www.foreks.com Open in urlscan Pro
18.66.248.121 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://foreks.com/
Effective URL:
https://www.foreks.com/
Submission: On January 08 via api (January 8th 2024, 6:59:09 pm UTC) from US — Scanned from DE

Summary HTTP 564 Redirects Links 30 Behaviour Indicators

Summary

This website contacted 81 IPs in 9 countries across 61 domains to perform 564 HTTP transactions. The main IP is 18.66.248.121, located in United States and belongs to AMAZON-02, US. The main domain is www.foreks.com.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on June 6th 2023. Valid for: a year.

This is the only time www.foreks.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 3	18.239.94.82 18.239.94.82	16509 (AMAZON-02) (AMAZON-02)
87	18.66.248.121 18.66.248.121	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:d333	13335 (CLOUDFLAR...) (CLOUDFLARENET)
24	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
1 1	54.170.121.144 54.170.121.144	16509 (AMAZON-02) (AMAZON-02)
2	31.3.2.88 31.3.2.88	21245 (MEDIANOVA...) (MEDIANOVA-CDN)
3	2a00:1450:400... 2a00:1450:4001:803::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
8	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:bdf::45 2620:1ec:bdf::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a03:2880:f04... 2a03:2880:f045:10:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
3	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
8	185.57.65.125 185.57.65.125	9215 (VMIND) (VMIND)
9	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
39	185.7.176.223 185.7.176.223	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
1	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
27	18.154.63.73 18.154.63.73	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
82	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
3	18.173.232.200 18.173.232.200	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:80f::2016	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6811:cff9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
29	2a00:1450:400... 2a00:1450:4001:81c::2002	15169 (GOOGLE) (GOOGLE)
1	18.165.183.3 18.165.183.3	16509 (AMAZON-02) (AMAZON-02)
1	35.241.45.217 35.241.45.217	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	104.18.35.167 104.18.35.167	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	18.66.248.90 18.66.248.90	16509 (AMAZON-02) (AMAZON-02)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2606:4700::68... 2606:4700::6810:5914	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:10:... 2606:4700:10::6816:3456	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
1	35.190.39.111 35.190.39.111	15169 (GOOGLE) (GOOGLE)
1 2	34.120.135.53 34.120.135.53	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	178.250.1.11 178.250.1.11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	162.19.138.83 162.19.138.83	16276 (OVH) (OVH)
1	34.102.243.38 34.102.243.38	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	54.78.109.25 54.78.109.25	16509 (AMAZON-02) (AMAZON-02)
4	20.114.189.135 20.114.189.135	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
53	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
21 37	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
7 17	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9 14	185.89.211.116 185.89.211.116	29990 (ASN-APPNEX) (ASN-APPNEX)
8	172.217.23.102 172.217.23.102	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:830::2006	15169 (GOOGLE) (GOOGLE)
3	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
1 4	23.32.185.35 23.32.185.35	16625 (AKAMAI-AS) (AKAMAI-AS)
4	78.46.111.106 78.46.111.106	24940 (HETZNER-AS) (HETZNER-AS)
1 4	138.201.84.244 138.201.84.244	24940 (HETZNER-AS) (HETZNER-AS)
1 4	159.69.70.9 159.69.70.9	24940 (HETZNER-AS) (HETZNER-AS)
1 4	138.201.63.149 138.201.63.149	24940 (HETZNER-AS) (HETZNER-AS)
1 4	178.63.52.121 178.63.52.121	24940 (HETZNER-AS) (HETZNER-AS)
4 8	216.58.206.38 216.58.206.38	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::200a	15169 (GOOGLE) (GOOGLE)
4	51.75.147.170 51.75.147.170	16276 (OVH) (OVH)
1	162.19.138.117 162.19.138.117	16276 (OVH) (OVH)
4	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1 1	85.114.159.118 85.114.159.118	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2	217.79.188.10 217.79.188.10	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	85.114.159.67 85.114.159.67	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
8	2606:4700:20:... 2606:4700:20::681a:ad1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	185.7.176.214 185.7.176.214	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
2 4	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
1	2620:116:800d... 2620:116:800d:21:e365:4988:e8a7:3270	16509 (AMAZON-02) (AMAZON-02)
1 2	2606:4700::68... 2606:4700::6812:19ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	151.101.194.49 151.101.194.49	54113 (FASTLY) (FASTLY)
1 1	35.204.158.49 35.204.158.49	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	98.98.134.241 98.98.134.241	21859 (ZEN-ECN) (ZEN-ECN)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
1	2606:4700:20:... 2606:4700:20::ac43:444e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:1901:0:7... 2600:1901:0:76b9::	15169 (GOOGLE) (GOOGLE)
2	2606:4700:20:... 2606:4700:20::ac43:4a81	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	91.121.248.44 91.121.248.44	16276 (OVH) (OVH)
2 2	52.57.164.72 52.57.164.72	16509 (AMAZON-02) (AMAZON-02)
1	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1 1	2a05:d018:d29... 2a05:d018:d29:3602:28bf:6949:20a3:83ab	16509 (AMAZON-02) (AMAZON-02)
1 1	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1	85.114.159.66 85.114.159.66	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 2	68.219.88.97 68.219.88.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:68::7	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:5c::7	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
564	81

3 18.239.94.82 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-239-94-82.ams1.r.cloudfront.net

foreks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

87 18.66.248.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-248-121.dus51.r.cloudfront.net

www.foreks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:d333 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscta.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.170.121.144 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-170-121-144.eu-west-1.compute.amazonaws.com

cdn.netmera-web.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 31.3.2.88 (Frankfurt am Main, Germany)

ASN21245 (MEDIANOVA-CDN, TR)

ntm.netmera-web.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f045:10:face:b00c:0:3 (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.57.65.125 (Istanbul, Turkey)

ASN9215 (VMIND, TR)

wsdkapi.netmera.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 185.7.176.223 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

static.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c1.imgiz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng2.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
logger.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 18.154.63.73 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-154-63-73.dus51.r.cloudfront.net

news-files.foreks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

82 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.173.232.200 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-232-200.dus51.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:cff9 (United States)

ASN13335 (CLOUDFLARENET, US)

perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.165.183.3 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-165-183-3.zrh55.r.cloudfront.net

config.aps.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.217 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 217.45.241.35.bc.googleusercontent.com

pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.35.167 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn-ima.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.248.90 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-248-90.dus51.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5914 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:3456 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.39.111 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 111.39.190.35.bc.googleusercontent.com

esp.rtbhouse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.135.53 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 53.135.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.1.11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.19.138.83 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31532338.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.243.38 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 38.243.102.34.bc.googleusercontent.com

feed.pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.78.109.25 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-78-109-25.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 20.114.189.135 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

v.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

53 2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 172.217.16.194 (United States) 21 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s65-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 172.64.151.101 (United States) 7 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 185.89.211.116 (Frankfurt am Main, Germany) 9 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 172.217.23.102 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.32.185.35 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-185-35.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 78.46.111.106 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.106.111.46.78.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.84.244 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.244.84.201.138.clients.your-server.de

hal900026.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 159.69.70.9 (Nuremberg, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.9.70.69.159.clients.your-server.de

hal900017.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.63.149 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.149.63.201.138.clients.your-server.de

hal90009.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.63.52.121 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.121.52.63.178.clients.your-server.de

hal900020.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 216.58.206.38 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: lhr35s10-in-f6.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 51.75.147.170 (France)

ASN16276 (OVH, FR)
PTR: ns3133977.ip-51-75-147.eu

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.117 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31533568.ip-162-19-138.eu

lb.eu-1-id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.118 (Loerrach, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 217.79.188.10 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: imagesrv.adition.com

imagesrv.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.67 (Loerrach, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dspcluster.adfarm1.adition.com

dspcluster.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:20::681a:ad1 (United States)

ASN13335 (CLOUDFLARENET, US)

as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.7.176.214 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

istr-n14.nktcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:678:cb4:bbbb::11 (United Kingdom) 2 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:e365:4988:e8a7:3270 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:19ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.158.49 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.158.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 98.98.134.241 (United States)

ASN21859 (ZEN-ECN, US)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:444e (United States)

ASN13335 (CLOUDFLARENET, US)

static-de.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:76b9:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

prod-rtb.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:4a81 (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.121.248.44 (France)

ASN16276 (OVH, FR)
PTR: ip44.ip-91-121-248.eu

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.57.164.72 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-164-72.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.197.193.217 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3602:28bf:6949:20a3:83ab (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

ius.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.66 (Loerrach, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.active-agent.com

dsp.active-agent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.219.88.97 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:68::7 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

rr2---sn-4g5edns7.googlevideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:5c::7 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

