https%3A//wes-net-q8.sopq-net-q8.xyz&dtd=11 Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/14674112099215987585/index.html".
network	error	URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16841678510429673680/undefinedz9njpo Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12406491265686199930/undefinedz9njpo Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/undefinedz9njpo Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14674112099215987585/undefinedz9njpo Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://stgcdn.spa.gov.sa//galupload/ads/whatsapp_28.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
ad4m.at
adservice.google.com
adservice.google.de
ap.lijit.com
api-public.addthis.com
as.ad4m.at
assets.ad4m.at
cdn.jsdelivr.net
cdn.spa.gov.sa
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
d5p.de17a.com
dclk-match.dotomi.com
dsp.adfarm1.adition.com
eb2.3lift.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
id.rlcdn.com
m.addthis.com
match.adsrvr.org
onetag-sys.com
oss.maxcdn.com
pagead2.googlesyndication.com
partner.blau.de
partner.googleadservices.com
partner.o2online.de
pixel.rubiconproject.com
platform.twitter.com
prod-rtb.ad4mat.net
s.ad.smaato.net
s10.histats.com
s4.histats.com
s7.addthis.com
ssbsync.smartadserver.com
static-de.ad4mat.net
static.addtoany.com
stgcdn.spa.gov.sa
sync.1rx.io
sync.mathtag.com
sync.targeting.unrulymedia.com
sync.teads.tv
syndication.twitter.com
tpc.googlesyndication.com
um.simpli.fi
ups.analytics.yahoo.com
v1.addthisedge.com
wes-net-q8.sopq-net-q8.xyz
www.awin1.com
www.conrad.de
www.facebook.com
www.google-analytics.com
www.google.com
www.google.com.sa
www.googletagservices.com
www.gstatic.com
www.lead-alliance.net
www.mslslat.info
www.spa.gov.sa
www.telefonica-partner.de
x.bidswitch.net
z.moatads.com
fonts.googleapis.com
googleads.g.doubleclick.net
s7.addthis.com
syndication.twitter.com
tpc.googlesyndication.com
www.google.com
www.spa.gov.sa
104.244.42.8
13.248.245.213
142.250.185.198
149.56.240.132
15.197.193.217
172.217.23.98
185.29.134.244
185.86.137.122
2.23.192.118
212.138.115.17
212.138.115.18
212.138.183.12
213.155.156.166
213.19.147.45
216.52.2.48
23.111.8.154
23.218.209.56
23.67.134.223
2600:1901:0:76b9::
2600:9000:223f:de00:1b:5138:8a40:93a1
2606:2800:234:46c:e8b:1e2f:2bd:694
2606:4700:10::6816:46c5
2606:4700:20::681a:71b
2606:4700:20::681a:ad1
2606:4700:20::681a:bd1
2606:4700:3033::ac43:b608
2606:4700::6810:5514
2606:4700::6812:7e05
2620:116:800d:21:e365:4988:e8a7:3270
2a00:1450:4001:802::200e
2a00:1450:4001:808::2003
2a00:1450:4001:80b::2002
2a00:1450:4001:80b::2003
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2002
2a00:1450:4001:813::200a
2a00:1450:4001:827::2004
2a00:1450:4001:829::2002
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2003
2a00:1450:4001:831::2002
2a02:fa8:8806:16::1370
2a03:2880:f080:9:face:b00c:0:3
2a03:2880:f128:83:face:b00c:0:25de
2a06:98c1:3121::3
3.126.56.137
3.64.108.88
35.204.158.49
35.244.174.68
46.105.201.240
46.4.62.19