rr2---sn-4g5e6ns7.googlevideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
147	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 140 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 185	2 MB
117	foreks.com 2 redirects foreks.com — Cisco Umbrella Rank: 87251 www.foreks.com news-files.foreks.com	3 MB
110	doubleclick.net 25 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 269 stats.g.doubleclick.net — Cisco Umbrella Rank: 184 googleads.g.doubleclick.net — Cisco Umbrella Rank: 68 cm.g.doubleclick.net — Cisco Umbrella Rank: 338 ad.doubleclick.net — Cisco Umbrella Rank: 199 5994599.fls.doubleclick.net — Cisco Umbrella Rank: 283241 pubads.g.doubleclick.net — Cisco Umbrella Rank: 357	502 KB
37	virgul.com static.virgul.com — Cisco Umbrella Rank: 57703 ng.virgul.com — Cisco Umbrella Rank: 59838 ng2.virgul.com — Cisco Umbrella Rank: 62586 logger.virgul.com — Cisco Umbrella Rank: 76706	254 KB
21	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2014 www.google.com — Cisco Umbrella Rank: 6 adservice.google.com — Cisco Umbrella Rank: 189	5 KB
20	redintelligence.net 4 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 47118 hal900026.redintelligence.net — Cisco Umbrella Rank: 446214 hal900017.redintelligence.net — Cisco Umbrella Rank: 347199 hal90009.redintelligence.net — Cisco Umbrella Rank: 355501 hal900020.redintelligence.net — Cisco Umbrella Rank: 350410	43 KB
17	casalemedia.com 7 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 1194	12 KB
14	adnxs.com 9 redirects ib.adnxs.com — Cisco Umbrella Rank: 356	13 KB
13	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 271	836 KB
10	ad4m.at as.ad4m.at — Cisco Umbrella Rank: 25279 ad4m.at — Cisco Umbrella Rank: 11048 assets.ad4m.at — Cisco Umbrella Rank: 37488	87 KB
8	netmera.com wsdkapi.netmera.com — Cisco Umbrella Rank: 61092	8 KB
8	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 1280 v.clarity.ms — Cisco Umbrella Rank: 12483 c.clarity.ms — Cisco Umbrella Rank: 2579	28 KB
5	gstatic.com csi.gstatic.com	339 B
5	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 2214 google-bidout-d.openx.net — Cisco Umbrella Rank: 2217 us-u.openx.net — Cisco Umbrella Rank: 930	1 KB
4	turn.com 2 redirects ad.turn.com — Cisco Umbrella Rank: 1449 r.turn.com — Cisco Umbrella Rank: 6381	2 KB
4	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 2052 imagesrv.adition.com — Cisco Umbrella Rank: 13077 dspcluster.adfarm1.adition.com — Cisco Umbrella Rank: 28532	30 KB
4	contentspread.net cdn.contentspread.net — Cisco Umbrella Rank: 80064	190 KB
4	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 2019	778 B
4	googleapis.com imasdk.googleapis.com — Cisco Umbrella Rank: 639 ajax.googleapis.com — Cisco Umbrella Rank: 708	400 KB
4	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 1218 id5-sync.com — Cisco Umbrella Rank: 658	57 KB
4	ytimg.com i.ytimg.com — Cisco Umbrella Rank: 104	106 KB
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 359 config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 925	75 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	313 KB
3	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 407	843 KB
3	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 597 dis.criteo.com — Cisco Umbrella Rank: 943	7 KB
3	google.de www.google.de — Cisco Umbrella Rank: 4002	578 B
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 101	21 KB
3	youtube.com www.youtube.com — Cisco Umbrella Rank: 79	69 KB
3	netmera-web.com 1 redirects cdn.netmera-web.com — Cisco Umbrella Rank: 54808 ntm.netmera-web.com — Cisco Umbrella Rank: 53198	19 KB
2	googlevideo.com 1 redirects rr2---sn-4g5edns7.googlevideo.com — Cisco Umbrella Rank: 52236 rr2---sn-4g5e6ns7.googlevideo.com — Cisco Umbrella Rank: 51333	1 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 1620	2 KB
2	ad4mat.net static-de.ad4mat.net — Cisco Umbrella Rank: 186994 prod-rtb.ad4mat.net — Cisco Umbrella Rank: 129366	1015 B
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 1559 s.tribalfusion.com — Cisco Umbrella Rank: 3590	1 KB
2	imgiz.com c1.imgiz.com — Cisco Umbrella Rank: 105779	131 KB
2	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 1411 bcp.crwdcntrl.net — Cisco Umbrella Rank: 1431	12 KB
2	pghub.io pghub.io — Cisco Umbrella Rank: 3037 feed.pghub.io — Cisco Umbrella Rank: 3394	6 KB
2	hsforms.com perf.hsforms.com — Cisco Umbrella Rank: 35491	2 KB
2	hubspot.com cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 11108	3 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 240	89 KB
1	ggpht.com yt3.ggpht.com — Cisco Umbrella Rank: 193	2 KB
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 539	765 B
1	active-agent.com dsp.active-agent.com — Cisco Umbrella Rank: 28620	256 B
1	ctnsnet.com 1 redirects ius.ctnsnet.com — Cisco Umbrella Rank: 14785	626 B
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 819	715 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 594	149 B
1	medialead.de pv.medialead.de — Cisco Umbrella Rank: 39084	327 B
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 8834	598 B
1	sitescout.com pixel-sync.sitescout.com — Cisco Umbrella Rank: 1321	187 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 1428	759 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 1396	589 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 1348	464 B
1	nktcdn.com istr-n14.nktcdn.com — Cisco Umbrella Rank: 599651
1	eu-1-id5-sync.com lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 1338	274 B
1	rtbhouse.com esp.rtbhouse.com — Cisco Umbrella Rank: 4842	431 B
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 438	1 KB
1	creativecdn.com invstatic101.creativecdn.com — Cisco Umbrella Rank: 3020	1 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 2532	8 KB
1	33across.com cdn-ima.33across.com — Cisco Umbrella Rank: 1919	5 KB
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 894	13 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	185 B
1	hscta.net js.hscta.net — Cisco Umbrella Rank: 60881	7 KB
564	61

	Domain	Requested by
87	www.foreks.com	www.foreks.com cdn.netmera-web.com
82	pagead2.googlesyndication.com	static.virgul.com pagead2.googlesyndication.com www.foreks.com 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com tpc.googlesyndication.com imasdk.googleapis.com googleads.g.doubleclick.net www.googletagservices.com securepubads.g.doubleclick.net
53	tpc.googlesyndication.com	087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com www.foreks.com googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com securepubads.g.doubleclick.net imasdk.googleapis.com
35	cm.g.doubleclick.net	21 redirects googleads.g.doubleclick.net
29	googleads.g.doubleclick.net	pagead2.googlesyndication.com 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com googleads.g.doubleclick.net
27	news-files.foreks.com	www.foreks.com
24	securepubads.g.doubleclick.net	www.foreks.com securepubads.g.doubleclick.net 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com www.googletagservices.com
17	dsum-sec.casalemedia.com	7 redirects googleads.g.doubleclick.net
14	ib.adnxs.com	9 redirects googleads.g.doubleclick.net
13	www.googletagservices.com	087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com googleads.g.doubleclick.net
12	087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
12	ng.virgul.com	static.virgul.com www.foreks.com
9	logger.virgul.com	c1.imgiz.com
9	ng2.virgul.com	www.foreks.com
9	www.google.com	www.foreks.com googleads.g.doubleclick.net tpc.googlesyndication.com
8	5994599.fls.doubleclick.net	4 redirects www.foreks.com
8	ad.doubleclick.net	www.foreks.com 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
8	wsdkapi.netmera.com	cdn.netmera-web.com
8	region1.analytics.google.com	www.googletagmanager.com
7	static.virgul.com	www.foreks.com static.virgul.com
5	csi.gstatic.com	imasdk.googleapis.com
4	ad4m.at	as.ad4m.at ad4m.at
4	as.ad4m.at	googleads.g.doubleclick.net as.ad4m.at ad4m.at
4	adservice.google.com	5994599.fls.doubleclick.net
4	cdn.contentspread.net	hal900026.redintelligence.net hal90009.redintelligence.net hal900020.redintelligence.net hal900017.redintelligence.net
4	hal900020.redintelligence.net	1 redirects 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com hal900020.redintelligence.net
4	hal90009.redintelligence.net	1 redirects 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com hal90009.redintelligence.net
4	hal900017.redintelligence.net	1 redirects 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com hal900017.redintelligence.net
4	hal900026.redintelligence.net	1 redirects 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com hal900026.redintelligence.net
4	hal9000.redintelligence.net	087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
4	sync.teads.tv	1 redirects googleads.g.doubleclick.net
4	v.clarity.ms	www.clarity.ms
4	i.ytimg.com	www.foreks.com
4	www.googletagmanager.com	www.foreks.com www.googletagmanager.com
3	pubads.g.doubleclick.net	imasdk.googleapis.com
3	imasdk.googleapis.com	c1.imgiz.com imasdk.googleapis.com
3	s0.2mdn.net	087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com imasdk.googleapis.com
3	c.amazon-adsystem.com	static.virgul.com c.amazon-adsystem.com
3	www.google.de	www.foreks.com
3	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.foreks.com
3	www.youtube.com	www.foreks.com www.youtube.com
3	foreks.com	2 redirects www.foreks.com
2	c.clarity.ms	1 redirects
2	pm.w55c.net	2 redirects
2	assets.ad4m.at	as.ad4m.at
2	r.turn.com	googleads.g.doubleclick.net
2	ad.turn.com	2 redirects
2	imagesrv.adition.com	googleads.g.doubleclick.net
2	us-u.openx.net	googleads.g.doubleclick.net
2	id5-sync.com	cdn.id5-sync.com
2	gum.criteo.com	static.criteo.net gum.criteo.com
2	c1.imgiz.com	static.virgul.com c1.imgiz.com
2	oajs.openx.net	1 redirects www.foreks.com
2	cdn.id5-sync.com	securepubads.g.doubleclick.net www.foreks.com
2	perf.hsforms.com	www.foreks.com
2	cta-service-cms2.hubspot.com	js.hscta.net
2	connect.facebook.net	www.foreks.com connect.facebook.net
2	www.clarity.ms	www.foreks.com www.clarity.ms
2	ntm.netmera-web.com	www.foreks.com
1	rr2---sn-4g5e6ns7.googlevideo.com
1	rr2---sn-4g5edns7.googlevideo.com	1 redirects
1	yt3.ggpht.com
1	c.bing.com	1 redirects
1	dsp.active-agent.com	googleads.g.doubleclick.net
1	ius.ctnsnet.com	1 redirects
1	dis.criteo.com	1 redirects
1	pr-bh.ybp.yahoo.com	1 redirects
1	match.adsrvr.org	googleads.g.doubleclick.net
1	pv.medialead.de	as.ad4m.at
1	prod-rtb.ad4mat.net	googleads.g.doubleclick.net
1	static-de.ad4mat.net	as.ad4m.at
1	ads.travelaudience.com	1 redirects
1	pixel-sync.sitescout.com	googleads.g.doubleclick.net
1	um.simpli.fi	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	s.tribalfusion.com	www.foreks.com
1	a.tribalfusion.com	1 redirects
1	cms.quantserve.com	googleads.g.doubleclick.net
1	istr-n14.nktcdn.com	www.foreks.com
1	dspcluster.adfarm1.adition.com	googleads.g.doubleclick.net
1	dsp.adfarm1.adition.com	1 redirects
1	lb.eu-1-id5-sync.com	cdn.id5-sync.com
1	ajax.googleapis.com	hal900026.redintelligence.net
1	google-bidout-d.openx.net	oa.openxcdn.net
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	feed.pghub.io	pghub.io
1	esp.rtbhouse.com	invstatic101.creativecdn.com
1	cdn.jsdelivr.net	securepubads.g.doubleclick.net
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	tags.crwdcntrl.net	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	cdn-ima.33across.com	securepubads.g.doubleclick.net
1	static.criteo.net	securepubads.g.doubleclick.net
1	pghub.io	static.virgul.com
1	config.aps.amazon-adsystem.com	c.amazon-adsystem.com
1	www.facebook.com	www.foreks.com
1	cdn.netmera-web.com	1 redirects
1	js.hscta.net	www.foreks.com
564	99

This site contains links to these domains. Also see Links.