51.89.9.251
69.173.144.139
78.46.85.162
84.200.5.215
85.114.159.93
88.221.169.143
000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c
02ebc319500d29d704855de3d846bbb2479434953bb7b34f533122f432ce33bf
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
060e8449d65acbc28c67dd6cf68c4980fe655ad2e68fda86564c7afe940e82a9
0753bc49eaa2816ff783e7f602b294d24841ab9c36d8e05a5ce5732ddddad541
09591867279cfa308e6366b2d6be5033904ef3de3c86b6f89cbe47e3022b7d99
0a692c63afbfa334201a6a937c955d25b03c75657a935a3fae0f02f3262e6cc9
0b3c0bff8937e3602a0c219094f379f4477e892eca28d3ef8c6771a3ef7f7659
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c779ae95a8b1f10dcec474f7d89e001dfc1d27816dfe9e92542efdee4c6dc76
0fc6327e965679b41a818cf88fdaf0b16e586c0ac03bc72d49c4f47e2ed02336
123dea3c26414220dfc6f4e3645f3f613f29a012627154dec70ef7da0794bc5b
124b99c130da08ade01869c6be4da246da17d14e3d5b07630f7db6da1650a12b
14a39dfdc5b771c11fddeea49df147ba70223a06e2e1b95dce6908bee4f040c4
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18b1ab4b74b9a93dd514f2f4d841ef3c7665fb6b6f312c9daf6cbe08dcf10363
191c1b1b46329ec0ca5f6a375f90eae5af18d24503309650c6b7b55cf010c7af
196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e
1aae23a1a146a8276a47a9aaa6b54f499f8f433d9acf7ae65920fd168de57e42
1bf984fa8148b2e414f2ae7d828c483accdd0426ad8cb1883280a2c801cedae5
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1e2a9c8ebb66491c06c2e59734ebba9fcc815a1f73ee8bd6a72403bc686984ac
264edf8b1a4e2c1a8fb3c2e5d422381c5ca291ea2697b51bfd8da36697b977fa
28c260c944a04b1cbb2f2f610ff2ff16842b60c63872204eef93ca91b5d409eb
29252e13edb247b56ba684a88a88ff29d69281bf4522c82d5a83434315d3654b
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede
2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e
2ff0f0b516a11623d2dea2d9a8b55f134b5ef482b007dde2c0698552cedb6359
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31bbffee7e9e057e1b6a1c0e2b2af2eacaf9604d3fa1202dba460efa29b3da2c
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
33f6011ee1b3b09e271685bce1b4ef82d23e818adad4504a68a09a4c8f24de98
37fcb92689d3f88d0fe122413be1aabc9e67c37b5907f62afd75b6b41701107c
3a19ff3554a1e589f756a92be8263726674127c133feb1d333095668b77ba08c
3dab93242ee573bbcfc22c9d15acd47794e500ed44e6bd48a35400b39d65aa43
3f806647f88d37d884d78bdfa4bd50754cb4d3dcd8fc52c2a82ffc11e6350cfb
41b9b9d488e3a57902a671111dd089363c2f7d3a41ec3177f196abbb7cbac078
426e9990630704048103fc46ffd9c25a20249317fc9719b82be6ea7674c75913
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4448f8a1508bb549fb080886b2b6b7f0672bc18bf1830b07357058073b997957
4457d4486e74ed3b3b703db0434942456fae1849d108e6cc9b1cd07478f86dbd
468fd352348d14dc44bec2f7e695ffa0c398693d92c43b04242ce6800025600f
4ab995345cf38f3951bc840ab2c0d043269e700e59f1c6d6cb7fb8946268b358
4d0ed9630334a711204c67723b1eb52755c8316466fa7e4e601958e0c12a5da9
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
501fe67bafaf9d1cab32bb58370ee5dea926cc33be7caf40d17c1ebc3fe9d763
512fe36f152bf3bfe134573b31da8bd8c83716bab882ebeca0865f0e1e1fe41a
5592b1f799f3bff73a1b1d87deb4a32a820db0e2dd4a561050c7f1d27116d9a1
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
567e565582876be8ea6f7833055844a3c6ab5d136100d03b03e140bc8f6f0960
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba
5a4192e762a449dfd6e63bee835e0941627223c9159e8219acdd01881a1ac175
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab
5eeedf9055f9efab9127642b4c44135be9f404caa7ce08e51a5ea734dfd28828
6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6787359c73bf5b6f97050c2486162beab8d21a74a16a7f80f5bcc15760caad98
6847a453292f6db177d022b32b68ec91da611dd1bc18c6e33d26ed726339bc60
6a5c348d2bea7f9ee849e125961007a3f257f6b3957db77cf7500249340c73a3
6b094a140ea1c9e6edece62a54ab0d4fb5a600ba71495dc8835a12621e49204e
6b168cd3c5a10a177f1cfc436679fa7f08706ce561ae508994b4f325d5cf9f92
6b4f873f3371bd426336178dfe982cf8366df7592c21738d0e1261e67a0cb2e2
71aa9b7678fcd8dc6809e7825d71a357e51bda2a5368e0967ac8f841254fd924
71fe56560b9eba788c8ff58e084f24ca95ff3b89aff510345fab96de36ec8101
74ec1e2bfcf647ccdeaf5b127294db846ee4a6f8ffd6c909d4938370d4187d1f
764a79d7e8c4a84d8286fd262e201b8dc9ce28ef0f7650efefbcd5c1f6f61efc
78319cbe73c68a127b678b33709e4df0793f52aa78e4048b9205174810e4f75c
78631aa2658006d43b70adcf42bfef831d29315d91bfe9e67bb4acd5f9b349e3
78f227a8ad7e10a17bf260afc2e29571f20bf69960e10c86fc2efb3a2c20bd64
7a49f15294007bad4031449fd145bfe309092999eebdb428925aa0403215f56d
7b4fbd6cf87898b005b09546b1c4e82654918b11e5f64ccb8fc32ea0a04e237a
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
7ed099ecf0f238578fd7f635b7afd7a2598cb526aa006c8f43d00fabc243e0d9
80f4e592fb822c98ea06e6553fbb20d8c6161644a39de94baaa9c448c6aba20a
812f5e64f64a738fea88f584a7d898da427ecacbdd28bbaed427b56b1c8c4a90
83a8807ef669fa70d0d9375347f5552897f76c6ae8e2e6f97ef592595462d8d1
84789717527e8225851b38879c50ddc1bd883a8bdab96a2f3de89a17e94d470c
86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a
86e9f0cb107b108b8f2fe7307cc87e0e928639b6ca9cde88375b5522af242bf3
8c7a9c0470563367ab00307b4fb9bb3052d0a27f0b94e63b9dc0bb8c369449cb
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8f48e82fda8006ef0c30c33b5b918ce1e962c552cdebc3f59d994501c99ca98e
9624c9f30634be84a224d007e5df178a51107bff3e456e2a90b504cbf350d190
96840bd7cc7d8edd1d1ffaff60d7f335fd866cd9a6132c8524d620482f4df64a
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1bbd092918feec602a03b1ce42821dc4d3c3a17c782f1bc68f1707b343ae5b7
a21b500ff6f5383f3d17c3053be87eda4e9055be704a849a9f2baa674386ccb5
a21eae026c949616ac9de39bc193b0a7cf5f837dcee1b174d45d970b7cb18f60
a4798968ffb88995f78e45ff4b5493df16191821d4d1287a5ecfa5e5ff807b5c
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a680fc981edec5930412177d57fe2cb0c2c956c4ed3ec7a772772365bd97f149
a842670e0c9a10d0c42dc6de87889c6b9de065232e6bf125d5ca43a163f6d9fd
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
aac8bec099aff1d246903891b4fffaf4292832998c8f8d49c5aa1fe51f002d4f
ab4bb9417aaa009fdef6175ae8a91b85bed8698628f1b5cb1abcc27417b31302
abf06691088fd3e48eeca737b56e448a96b06b1d7abb1495b634efcc2795aa89