Domain
www.forinvest.com
twitter.com
www.instagram.com
www.youtube.com
cta-service-cms2.hubspot.com
www.facebook.com
apps.apple.com
play.google.com
appgallery.huawei.com
dl.foreks.com
www.belgemodul.com
etbis.eticaret.gov.tr

Subject Issuer	Validity	Valid
*.foreks.com Sectigo RSA Organization Validation Secure Server CA	`2023-06-06` - `2024-07-06`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-03` - `2024-05-02`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-12-07` - `2024-12-07`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-10-18` - `2024-01-16`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.netmera.com Go Daddy Secure Certificate Authority - G2	`2023-05-25` - `2024-06-25`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.virgul.com Sectigo RSA Domain Validation Secure Server CA	`2023-09-20` - `2024-10-20`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2024-01-06` - `2024-12-31`	a year	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
edgestatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
config.aps.amazon-adsystem.com Amazon RSA 2048 M02	`2023-02-20` - `2024-03-20`	a year	crt.sh
*.pghub.io DigiCert TLS RSA SHA256 2020 CA1	`2023-02-09` - `2024-02-08`	a year	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-15` - `2024-03-10`	3 months	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2023-09-06` - `2024-09-30`	a year	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-11-24` - `2024-02-22`	3 months	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2023-10-08` - `2024-11-05`	a year	crt.sh
invstatic101.creativecdn.com GTS CA 1D4	`2023-12-23` - `2024-03-22`	3 months	crt.sh
esp.rtbhouse.com GTS CA 1D4	`2024-01-05` - `2024-04-04`	3 months	crt.sh
*.imgiz.com Sectigo RSA Domain Validation Secure Server CA	`2023-08-24` - `2024-09-23`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-01` - `2024-03-01`	3 months	crt.sh
*.id5-sync.com R3	`2024-01-01` - `2024-03-31`	3 months	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 06	`2023-02-13` - `2024-02-08`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
teads.tv R3	`2023-11-03` - `2024-02-01`	3 months	crt.sh
redintelligence.net R3	`2023-12-13` - `2024-03-12`	3 months	crt.sh
contentspread.net R3	`2023-12-27` - `2024-03-26`	3 months	crt.sh
*.eu-1-id5-sync.com R3	`2024-01-01` - `2024-03-31`	3 months	crt.sh
*.adfarm1.adition.com AlphaSSL CA - SHA256 - G4	`2023-05-08` - `2024-06-08`	a year	crt.sh
*.nktcdn.com Sectigo RSA Domain Validation Secure Server CA	`2023-10-30` - `2024-11-29`	a year	crt.sh
quantserve.com R3	`2023-12-27` - `2024-03-26`	3 months	crt.sh
*.sitescout.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2023-01-09` - `2024-02-02`	a year	crt.sh
ad4mat.net GTS CA 1P5	`2023-11-18` - `2024-02-16`	3 months	crt.sh
prod-rtb.ad4mat.net GTS CA 1D4	`2023-11-21` - `2024-02-19`	3 months	crt.sh
pv.medialead.de R3	`2023-12-04` - `2024-03-03`	3 months	crt.sh
*.adition.com AlphaSSL CA - SHA256 - G4	`2023-05-08` - `2024-06-08`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.active-agent.com AlphaSSL CA - SHA256 - G4	`2023-11-28` - `2024-12-29`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.netmera-web.com Go Daddy Secure Certificate Authority - G2	`2023-10-04` - `2024-11-04`	a year	crt.sh
*.googleusercontent.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh

This page contains 70 frames:

Primary Page: https://www.foreks.com/
Frame ID: 2D3F77DA9CBDA10E954DA3A9930B2227
Requests: 258 HTTP requests in this frame

Frame: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Frame ID: 4072C7FFAB8CB26E8033FB004EA68E24
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240103/r20190131/zrt_lookup_fy2021.html
Frame ID: 491D6A89033C45569FE82630385D64D5
Requests: 1 HTTP requests in this frame

Frame: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 21421CE902567A665305858608DEE968
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.foreks.com
Frame ID: 4D3525B68C7216C8FDEA746170B71996
Requests: 2 HTTP requests in this frame

Frame: https://feed.pghub.io/tag?referrer_url=&page_url=https%3A%2F%2Fwww.foreks.com%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D
Frame ID: 5D18E38DBD380CA15BA970654A4BEF4C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3025194257&lmt=1704740341&plat=2%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.foreks.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740341325&bpp=2&bdt=2187&idt=324&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2818979527367&frm=20&pv=2&ga_vid=29850689.1704740339&ga_sid=1704740341&ga_hid=845787954&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926&oid=2&pvsid=1599564253928301&tmod=1143210592&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=354
Frame ID: 4625725FE9B44F776806A8074C0DEACB
Requests: 1 HTTP requests in this frame

Frame: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 3D90E48CF64C00DD6EC8FA72FB286415
Requests: 11 HTTP requests in this frame

Frame: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: C611F65CF66BCFC49E1AA24C0FE17D92
Requests: 11 HTTP requests in this frame

Frame: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 2CD8DA22CBBA379F176A9485694886C6
Requests: 11 HTTP requests in this frame

Frame: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 993F8D9CA23BF26F0A7F15B05E936468
Requests: 15 HTTP requests in this frame

Frame: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 2048A0D6BE5D778B198AFD4F88CF1400
Requests: 11 HTTP requests in this frame

Frame: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 2D7FE24A9FD251E8C4BB8439D0B7CB98
Requests: 11 HTTP requests in this frame

Frame: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 9A73DF2DEDBAEB4F4A5C51745FAD7330
Requests: 15 HTTP requests in this frame

Frame: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: B1492C143BB81D8440F6E9B50B804DB3
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNWfXSJzX5cFhC0WJXtea1as-MF0YkusbVPQOAgBvU-hLhfZ_QbAfTrD9-pT417iLokismqOvzVcGoJ6in129OTAnPGK2YtBfD7zu99PV2yVa5fgsQRgiBC1-zMpbnIuBxhW6Ik0V967imjPTOx-7-fqWot-qIdkK6PcczwvvjHbFq0C1gRuMz7uTfli-Lx1VcetrKmG
Frame ID: 8FD41BB07CC13B77844B9C1F4BED3947
Requests: 5 HTTP requests in this frame

Frame: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 0C04C6DD6DEBD75F3CA9D0E4FAADC66D
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXwWFTFqeGwAQGLh_ZGRi2ziqWkn4QNsuDbUjcLknht5bIsoow3Mt9Cjp3o5SYtpi5-Ymr9u7MPE-wtM0yX6XxdW2RMbylhMISSXrT1_HTRpmoYQVL2osuKcQuOpn0iUfEoIYK6TSddPfEfDdtLZF_xirBVJ4yuBC3T_bI-ZYyBhrv9H_R3IElKljF55QT4R765CkZl
Frame ID: 0117CBD7EAAB92D25508ECC122A974C5
Requests: 5 HTTP requests in this frame

Frame: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 2DFE2AD58FB23AE5B2AC83229DA9B374
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVlJ9VhrQAibkflOxdmApXrNhpNV0Pz7hIpqNrlAnbJQuhV_NgxGR1a-OQhns5y3-fglV3iX58m1IOFbPnwGHNVjebmA5tI8fl2TLxc6uIVFb-5N3mOgpESPZ5mAEZxiC9--6_ZjCnJ4Vp5ORd1dVlEP4PZdshLFEnTNmc3jZxzGjxNkv2FODEhrZLf_zePs0CMNkfK
Frame ID: 51B2B4556EDA0E87D61FD017D6186E90
Requests: 5 HTTP requests in this frame

Frame: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 4CAD1FDDE442E53E6105FF65E1A132B2
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNX4gitPBz67pbsVEHy96CMb6bJgnhCWkcQL8FpN6WWYknAeQgN04Fh7n7v9k8BTPYHryCbcrw6ss3dnwbwSbWV4oHH3em4aquAk3La2wHa82Ogl_Ouc7dXb5Em49jvgBo8hR65h1G34-TdOXrx7TKoqg8SQJm355HuEHyhgUo3vpfeeGAJOOlWQV3W7bZG7Fein4I1q
Frame ID: A649565D233AE8756A21498DDE868683
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKv65gIQm-jrAhjb8sP_ATAB&v=APEucNX1fTT2T4p2TKpQPyupCX86Isqb9QBty4EuZDSuHTznoBkuOaGZuTjOLuMjpFIVcHA3GH8eE427STerd5E3KqIQ4OQHX-2hjufjwfh_bN3uHjdTV9t22iHpUTDWwUZWEl3WLi2wq09mS2RmyUYadCMfVK3xtoBvC2eGQD7tfx8SuxqZeH0lCaVI-yMRLyE16QssSFj8
Frame ID: AFD9415CFC93799D4419306944458908
Requests: 5 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 1A370007A102D7F3858DCD7C9F27EB14
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKv65gIQm-jrAhjuypj0ATAB&v=APEucNWSlxjEZ7rwz907NHsCB_XjMW2uVSPSkHL_afiHSEjzja_V0JVkEcx-bFipIPR7OnPMEPRC96YmxqRnzD1nC528GFnAYAJ43kZT4bC8-a5Aez6pLy853Rx_G67QjXOsVOfbfKxmeIA7tun1gaFaNCgC2UGibf6LIT_6UaqquV1U8EgSMNOhAE75F4au8ajwMvN-fi_e
Frame ID: 11C62CA2D027DFD3AA16B98C651B9A33
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: F9D7F16BEEC3E04CD891B44BD8E65A1E
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 4B393B315AFED3D910B04C3BE71CCE77
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755403&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A520%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.foreks.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342090&bpp=2&bdt=315&idt=259&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&nras=1&correlator=6425755598420&frm=24&ife=3&pv=2&ga_vid=1915995461.1704740342&ga_sid=1704740342&ga_hid=263902789&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079265%2C31080114%2C31080224&oid=2&pvsid=3522548824508111&tmod=1972445267&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.tsu29v97msii&fsb=1&dtd=266
Frame ID: CAED5FAC5C5EA76C19204BF70B6FE1C1
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 2513E2C028EA4A0B897747F9B0F26E85
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: B3BCDAF02EC44227525ABAED27995FD8
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 59778288FDBF827B5276C27FBB125D0A
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755405&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A520%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.foreks.com%2F&ea=0&pra=5&wgl=1&easpi=1&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~3~4~6&aslcwct=150&asacwct=25&aslmct=0.7&asamct=0.7&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342168&bpp=2&bdt=372&idt=200&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&nras=1&correlator=3215437451061&frm=24&ife=3&pv=2&ga_vid=650811357.1704740342&ga_sid=1704740342&ga_hid=479107884&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C44808398%2C31079758%2C44807406%2C95320377%2C95320870%2C95320890&oid=2&pvsid=3437858270982662&tmod=2064810646&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.b6ipj8v67xda&fsb=1&dtd=204
Frame ID: D6D16D31E1D1553D9DFEFFD3F2E2AD66
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=3173046726&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342092&bpp=1&bdt=317&idt=282&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=6425755598420&frm=24&ife=3&pv=1&ga_vid=1915995461.1704740342&ga_sid=1704740342&ga_hid=263902789&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079265%2C31080114%2C31080224&oid=2&pvsid=3522548824508111&tmod=1972445267&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.hgk43vmz1zne&fsb=1&dtd=286
Frame ID: 48B753F13CFC3A72433B2462F36959EC
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=3173046724&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342170&bpp=1&bdt=374&idt=246&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3215437451061&frm=24&ife=3&pv=1&ga_vid=650811357.1704740342&ga_sid=1704740342&ga_hid=479107884&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C44808398%2C31079758%2C44807406%2C95320377%2C95320870%2C95320890&oid=2&pvsid=3437858270982662&tmod=2064810646&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.8z9oe33zf6zv&fsb=1&dtd=248
Frame ID: 6E44D9669DCB19C2DCABFBD9E7E56256
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755402&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.foreks.com%2F&ea=0&pra=5&wgl=1&easpi=1&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342186&bpp=1&bdt=404&idt=270&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&nras=1&correlator=5076464377854&frm=24&ife=3&pv=2&ga_vid=789429540.1704740342&ga_sid=1704740342&ga_hid=233204692&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1792579836&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C31079714%2C95320869%2C95320888&oid=2&pvsid=3672836851977151&tmod=33738597&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.z3qr3584rqi4&fsb=1&dtd=277
Frame ID: 348538D6753E52E79DF06384DBAC9E9C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 025E7E619F28912E6DD46315C6167729
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=3173046725&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fwww.foreks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342187&bpp=1&bdt=405&idt=282&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=5076464377854&frm=24&ife=3&pv=1&ga_vid=789429540.1704740342&ga_sid=1704740342&ga_hid=233204692&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1792579836&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C31079714%2C95320869%2C95320888&oid=2&pvsid=3672836851977151&tmod=33738597&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.dysgtt8kuxhs&fsb=1&dtd=283
Frame ID: 2F1090A0DF7FB191B362E8208EE39540
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=2751417941&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A520%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.foreks.com%2F&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~3~4~6&aslcwct=150&asacwct=25&aslmct=0.8&asamct=0.8&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342237&bpp=1&bdt=372&idt=238&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&nras=1&correlator=1007674390704&frm=24&ife=3&pv=2&ga_vid=1806834556.1704740342&ga_sid=1704740342&ga_hid=1962961701&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31080261%2C31080264%2C31080266%2C44809004%2C95320889&oid=2&pvsid=231521980711126&tmod=125727893&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.6l1e0a6pd2pj&fsb=1&dtd=246
Frame ID: 09A89A419E3B5B95B8052BA9AFBD4A70
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186313&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342238&bpp=1&bdt=374&idt=265&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1007674390704&frm=24&ife=3&pv=1&ga_vid=1806834556.1704740342&ga_sid=1704740342&ga_hid=1962961701&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31080261%2C31080264%2C31080266%2C44809004%2C95320889&oid=2&pvsid=231521980711126&tmod=125727893&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.dlgvh1v9xcpg&fsb=1&dtd=267
Frame ID: 68BE7864D9572C5702F1D844F436B8AB
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=2751417942&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A520%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.foreks.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~3~4~6&aslcwct=150&asacwct=25&aslmct=0.8&asamct=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342258&bpp=1&bdt=383&idt=357&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&nras=1&correlator=1204347526637&frm=24&ife=3&pv=2&ga_vid=2011963657.1704740343&ga_sid=1704740343&ga_hid=1059013559&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31080113%2C44795922%2C95320893&oid=2&pvsid=3985455299172220&tmod=877393974&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.vgrdks3gq9w4&fsb=1&dtd=364
Frame ID: 23F1EFEA5C010543078200AE787ACC64
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186312&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342259&bpp=1&bdt=384&idt=373&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1204347526637&frm=24&ife=3&pv=1&ga_vid=2011963657.1704740343&ga_sid=1704740343&ga_hid=1059013559&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31080113%2C44795922%2C95320893&oid=2&pvsid=3985455299172220&tmod=877393974&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.ljzj0m5eu10t&fsb=1&dtd=375
Frame ID: 5E39969706CEA3E47583DDA524EC5322
Requests: 1 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CNqJxdS8zoMDFenLOwIdsAgJDg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7506580587442.957
Frame ID: E65BB6D07A40EA48A33827E27001D00A
Requests: 2 HTTP requests in this frame

Frame: https://hal900026.redintelligence.net/request_content.php?s=29482200157764204444550012563026&a=ab6abc64
Frame ID: C759D96C491700FE4E24E09B3320991B
Requests: 5 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CImNxdS8zoMDFaPLOwIdJMwFYg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9722439991646.037
Frame ID: BEC9C515EFFE82C7B532E5607E8A0740
Requests: 2 HTTP requests in this frame

Frame: https://hal90009.redintelligence.net/request_content.php?s=10366500200286304444550012563009&a=8bc3b95b
Frame ID: 4B44FC5FA8F970D44BFA13C4370FCCEA
Requests: 4 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CPWQxdS8zoMDFRvpOwId91gKOQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=467024222124.1527
Frame ID: E9C1CBA0BFC037E5817C74D746F00BA6
Requests: 2 HTTP requests in this frame

Frame: https://hal900020.redintelligence.net/request_content.php?s=21411900191433104444554012563020&a=2dfea6d2
Frame ID: BF19EA4C241CD34CEFD3BABD192E9092
Requests: 4 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CLuTxdS8zoMDFbnJOwIdO_sLvg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5186091468.6385765
Frame ID: 39FAE1DBF86FD387AAC4B3303E860E2A
Requests: 2 HTTP requests in this frame

Frame: https://hal900017.redintelligence.net/request_content.php?s=59314500177308104444554012563017&a=ed1d1483
Frame ID: 02348B91A8C50672A49E584CA63A30BC
Requests: 4 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.609.1_en.html
Frame ID: 53F6D6F06F83AC22888B7242F9EB8796
Requests: 17 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 1B18DBBDDCE7BF0650980FA6B7093E7C
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1gfyksmbm2yrx3js1rn56d7bvprjc4hfjgszp950cpx7faz7m29ehkq6hw92a3az5a7pzpe5p98k8c4m06yty4gwk0e1qhrpfrmw7f265515yfs3vve094cg9tjeb6kmadtdq9grs8m3b958jwjx002qnhgk0beszrzv60tbjtrgj71hykk131yc1wxdas79040y3ynrr6wdx2pxqsnt8vs3s3a8ne183t5z98w1ag4skjfmgh9xa6ce1yks871vhr92v5kw9er4gqnw9yp3b05de7bmk6grg2qsrq76w0b3yscn3jxnd7bdz6t35zq955nqaxf1qntpg01xax1hjd40r2axwmfhbk7vtc0hqgqmx0667wbykawc9ntgftnc7g30fyep7vzkj1hmw6m4mdaak18wrxt9ydt82d15f83axts7&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJk5a9kWcZabzHrbHtOUPnO-muA-Q4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQIRJ-Q3hmGyPqgDAcgDAqoE8QFP0IN9aB5y50xbbPEyZYqf6MRVWn5n26EiHlf3PnXNqGuCwJuDnBi1P2NaqxXCKNnF4gIHGfPKbFYn_m3-9kYowoRoICKP9URLxoHb2TcOUEcBGsQKN5l06cFOBwV7rtsCdrOEbyhV_aY7-jhtP_01tl_XVB83m1laqUnlji1KvFWnOKYFAXXdvCiuRyL9AIdPE35tAr8aMloEMfDrH5m2lKWak-SDzgPIgPeMe4vnp8lxzHYxtVHiJt-wl0kM_07yMlAsWnA5hs37SwKH9Ht5b7y3oE2DJb6sEggfwn0yrXEn6-XqUuge_4500tXvPEj8gAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WIuArtS8zoMD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3tM7p-rqYZ-EZ37ss-yPNB9yPbGg%26client%3Dca-pub-6593523210010154%26adurl%3D
Frame ID: 5B3CF65436986F257569043ECD5F13F8
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 3AF89127710E4702307FE3FB2BA42F79
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: BB8D67711E2A368C8AE55F7CB6652553
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B0E680E2167486709E418495836E3A77
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 83DF1776531B8D89B89B790550DBD198
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 1463766384F0E8771D45256A7C6296E9
Requests: 2 HTTP requests in this frame

Frame: https://ad4m.at/cookie-frame.html
Frame ID: 149CD39A65DAE485ACD7BA378A9F728E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: B14BD30604A368F631FFEFFD586AD145
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B42692EF37437009DBD5C692182E0A25
Requests: 2 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=34719&b=ZxJfwfBfmJpsmHDHDt3tP8Zc6SXTx3qa27&f=9jeTMfmfr19cKHBH2tzCJK9S9SmTZY2TeE&c=320&d=50&e=&g=4f4e9a30dfb50dfa0ca9477b966b052d%2F12984422370548541923&i=26474&j=41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1704740343367&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1gs2yyad2ehdq487me54785xbgkm979bh8g2xsf5fstxb25ve3wv3bjyj6xyg4jm60wene6vq1nbsx74f8qkkcr49831hwehm5v3ft1rne0a21p2bf5c45yjey85dj90q3ft21173zz46aq6d7etdktc10hzvfw0j2n5z03z7att300sarfm37t5jaz1j3sf8mj1xkwbfkb18afa77t9prtwakt8bb8kax3yd89vea1ekmj65nfwc2g6826z7pv94qhxnhcsf30vk9yq72gg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJk5a9kWcZabzHrbHtOUPnO-muA-Q4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQIRJ-Q3hmGyPqgDAcgDAqoE8QFP0IN9aB5y50xbbPEyZYqf6MRVWn5n26EiHlf3PnXNqGuCwJuDnBi1P2NaqxXCKNnF4gIHGfPKbFYn_m3-9kYowoRoICKP9URLxoHb2TcOUEcBGsQKN5l06cFOBwV7rtsCdrOEbyhV_aY7-jhtP_01tl_XVB83m1laqUnlji1KvFWnOKYFAXXdvCiuRyL9AIdPE35tAr8aMloEMfDrH5m2lKWak-SDzgPIgPeMe4vnp8lxzHYxtVHiJt-wl0kM_07yMlAsWnA5hs37SwKH9Ht5b7y3oE2DJb6sEggfwn0yrXEn6-XqUuge_4500tXvPEj8gAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WIuArtS8zoMD-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3tM7p-rqYZ-EZ37ss-yPNB9yPbGg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Frame ID: F27A76EC970CF3F99B2EEC95742513B3
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 6E8A5EE7D22FBB1FDD21A549CB0D4CBD
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 5D40106A7E15DA53C319FC037568697C
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: D43253260B8F67CF3BC9204A0FFBE0BE
Requests: 9 HTTP requests in this frame

Frame: https://www.foreks.com/netmera_worker.html
Frame ID: 9DC413B75B724117CE8F24E9397CC569
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 2D423DDE1B6B4A9754602F32E4B93EC1
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 112FAA6B20A804358196CCF2B48C5C00
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A9AE20045AF00667958961E1479EC7D5
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 44FC25C5117ADAF2814D750B6A8F45F7
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/hhrtBw21.html
Frame ID: 96542BBBA793063D4FF54ADF29D6207E
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Piyasalar, Canlı Borsa, Döviz, Altın Fiyatları - Foreks

Page URL History Show full URLs

http://foreks.com/ HTTP 301
https://foreks.com/ HTTP 301
https://www.foreks.com/ Page URL

Detected technologies

Nuxt.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

/_nuxt/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

564
Requests

92 %
HTTPS

45 %
IPv6

61
Domains

99
Subdomains

81
IPs

9
Countries

9005 kB
Transfer

33035 kB
Size

60
Cookies

30 Outgoing links

These are links going to different origins than the main page.