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b519c642f958215180ce1550cf10a61b04437a722796b27d817f66455dd9b7cf
b6984a1462c5e77cb004b7bb420d68073ca12b3b196175e0f77adee86c325cf8
b84b58bc5684e07213ce13351d3bf6b45f8fabc346f45f4a1ea17a4bbafbdd13
ba2ea8daf45136819365c897010c0f185d534a7dc553578ec156f9c8db72449e
bbd280edcb935b3416b2b97d92a3417609abfdd0743856973626d9729e7c7add
bda5ff29ed9309ae5b134383bb0468623730e46ae281b441fede38bec33f0a0e
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
c02d2e4ee660f561338f717a6dc83745ea23c4ad356a57bdfee60c3643b25b1a
c0dade5e40511841f841814ed717788248c50490400ef63f4620391825f7444e
c1ac0ed1feaca258ba4b12a1da4663c9faaf28add526e969f9095565e6060055
c1b38d975bb9b6e996ee1ba61cadb657fe5c81878a174b8e75f130aaa2f8fbad
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
ccc209333b554936406b1eb81ee3dee2df1d4321f46c9047991ebaf532f63d12
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf52b1ce215fdcb207d5413f7b77a3f3097ebf08c8110faae16736e1cd921627
cf5ca6cc63377fe5380dabc8553c8b9ce4d109b89ee6994b2c526712bf508f74
d00c90e4fa66012e1a8195c0ce87226cc54ab410c060d3e0a0e46a8d9c997b44
d249cd7a84fd9b3953a5d49e8a1ea195bcbcbc17e82fbf730bc274102881d7cb
d277aeef53674c3d7b3ed409b6bcb8df16d11a337cb47b5f3ba62bd28e53d25f
d557a6ae3ec36af08c95109f4e50bf3e23733e04dc032f7ce1a1f515c3ff3730
dcd07bf4ffba2d11c6d69171634486c68daa0d87587a55b9a06cf22170cbf28f
e07d58c68b83a3c283f75063f562aadc164ebb7cf068ffaef89bdde5011c3da8
e089ab47341831f91e716e61b97caf8e014a7e71a38dc9dcacc27deeb59f93c7
e0e2bc4e1d3ee5024c4e1aa58a6cad9aa42fc63a8c89ce18013a1c8f2b94875c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e81a08dc6c86129b7890830eb35bf825b01b3bef7050d72664fe1eba3e00b3bb
eaab2d7fa89714fb0d2a0acc48337a9da9c1bf582abcdc4fbfc11f14896b90b8
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb7c108108c1967be58303d3f26713411732331a117bb7eb1a3e3882327e513
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f77dfa2154635b474380d3580b042b903320425fbee1494e69adcca03c1ae2ea
f7cdf71044448cb736733f5163fff96081d51ba4101567d61d22ee5998a7a399
f9a02af5b2ff9846cc79a2f1ab50c256cc8ad82351d127ac35cbe4b75c892ebf
fab16292a66e362f856092e0fb1fe26eeec7c620fbbfa383c7ebf7d77be81d8f
fc69849dade6a39bee991117d3834376a23684146ae8b3ddbeeb03967c1fdc5b
fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

wes-net-q8.sopq-net-q8.xyz Open in urlscan Pro 2606:4700:3033::ac43:b608 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

307 Requests

89 %HTTPS

48 %IPv6

50 Domains

64 Subdomains

45 IPs

10 Countries

4417 kBTransfer

8406 kBSize

46 Cookies

100 Outgoing links

Page URL History

Redirected requests

307 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

wes-net-q8.sopq-net-q8.xyz Open in urlscan Pro
2606:4700:3033::ac43:b608 Public Scan

Screenshot
Live screenshot

Full Image

307
Requests

89 %
HTTPS

48 %
IPv6

50
Domains

64
Subdomains

45
IPs

10
Countries

4417 kB
Transfer

8406 kB
Size

46
Cookies

307 HTTP transactions
9 data transactions