URL: https://www.forinvest.com/
Title: ForInvest

Search URL Search Domain Scan URL

URL: https://www.forinvest.com/destek
Title: Destek

Search URL Search Domain Scan URL

URL: https://www.forinvest.com/business
Title: Çözümlerimiz

Search URL Search Domain Scan URL

URL: https://www.forinvest.com/aboutUs
Title: Hakkımızda

Search URL Search Domain Scan URL

URL: https://www.forinvest.com/careers
Title: Kariyer

Search URL Search Domain Scan URL

URL: https://www.forinvest.com/contactUs
Title: Bize Ulaşın

Search URL Search Domain Scan URL

URL: https://twitter.com/ForeksDigital

Search URL Search Domain Scan URL

URL: https://www.instagram.com/foreks_digital/

Search URL Search Domain Scan URL

URL: https://www.forinvest.com/fx-plus
Title: FXPlus

Search URL Search Domain Scan URL

URL: https://twitter.com/ForeksTurkey?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/ForeksHaber
Title: Youtube

Search URL Search Domain Scan URL

URL: https://www.instagram.com/foreksturkey/?hl=tr
Title: Instagram

Search URL Search Domain Scan URL

URL: https://www.forinvest.com/?utm_source=maindomain&utm_campaign=basic&utm_content=canli-borsa-buton
Title: Canlı Borsa

Search URL Search Domain Scan URL

URL: https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/c/?cta_guid=513ed2a5-12aa-48ff-b2fa-34610662b79e&signature=AAH58kFOeAsfo4eJL_l0NSR7_QYe7VMhUg&placement_guid=ecc136ef-40f2-4547-bee9-f39c75a1114d&click=84f7b216-e4d3-4142-9ef8-a74770f8d9e6&hsutk=&canon=https%3A%2F%2Fwww.foreks.com%2Fhaberler%2Fekonomik-takvim&portal_id=6100458&redirect_url=APefjpFtuyzCiLJPb9g-Q7h46kUI7o2wQSBgwpu02IWC_xJpdbKFtF78o0Th-K_DQWLXP_JqY4dY6oAmxbvLw-9D4fsukwlI5TeouV_Eoka8kQHoDu1HxkE
Title: Ücretsiz FXPlus Demo

Search URL Search Domain Scan URL

URL: https://www.forinvest.com/?utm_source=maindomain&utm_campaign=basic&utm_content=mbl-canli-borsa-buton
Title: Canlı Borsa

Search URL Search Domain Scan URL

URL: https://www.forinvest.com/?utm_source=maindomain&utm_campaign=basic&utm_content=hemen-basla-buton
Title: Hemen Başla

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCBbRYu2nqeGGsRrKu5jh-Pw
Title: Tümü

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=Mxmd8wBdkJc_channel=Foreks%20Haber

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=DackrWdYQjc_channel=Foreks%20Haber

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=OHFoEQJTBqM_channel=Foreks%20Haber

Search URL Search Domain Scan URL

URL: https://www.forinvest.com/paketler?utm_source=maindomain&utm_campaign=basic&utm_content=lp-popup
Title: Kolay, Akıllı, Ayrıcalıklı Yatırım! Canlı Borsa verileriyle her an, her yerde kazan! ŞİMDİ KEŞFET

Search URL Search Domain Scan URL

URL: https://twitter.com/ForeksTurkey

Search URL Search Domain Scan URL

URL: https://www.instagram.com/foreksturkey

Search URL Search Domain Scan URL

URL: https://www.facebook.com/forekshabermerkezi

Search URL Search Domain Scan URL

URL: https://apps.apple.com/tr/app/foreks-mobile/id348143599

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=foreks.android&hl=tr

Search URL Search Domain Scan URL

URL: https://appgallery.huawei.com/#/app/C102166151

Search URL Search Domain Scan URL

URL: http://dl.foreks.com/destek/TeamViewerQS_tr-idcag5kvr9.exe
Title: Karşıdan Yükle

Search URL Search Domain Scan URL

URL: https://www.belgemodul.com/sirket/2681
Title: Bilgi Toplumu Hizmetleri

Search URL Search Domain Scan URL

URL: https://etbis.eticaret.gov.tr/sitedogrulama/4922722816AD483FBC669663C3D31260

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://foreks.com/ HTTP 301
https://foreks.com/ HTTP 301
https://www.foreks.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://cdn.netmera-web.com/wsdkjs/OcYc2nxy4-IE1PVMgxSo2cIXLNyzI3PXAb6uUisJim44jRp89r7eWQ HTTP 302
https://ntm.netmera-web.com/wsdk2/nmweb/netmera_sdk.js

Request Chain 208

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.foreks.com%2F&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.foreks.com%2F&rid=esp&cc=1

Request Chain 273

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1

Request Chain 274

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZZxF9nvSuzvwKxfEX-Vr-QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1

Request Chain 275

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEAt0tB-mXb_DG5b-Ho_s6f4&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAt0tB-mXb_DG5b-Ho_s6f4%26google_cver%3D1

Request Chain 276

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTU2Nzk4NjQ2NjUxNTE2NTg4

Request Chain 278

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1

Request Chain 279

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZZxF9vmzGPZEtqnBO93HSAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1

Request Chain 280

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEAt0tB-mXb_DG5b-Ho_s6f4&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAt0tB-mXb_DG5b-Ho_s6f4%26google_cver%3D1

Request Chain 281

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTU2Nzk4NjQ2NjUxNTE2NTg4

Request Chain 286

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1

Request Chain 287

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZZxF9vmzGPZEtqnBO93HSAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1

Request Chain 288

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEAt0tB-mXb_DG5b-Ho_s6f4&google_cver=1

Request Chain 289

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTU2Nzk4NjQ2NjUxNTE2NTg4

Request Chain 303

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1

Request Chain 304

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZZxF9vmzGPZEtqnBO93HSAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1

Request Chain 305

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEAt0tB-mXb_DG5b-Ho_s6f4&google_cver=1

Request Chain 306

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTU2Nzk4NjQ2NjUxNTE2NTg4

Request Chain 331

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1

Request Chain 332

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZZxF9vmzGPZEtqnBO93HSAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1

Request Chain 333

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEAt0tB-mXb_DG5b-Ho_s6f4&google_cver=1

Request Chain 334

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTU2Nzk4NjQ2NjUxNTE2NTg4

Request Chain 342

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGi15KxBTxzTKVTLYNmnnls&google_cver=1

Request Chain 344

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEFzJlDhXzVgrj-5AgsDYAyM&google_cver=1

Request Chain 370

https://hal900026.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=368a912990&subid=&uid=42cc7c79091c7051&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCpHL19UWcZeLPHr6O1PIPp9aTiAym5b2gaYWVnKfJD_AuEAEgwLKCa2CV4pCCoAfIAQmpAsitmDqOYrI-qAMByAObBKoElgJP0PSgjNFtu1QYLNGBgaf-DThveSF1qJ_lVAz3q9qjafGNV9LSYkle9wJkNB9NzZI8SipGLmLcr3WVoveHM8tVBheO6it4y57IGiSf5bCXYyhti2_Le9i7NGtmkI2GJNafT4VGFV8VfrnSmcYmZIXZr_u3_fxXrEfmyhC5-IbWMleoWc34lbgCrJfb0G7KspoJE4d-M7RyDsC9-asyITwGfBTzdb-nmv2YAqli3VZjDedv3cK9qU-xTM1lqyD7_aZlWf_ECzamtZ8UK8UCrmywMC-EdEuA8q2feE55rgK4iakbBqLoDxM7sb9xbGQ-mVuL_m1APG4z0r4FpL3zmrRwj4kNOf-WB5b5OIUba3EXm1Phwe90gMAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljnvfLTvM6DA4AKA5gLAcgLAYAMAaIMCCoGCgS7u7ECqg0CREXiDRMI-uzy07zOgwMVPgdVCB0n6wTBsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSYQAvHhf_sxbIP2hcNbRsfWqOBGwOEtaEVJhNT15zXqBqYuBHdWncKeoAyZ0id75_Sv_EOSGcgtL5W5TTa4e_GRfg0YyWs0VRxR-_WqXBg3I9Q3HlqOxyiLasFhpWNKy2YEoYAQ%26sig%3DAOD64_2umme7eFLJ_cN7Jep7aHRWuatnRA%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-DOm-035dNZewGbRBriYGF_mGgqYABkirg502b0qaaA-isgv2FDJ1YFCZhAnQvzM0j_KVUX5Hbq_i4V9Ub7mPHjySjWHqyij-GLMQHP-uzHMzvogQJCfJW0th-x0-SeCHakVYrSZPlgDkisXtgvbcS00WX7QCga2_eiYtTph0gZMvw83kE%26cry%3D1%26dbm_d%3DAKAmf-Dk-OZLkFRhGraif8xC8iT1NeBfaLS77HF9V58K2FT9pDsZ4xzdZkTmhhGU2ULfzXwSi61LS0vnkC-GD0ZafMY8IjHXRFiMoOFASRCTgLApiMk2XoBSNh1ZG98hwHio-NiPYf_qZCCUy7ubZ9-hTxotA6iUOK82snDm02RiljccIvs8U8Liyl5E9yfNX7dRzfV5JEYT5BPym6XhTWyuwbZud4Vcdso8EL-vpHDzwCSSGeobDrh2WLRcnXH5cwj19WIyIRptQk2T3SxSDF99rvkHr_Ouxxb3_HClJzCyv9s8rYPyF7BKRxNJp7BUlu6GWdcZdv-Q5C9evxwGXRGNmyvxxatmh9FHJPytNah6hBYONESmD-46UrABToT0Ldav8RKdUANK1Y-m9RWklqz6O3zEvdm9CadfymjlIbbYGMzxp4AygoMiNsRcrUaxfZGu4xeUzmmxkhqeriK19GGUsaeggfAMM24cpbWr5DeVklzn-94TBBulcjmISqOBeYaEytXBmWi_ni985FkmzAaUurEBU_bW45F82k7PIeK1Pkt7YJK9yno%26adurl%3D&documentReferer=https%3A%2F%2Fwww.foreks.com%2F&ancestorOrigins=https%3A%2F%2Fwww.foreks.com&random=6649573938491&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900026.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=368a912990&subid=&uid=42cc7c79091c7051&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCpHL19UWcZeLPHr6O1PIPp9aTiAym5b2gaYWVnKfJD_AuEAEgwLKCa2CV4pCCoAfIAQmpAsitmDqOYrI-qAMByAObBKoElgJP0PSgjNFtu1QYLNGBgaf-DThveSF1qJ_lVAz3q9qjafGNV9LSYkle9wJkNB9NzZI8SipGLmLcr3WVoveHM8tVBheO6it4y57IGiSf5bCXYyhti2_Le9i7NGtmkI2GJNafT4VGFV8VfrnSmcYmZIXZr_u3_fxXrEfmyhC5-IbWMleoWc34lbgCrJfb0G7KspoJE4d-M7RyDsC9-asyITwGfBTzdb-nmv2YAqli3VZjDedv3cK9qU-xTM1lqyD7_aZlWf_ECzamtZ8UK8UCrmywMC-EdEuA8q2feE55rgK4iakbBqLoDxM7sb9xbGQ-mVuL_m1APG4z0r4FpL3zmrRwj4kNOf-WB5b5OIUba3EXm1Phwe90gMAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljnvfLTvM6DA4AKA5gLAcgLAYAMAaIMCCoGCgS7u7ECqg0CREXiDRMI-uzy07zOgwMVPgdVCB0n6wTBsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSYQAvHhf_sxbIP2hcNbRsfWqOBGwOEtaEVJhNT15zXqBqYuBHdWncKeoAyZ0id75_Sv_EOSGcgtL5W5TTa4e_GRfg0YyWs0VRxR-_WqXBg3I9Q3HlqOxyiLasFhpWNKy2YEoYAQ%26sig%3DAOD64_2umme7eFLJ_cN7Jep7aHRWuatnRA%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-DOm-035dNZewGbRBriYGF_mGgqYABkirg502b0qaaA-isgv2FDJ1YFCZhAnQvzM0j_KVUX5Hbq_i4V9Ub7mPHjySjWHqyij-GLMQHP-uzHMzvogQJCfJW0th-x0-SeCHakVYrSZPlgDkisXtgvbcS00WX7QCga2_eiYtTph0gZMvw83kE%26cry%3D1%26dbm_d%3DAKAmf-Dk-OZLkFRhGraif8xC8iT1NeBfaLS77HF9V58K2FT9pDsZ4xzdZkTmhhGU2ULfzXwSi61LS0vnkC-GD0ZafMY8IjHXRFiMoOFASRCTgLApiMk2XoBSNh1ZG98hwHio-NiPYf_qZCCUy7ubZ9-hTxotA6iUOK82snDm02RiljccIvs8U8Liyl5E9yfNX7dRzfV5JEYT5BPym6XhTWyuwbZud4Vcdso8EL-vpHDzwCSSGeobDrh2WLRcnXH5cwj19WIyIRptQk2T3SxSDF99rvkHr_Ouxxb3_HClJzCyv9s8rYPyF7BKRxNJp7BUlu6GWdcZdv-Q5C9evxwGXRGNmyvxxatmh9FHJPytNah6hBYONESmD-46UrABToT0Ldav8RKdUANK1Y-m9RWklqz6O3zEvdm9CadfymjlIbbYGMzxp4AygoMiNsRcrUaxfZGu4xeUzmmxkhqeriK19GGUsaeggfAMM24cpbWr5DeVklzn-94TBBulcjmISqOBeYaEytXBmWi_ni985FkmzAaUurEBU_bW45F82k7PIeK1Pkt7YJK9yno%26adurl%3D&documentReferer=https%3A%2F%2Fwww.foreks.com%2F&ancestorOrigins=https%3A%2F%2Fwww.foreks.com&random=6649573938491&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 371

https://hal900017.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=6eae03fdb0&subid=&uid=5b648cd7f77c133f&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCxP669UWcZZmfHvv_1PIP6Yi2sAKm5b2gaa2VnKfJD_AuEAEgwLKCa2CV4pCCoAfIAQmpAoDLVB9FabI-qAMByAObBKoEmgJP0C3LpfUJMNWJgu7rKy-0XJLdP2R3l1q3Qfjf208J1fuPLEzNPIA8ISqlCs0ozKVtmoRck0CV07buVmpD1PJ_f-H5VByNzLz11g4cAAocO9ZfSlhYKOoqGWVnBXc37VGqXvYmzs_L6A9uEYjW-Bo0rXgl6aKyjGaCyYrGJef07Lmce598qDfIRuNs7K0Gqf90HV9KthaprvbQ2df1qLrZdQrGq78IdKUki1MwqXF7WPWMYC0zBJ55H-oy2ZAvVqTHVHLnJLubhE-1_n6RVA0oqv6v9Kv8NjShz6RViWTEv7X0aJZHOtqlKYS1WdTkAsKbgrLkxRe_TnIJDvjrAYQJ6Jt--Y-1bi4Kt54tercRsnKs9z7rLQT8BDnABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHTICqgI6AoBASL39wTpY7M3y07zOgwOACgOYCwHICwGADAGiDAgqBgoEu7uxAqoNAkRF4g0TCIr88tO8zoMDFfs_VQgdaYQNJrATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSYAAvHhf_xyUR0Yx_g7oaoMy46rce8HR5f1ftI0yqsagItMz-rz_9e1tD53FN0mf0fMDRFf_6-3lHNue1tagaarDnmIlwkuFOv9s7-CLyFsmnWwNQ3QbNCJy6F-Dpf0IBKhgB%26sig%3DAOD64_3Gia6VDXQkQgAVZ4mK4lxRN54TYg%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-BDmBryLq8JkjDWTjQFCJ9jP8upn2_lLEgfMi3OeS2g4qYFJeNCAvl3gzqCPMRpfK9eDCLvyMDGlURuLllmTSyMU6Q3poD04rprp_GJA5RzSYPjzE4R9uebzLO49KkL0QAVAq5rIrV_p80ep6TEoyqpHHh2Avrnn4pZ_i_50M2x6YJrp3I%26cry%3D1%26dbm_d%3DAKAmf-DHIUu5ZCbf-7SBqOjKiYLMZqjzAbRwEfmpgu-2dO_A13c7Nic6PiGHwl46gF0pW9A3OJnzngO9XTtZu7ANtwLQD5WgQ8FrBaNgUXxnGDEcZbq1inLVhVzcZcjUM370ty-3sqgJHVL6OvOcyAOlrkYqlBLNzMFi6hMg6M3ok_A-uPPkg7nHKrCnmq_uYpEyQU8Ah2T8G0bbscl2jOnPvYHoiFHrLaDousDV_7vqYbwr99xlGsrMSsfBoFljfE9eDopOLX0OtJoP4BMKMr-yYo4kdlWLw_Kf0M9RQjEJLjMVpXlsFGXxtS6DFIzrlgo-PxBcO_48OybX1xv02_AXGoN_avFlurBs8s5mCwj8Kz8Kq4K5gw_75BtuJH_yFIQxxwK6ekGxKRgEYXJuA1HvGBQtnWhP0R3Hm7vuiABtdT27evogP0WiY7Sr2mFP7myzfCwSD2ikKHEC5v-zRgimM4NzPIW1o9dQdK2CDnngDncddJLiQITQSs8Zp1QTN6c-zrPnf4A00njjNjYtUqoJgIDNjgIJnV_zoqwP7O2xHkDGT2HZNn4%26adurl%3D&documentReferer=https%3A%2F%2Fwww.foreks.com%2F&ancestorOrigins=https%3A%2F%2Fwww.foreks.com&random=3901071166356&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900017.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=6eae03fdb0&subid=&uid=5b648cd7f77c133f&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCxP669UWcZZmfHvv_1PIP6Yi2sAKm5b2gaa2VnKfJD_AuEAEgwLKCa2CV4pCCoAfIAQmpAoDLVB9FabI-qAMByAObBKoEmgJP0C3LpfUJMNWJgu7rKy-0XJLdP2R3l1q3Qfjf208J1fuPLEzNPIA8ISqlCs0ozKVtmoRck0CV07buVmpD1PJ_f-H5VByNzLz11g4cAAocO9ZfSlhYKOoqGWVnBXc37VGqXvYmzs_L6A9uEYjW-Bo0rXgl6aKyjGaCyYrGJef07Lmce598qDfIRuNs7K0Gqf90HV9KthaprvbQ2df1qLrZdQrGq78IdKUki1MwqXF7WPWMYC0zBJ55H-oy2ZAvVqTHVHLnJLubhE-1_n6RVA0oqv6v9Kv8NjShz6RViWTEv7X0aJZHOtqlKYS1WdTkAsKbgrLkxRe_TnIJDvjrAYQJ6Jt--Y-1bi4Kt54tercRsnKs9z7rLQT8BDnABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHTICqgI6AoBASL39wTpY7M3y07zOgwOACgOYCwHICwGADAGiDAgqBgoEu7uxAqoNAkRF4g0TCIr88tO8zoMDFfs_VQgdaYQNJrATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSYAAvHhf_xyUR0Yx_g7oaoMy46rce8HR5f1ftI0yqsagItMz-rz_9e1tD53FN0mf0fMDRFf_6-3lHNue1tagaarDnmIlwkuFOv9s7-CLyFsmnWwNQ3QbNCJy6F-Dpf0IBKhgB%26sig%3DAOD64_3Gia6VDXQkQgAVZ4mK4lxRN54TYg%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-BDmBryLq8JkjDWTjQFCJ9jP8upn2_lLEgfMi3OeS2g4qYFJeNCAvl3gzqCPMRpfK9eDCLvyMDGlURuLllmTSyMU6Q3poD04rprp_GJA5RzSYPjzE4R9uebzLO49KkL0QAVAq5rIrV_p80ep6TEoyqpHHh2Avrnn4pZ_i_50M2x6YJrp3I%26cry%3D1%26dbm_d%3DAKAmf-DHIUu5ZCbf-7SBqOjKiYLMZqjzAbRwEfmpgu-2dO_A13c7Nic6PiGHwl46gF0pW9A3OJnzngO9XTtZu7ANtwLQD5WgQ8FrBaNgUXxnGDEcZbq1inLVhVzcZcjUM370ty-3sqgJHVL6OvOcyAOlrkYqlBLNzMFi6hMg6M3ok_A-uPPkg7nHKrCnmq_uYpEyQU8Ah2T8G0bbscl2jOnPvYHoiFHrLaDousDV_7vqYbwr99xlGsrMSsfBoFljfE9eDopOLX0OtJoP4BMKMr-yYo4kdlWLw_Kf0M9RQjEJLjMVpXlsFGXxtS6DFIzrlgo-PxBcO_48OybX1xv02_AXGoN_avFlurBs8s5mCwj8Kz8Kq4K5gw_75BtuJH_yFIQxxwK6ekGxKRgEYXJuA1HvGBQtnWhP0R3Hm7vuiABtdT27evogP0WiY7Sr2mFP7myzfCwSD2ikKHEC5v-zRgimM4NzPIW1o9dQdK2CDnngDncddJLiQITQSs8Zp1QTN6c-zrPnf4A00njjNjYtUqoJgIDNjgIJnV_zoqwP7O2xHkDGT2HZNn4%26adurl%3D&documentReferer=https%3A%2F%2Fwww.foreks.com%2F&ancestorOrigins=https%3A%2F%2Fwww.foreks.com&random=3901071166356&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 372

https://hal90009.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=6eae03fdb0&subid=&uid=c53ef8eef8fefa5f&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCfQgx9UWcZcLOHuXK1PIPpKO3yAKm5b2gaYWVnKfJD_AuEAEgwLKCa2CV4pCCoAfIAQmpAoDLVB9FabI-qAMByAObBKoElgJP0DGAq0mfz0BzMJBdZXiC8TRfWJ0o6f2uVU3Ouo7A0XkhuctCvYIR-Gmy4QA3L7ut1VR2fQv_i_OdHqwMi3SMpivyqqSfcDXQcQvV-Pc0RH3XHXC3KfR4_E2C59Bmtx51EKzqIGBb1tSK4EkXUhgaSpz8RuJfkKIpnsTKRLN3rBmA1xsqnBfz17-URhc2u1V9mZXbHAzglyUQwCW4XkBv4QzD9fo8fNRkdvoNDwGdPvfCyi4IHnd4bZwZJmArslU84Wz830HaPVVkcCd0namxMnJxxD9khsHeXUkfb2GHxqNG_ureezniBB_4nugZFH9Nrlgpkl5iAOLUPJFhsW9UryM_8CwaI69XMNmgB8gwJP-389-y-cAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOlio8_LTvM6DA4AKA5gLAcgLAYAMAaIMDCoKCgisurECu7uxAqoNAkRF4g0TCPSm89O8zoMDFWUlVQgdpNENKbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSYQAvHhf_1sbcyA4O6ivAiKTHmnBMvrb_gimsZ0bWrNOIhWeuFQNG4CiIFJfEV9ek0GJ2M9n_O58GSfge6Iy60or03_XmQDkx-Zud5mAzOIxk63g5KRCFLVJZfk9BalwPggwYAQ%26sig%3DAOD64_2nVpw1Zw1zuW6fy_B9n1lGqlvAsw%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-C6v-kG3LH80ojA415fXEhe6U0dvfnuM07IkhMvj6ongeJ8DfOfrLFkE1LcYEgrLK9zyOkVzr_EFjxcg6fyQ4FCw8oCKLVXE9H3ufnzsTEoMX_HoPMlNkHE0twlFvmKDqY4A2-xFOdaPpDFMYkGo0_x34V4Qmi0TRw9CUNG8L6no_CydGs%26cry%3D1%26dbm_d%3DAKAmf-Czx6Kv26XDH-eHMvsqCMHq_VP9ZkFTshHzNRVnoQbsI3O6ZoUuJlf-qUP9fo8rRAZ6ly5ZD7EUIeE71nnLcsPsY0WKHGBnug5yNcCi5uoSsXmEr20Ia4s0MUAN-Mq2k9f--KLtxyazMvXyWw_7SRw7VklsJFFAeuaW7vKE1qfPaTJJTOq9C9gvqjKuSr4cE_gxm_KR74AGJoyGxO6IR-aZRi4VoNIyOrbZ73bV711pFc5xVeUNHhAv9SoiPbJLyT1QrKzxJjVvAC9aT06x4m5NE2HUFv0t4J1ZAVr325o2tF249zOmhUgtZB3l1iO24RHKwAeyfBX08ne2863QlMaEP9pa7jniFWGQdBYx37wc3e8vRD6wIeWI4G01-YX6OQfaYVtEd-uXJVIgb3aY_Zq09ivGcr_n2FZyRxFlwHKCJSJwpIi-kKh6fewpyDsHD3OdDZsHgV839LQAKt3eWAFCXYNgW754clmsscyROV5joxO2NifDYRg1UnwT1lPOAQskde12fccMxrlsC8PyRMTIk-4oaQWooVpIWThlQxjOGLIrLKo%26adurl%3D&documentReferer=https%3A%2F%2Fwww.foreks.com%2F&ancestorOrigins=https%3A%2F%2Fwww.foreks.com&random=4295766068203&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal90009.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=6eae03fdb0&subid=&uid=c53ef8eef8fefa5f&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCfQgx9UWcZcLOHuXK1PIPpKO3yAKm5b2gaYWVnKfJD_AuEAEgwLKCa2CV4pCCoAfIAQmpAoDLVB9FabI-qAMByAObBKoElgJP0DGAq0mfz0BzMJBdZXiC8TRfWJ0o6f2uVU3Ouo7A0XkhuctCvYIR-Gmy4QA3L7ut1VR2fQv_i_OdHqwMi3SMpivyqqSfcDXQcQvV-Pc0RH3XHXC3KfR4_E2C59Bmtx51EKzqIGBb1tSK4EkXUhgaSpz8RuJfkKIpnsTKRLN3rBmA1xsqnBfz17-URhc2u1V9mZXbHAzglyUQwCW4XkBv4QzD9fo8fNRkdvoNDwGdPvfCyi4IHnd4bZwZJmArslU84Wz830HaPVVkcCd0namxMnJxxD9khsHeXUkfb2GHxqNG_ureezniBB_4nugZFH9Nrlgpkl5iAOLUPJFhsW9UryM_8CwaI69XMNmgB8gwJP-389-y-cAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOlio8_LTvM6DA4AKA5gLAcgLAYAMAaIMDCoKCgisurECu7uxAqoNAkRF4g0TCPSm89O8zoMDFWUlVQgdpNENKbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSYQAvHhf_1sbcyA4O6ivAiKTHmnBMvrb_gimsZ0bWrNOIhWeuFQNG4CiIFJfEV9ek0GJ2M9n_O58GSfge6Iy60or03_XmQDkx-Zud5mAzOIxk63g5KRCFLVJZfk9BalwPggwYAQ%26sig%3DAOD64_2nVpw1Zw1zuW6fy_B9n1lGqlvAsw%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-C6v-kG3LH80ojA415fXEhe6U0dvfnuM07IkhMvj6ongeJ8DfOfrLFkE1LcYEgrLK9zyOkVzr_EFjxcg6fyQ4FCw8oCKLVXE9H3ufnzsTEoMX_HoPMlNkHE0twlFvmKDqY4A2-xFOdaPpDFMYkGo0_x34V4Qmi0TRw9CUNG8L6no_CydGs%26cry%3D1%26dbm_d%3DAKAmf-Czx6Kv26XDH-eHMvsqCMHq_VP9ZkFTshHzNRVnoQbsI3O6ZoUuJlf-qUP9fo8rRAZ6ly5ZD7EUIeE71nnLcsPsY0WKHGBnug5yNcCi5uoSsXmEr20Ia4s0MUAN-Mq2k9f--KLtxyazMvXyWw_7SRw7VklsJFFAeuaW7vKE1qfPaTJJTOq9C9gvqjKuSr4cE_gxm_KR74AGJoyGxO6IR-aZRi4VoNIyOrbZ73bV711pFc5xVeUNHhAv9SoiPbJLyT1QrKzxJjVvAC9aT06x4m5NE2HUFv0t4J1ZAVr325o2tF249zOmhUgtZB3l1iO24RHKwAeyfBX08ne2863QlMaEP9pa7jniFWGQdBYx37wc3e8vRD6wIeWI4G01-YX6OQfaYVtEd-uXJVIgb3aY_Zq09ivGcr_n2FZyRxFlwHKCJSJwpIi-kKh6fewpyDsHD3OdDZsHgV839LQAKt3eWAFCXYNgW754clmsscyROV5joxO2NifDYRg1UnwT1lPOAQskde12fccMxrlsC8PyRMTIk-4oaQWooVpIWThlQxjOGLIrLKo%26adurl%3D&documentReferer=https%3A%2F%2Fwww.foreks.com%2F&ancestorOrigins=https%3A%2F%2Fwww.foreks.com&random=4295766068203&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 376

https://hal900020.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=526f2fc715&subid=&uid=a832b02684b93862&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC2RJa9UWcZd27HonT1PIPrtiuIKblvaBprZWcp8kP8C4QASDAsoJrYJXikIKgB8gBCakCyK2YOo5isj6oAwHIA5sEqgSaAk_Ql1TyryI8VXkPnQLy_SZtv7kv7Z_Xz15y8cFtEk4rU18z8BBNDEmJplYKG4_93teemXoZP3dOB-CtOL22d21BJFhSNFaX9ZG4mTEnG1-aKKJbLJtMaMz3PIrht_V5SPEbbOqPRCOQ7wLZe9GrbByJkrrwQyTXTFB0mSvPo5fXSw-aL425NNWQO-UnnjOJROO4LDbx1uwkA4zPPFGo-nit_dYqqZ-BJ9tJSjvvngJDqTtooD9tEj3-ZIApQbNvNgw4X2vG5k0kIgPafi8LzyobezMqsU8wcv9lCLXB69T1_-CXnD5oMHqyyQZ4y75GYmzgg50hUw26NwDpeKQIuWds4F3Go3L6l9D5GZotOpDHqGCaZMJt4B9yBcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOli52_LTvM6DA4AKA5gLAcgLAYAMAaIMCCoGCgS7u7ECqg0CREXiDRMIoY7z07zOgwMViSlVCB0urAsEsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSYAAvHhf_G1AThOSRRippFukz4OV98QF_M_-x1OoP4JQ2DrWG28Fq1EkRNB-QnZCt5hDQHy-R8DG_zEvjKUNJq_1COA8ufOi5vQQPkD66X0tivVgK6Cc6HnHx6pUkmS0_vRgB%26sig%3DAOD64_3Vs317CGcaBXfURhrWZ36z-ePb-w%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-CoPZS6-y4FVAPkCPC07cEG_WB-6do1ydbfMMD3gN1kQCTjI8DOoqQfzX2DegyJs96Ucq9oUyp6NygBHS3yFUBpn5QXEGR4h0IbsQRhuHRUJgbCX9Bf2MkUKsMHXT687pizij9PhBGtCko3d6mPoJ5elw8CWpp0nru90M3li0m5iRCgFBM%26cry%3D1%26dbm_d%3DAKAmf-BYteweSu02JijDQOKw7y8E9bufpGkl2OxCzmSGd2CxT-sGRbXr7CsAF4eQV0-jI7XRCHizpXviahoUiIDChrTaCitqnljsTU9zb6koSwvgtdBmFwQ_oKSEdJqdNdVEBkbk7Ao-XMVahG39gDfmdIsiNJVXpTPRSmm7-MCZuybi_G2G2u6MDxEyIsKYK99vFbfBVmxU8Oq8CuF41gAr_q9m-0-6sDsTQi_GUQaJLjAHWDFBQ-VCXPfWSdAqNvRoaLd84nHyROCx9S-KbHdCqhlbPul2FtqbZygKBZu89qhUCtbUcKvee21hAk8IT_6kOlk_IAGaBCQzG5zCYuKgE5o7xWZEU48xM2GBJmLJbrq8E4uOnyU8_TmO4cJIqHnok212eF50zhrUAgRksVbfL9yFu1UdGRp393ai-CHFLKx0rJsblMb6ySlm4F83DxnEsF9XVItIC1DfGefsrE3a9XhEM8GnE_Yh_K5ZBMcqCuu4pTBaU5Zm9e4hxP5zry5FfPWsaK1aIuQr3Mqm0JcYVuCIlvd8x145u6H2Og2KEuk8GEuhfVA%26adurl%3D&documentReferer=https%3A%2F%2Fwww.foreks.com%2F&ancestorOrigins=https%3A%2F%2Fwww.foreks.com&random=1682985320122&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900020.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=526f2fc715&subid=&uid=a832b02684b93862&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC2RJa9UWcZd27HonT1PIPrtiuIKblvaBprZWcp8kP8C4QASDAsoJrYJXikIKgB8gBCakCyK2YOo5isj6oAwHIA5sEqgSaAk_Ql1TyryI8VXkPnQLy_SZtv7kv7Z_Xz15y8cFtEk4rU18z8BBNDEmJplYKG4_93teemXoZP3dOB-CtOL22d21BJFhSNFaX9ZG4mTEnG1-aKKJbLJtMaMz3PIrht_V5SPEbbOqPRCOQ7wLZe9GrbByJkrrwQyTXTFB0mSvPo5fXSw-aL425NNWQO-UnnjOJROO4LDbx1uwkA4zPPFGo-nit_dYqqZ-BJ9tJSjvvngJDqTtooD9tEj3-ZIApQbNvNgw4X2vG5k0kIgPafi8LzyobezMqsU8wcv9lCLXB69T1_-CXnD5oMHqyyQZ4y75GYmzgg50hUw26NwDpeKQIuWds4F3Go3L6l9D5GZotOpDHqGCaZMJt4B9yBcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOli52_LTvM6DA4AKA5gLAcgLAYAMAaIMCCoGCgS7u7ECqg0CREXiDRMIoY7z07zOgwMViSlVCB0urAsEsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSYAAvHhf_G1AThOSRRippFukz4OV98QF_M_-x1OoP4JQ2DrWG28Fq1EkRNB-QnZCt5hDQHy-R8DG_zEvjKUNJq_1COA8ufOi5vQQPkD66X0tivVgK6Cc6HnHx6pUkmS0_vRgB%26sig%3DAOD64_3Vs317CGcaBXfURhrWZ36z-ePb-w%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-CoPZS6-y4FVAPkCPC07cEG_WB-6do1ydbfMMD3gN1kQCTjI8DOoqQfzX2DegyJs96Ucq9oUyp6NygBHS3yFUBpn5QXEGR4h0IbsQRhuHRUJgbCX9Bf2MkUKsMHXT687pizij9PhBGtCko3d6mPoJ5elw8CWpp0nru90M3li0m5iRCgFBM%26cry%3D1%26dbm_d%3DAKAmf-BYteweSu02JijDQOKw7y8E9bufpGkl2OxCzmSGd2CxT-sGRbXr7CsAF4eQV0-jI7XRCHizpXviahoUiIDChrTaCitqnljsTU9zb6koSwvgtdBmFwQ_oKSEdJqdNdVEBkbk7Ao-XMVahG39gDfmdIsiNJVXpTPRSmm7-MCZuybi_G2G2u6MDxEyIsKYK99vFbfBVmxU8Oq8CuF41gAr_q9m-0-6sDsTQi_GUQaJLjAHWDFBQ-VCXPfWSdAqNvRoaLd84nHyROCx9S-KbHdCqhlbPul2FtqbZygKBZu89qhUCtbUcKvee21hAk8IT_6kOlk_IAGaBCQzG5zCYuKgE5o7xWZEU48xM2GBJmLJbrq8E4uOnyU8_TmO4cJIqHnok212eF50zhrUAgRksVbfL9yFu1UdGRp393ai-CHFLKx0rJsblMb6ySlm4F83DxnEsF9XVItIC1DfGefsrE3a9XhEM8GnE_Yh_K5ZBMcqCuu4pTBaU5Zm9e4hxP5zry5FfPWsaK1aIuQr3Mqm0JcYVuCIlvd8x145u6H2Og2KEuk8GEuhfVA%26adurl%3D&documentReferer=https%3A%2F%2Fwww.foreks.com%2F&ancestorOrigins=https%3A%2F%2Fwww.foreks.com&random=1682985320122&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 388

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7506580587442.957 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CNqJxdS8zoMDFenLOwIdsAgJDg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7506580587442.957

Request Chain 391

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9722439991646.037 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CImNxdS8zoMDFaPLOwIdJMwFYg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9722439991646.037

Request Chain 393

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=467024222124.1527 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CPWQxdS8zoMDFRvpOwId91gKOQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=467024222124.1527

Request Chain 395

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5186091468.6385765 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CLuTxdS8zoMDFbnJOwIdO_sLvg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5186091468.6385765

Request Chain 435

https://dsp.adfarm1.adition.com/cookie/?userid=&ssp=2&gdpr_consent=VM=TRUE_DV=FALSE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMyMTgwNDAxNzA5MTQxMDA4MA%3D%3D HTTP 302
https://imagesrv.adition.com/1x1.gif

Request Chain 459

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEM2XUSEo2MmHEtogsCSQZp4&google_cver=1&google_push=AXcoOmR2eWH9UJ1BKYVtGOGv_ohJJKlj8I-7ke_PGXCEOTdtnF-bZj-tNy9r_VK4HApXXssREpkhtAgU6nXmDeSy7I_W3x75b4gcYMqFx5Me-aNRwj2XjIFaphxv7WxVNFJwtnfd0StoWd1xg2wkXQT0mRm_WA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzY2NjgwODYzNjgwMTcwMTMzNA==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEM2XUSEo2MmHEtogsCSQZp4&google_cver=1

Request Chain 461

https://a.tribalfusion.com/i.match?p=b6&u=CAESEFr-SWZLr_6BO8x84UGGRtg&google_cver=1&google_push=AXcoOmQylCvrarukOdde4tLncegnTk6_IdTctfXejZJgc93W_oGR3DCyxSuM7B5QAHDU2MgMOxMDeFq_fKzP1bkDUAG8NiHPqQCOuyb8ppxX37-ILdG77XzCj9T6n7EtVhDsfnCFONtERaw24HR3N673Zjj8gQo&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQylCvrarukOdde4tLncegnTk6_IdTctfXejZJgc93W_oGR3DCyxSuM7B5QAHDU2MgMOxMDeFq_fKzP1bkDUAG8NiHPqQCOuyb8ppxX37-ILdG77XzCj9T6n7EtVhDsfnCFONtERaw24HR3N673Zjj8gQo%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEFr-SWZLr_6BO8x84UGGRtg&google_cver=1&google_push=AXcoOmQylCvrarukOdde4tLncegnTk6_IdTctfXejZJgc93W_oGR3DCyxSuM7B5QAHDU2MgMOxMDeFq_fKzP1bkDUAG8NiHPqQCOuyb8ppxX37-ILdG77XzCj9T6n7EtVhDsfnCFONtERaw24HR3N673Zjj8gQo&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQylCvrarukOdde4tLncegnTk6_IdTctfXejZJgc93W_oGR3DCyxSuM7B5QAHDU2MgMOxMDeFq_fKzP1bkDUAG8NiHPqQCOuyb8ppxX37-ILdG77XzCj9T6n7EtVhDsfnCFONtERaw24HR3N673Zjj8gQo%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 462

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEITucTJSxFHPgbK-IeiagsU&google_cver=1&google_push=AXcoOmQfwmH_v96nlx7Q1ir9JxUJezaCbXW21PSoXg9mwLmmU9ThPBvL6AhHioSOrvDThWsjKbedrF409-2MjNj3LQ3HgeGF1M5QFGghN1Th8MEUohYL8BE4X6Jrz2od1LIkihYQ5rWTQtnAPb3fVL5Kqkv52qw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEITucTJSxFHPgbK-IeiagsU&google_push=AXcoOmQfwmH_v96nlx7Q1ir9JxUJezaCbXW21PSoXg9mwLmmU9ThPBvL6AhHioSOrvDThWsjKbedrF409-2MjNj3LQ3HgeGF1M5QFGghN1Th8MEUohYL8BE4X6Jrz2od1LIkihYQ5rWTQtnAPb3fVL5Kqkv52qw

Request Chain 463

https://um.simpli.fi/gp_match?google_gid=CAESECIdlXgUiWGD1e9lh6nvhcA&google_cver=1&google_push=AXcoOmTPCAkVu1kqtRKQITYzmYNQB1_r82vjll5nRbFf8t7SGeY6OHAT-evYt4eb7jZQI8z-FHVwVmwuKHcpTgBVSrcZOzmQ1VvuY9dIeNcqu3Q9cNot1Kzw6DlDVnRrBxhMspvy2h6TJMdelsXh53mEzRnhdkY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=1F6381FF406F4533A81943D417B1AB84&google_push=AXcoOmTPCAkVu1kqtRKQITYzmYNQB1_r82vjll5nRbFf8t7SGeY6OHAT-evYt4eb7jZQI8z-FHVwVmwuKHcpTgBVSrcZOzmQ1VvuY9dIeNcqu3Q9cNot1Kzw6DlDVnRrBxhMspvy2h6TJMdelsXh53mEzRnhdkY

Request Chain 465

https://ads.travelaudience.com/google_pixel?google_gid=CAESEH16J0jD-Hn5-Oex65bykSU&google_cver=1&google_push=AXcoOmT9bM17xVlRcXjT-rLiOtgOWb9P6jXU7VZcCmQMvBR6dEcypC_ALLSkCu0j2OQnilof8Rss1Sb4xMVW2-_iip9wvBDnjACNGpu9arM3G_ZhKC9fquHAC6BzgMaGpmmUY_ZppNKRl1kNkkGnWFGTgt2k5w HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=i2j3L1TgRagu3fMOUZ0mKQ&google_push=AXcoOmT9bM17xVlRcXjT-rLiOtgOWb9P6jXU7VZcCmQMvBR6dEcypC_ALLSkCu0j2OQnilof8Rss1Sb4xMVW2-_iip9wvBDnjACNGpu9arM3G_ZhKC9fquHAC6BzgMaGpmmUY_ZppNKRl1kNkkGnWFGTgt2k5w

Request Chain 512

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEM2XUSEo2MmHEtogsCSQZp4&google_cver=1&google_push=AXcoOmQq6N_yP786wRHDCGPNHmTqBLEBYWh2FgPXOxTy32rU1ZurEGq7cGVPBp6yBAjr0HKxWDWogCIjMzS7ER5QhgKwtSFAYcyNpxo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzY2NjgwODYzNjgwMTcwMTMzNA==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEM2XUSEo2MmHEtogsCSQZp4&google_cver=1

Request Chain 513

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGgfF5Wsb-wQGJ9fKop2KSM&google_cver=1&google_push=AXcoOmQerZRpYt4GIfOTdbfcOQ9luhdRsZ1KpIipy588hvdairQxct28HxHScZIfA1xQ3uUy745wFLJggQm8ayYFAS_UoEodsTuh-Gw HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGgfF5Wsb-wQGJ9fKop2KSM&google_cver=1&google_push=AXcoOmQerZRpYt4GIfOTdbfcOQ9luhdRsZ1KpIipy588hvdairQxct28HxHScZIfA1xQ3uUy745wFLJggQm8ayYFAS_UoEodsTuh-Gw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=aVBwRnZaYkkxUm1VUFo1&google_gid=CAESEGgfF5Wsb-wQGJ9fKop2KSM&google_cver=1&google_push=AXcoOmQerZRpYt4GIfOTdbfcOQ9luhdRsZ1KpIipy588hvdairQxct28HxHScZIfA1xQ3uUy745wFLJggQm8ayYFAS_UoEodsTuh-Gw

Request Chain 515

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEOFKr7xN0ATt2KKTdpCWohE&google_cver=1&google_push=AXcoOmQbi1T1SsSFQOWKC65tOCVALIUEOL2d80siCPe8tsSbJdeUzl1q2J9S6yIW2bOh48hwWXmjf5HIRZxK4XBtZ40WSkyYrzVkykQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQbi1T1SsSFQOWKC65tOCVALIUEOL2d80siCPe8tsSbJdeUzl1q2J9S6yIW2bOh48hwWXmjf5HIRZxK4XBtZ40WSkyYrzVkykQ&google_hm=eS04TjdRVU9sRTJwRVhBU1dBTTNvWnVRWkRNOFNpb3F0cX5B

Request Chain 516

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmRw-C_IMsBIId6ZrO4hJeZxrR6ZSTccFl6nc8peldIEgrbWtZtx2uJCeTZG9ghd2nLG9nbQkCU58chWrePuLN2Tnc18t4lqLrA&google_gid=CAESEEhJn3AJkKht5FdOlpS1rUI&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-7X8oHFE7BARf-PPcgi1Wb7H8zLy01Ck1PEJ61g&google_push=AXcoOmRw-C_IMsBIId6ZrO4hJeZxrR6ZSTccFl6nc8peldIEgrbWtZtx2uJCeTZG9ghd2nLG9nbQkCU58chWrePuLN2Tnc18t4lqLrA

Request Chain 517

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEEGOMXZWXVm0v6H3_D6XCh4&google_cver=1&google_push=AXcoOmQwk7RVrRFl98YRsT86oiI0MxYBs4iuJJKFQHwP4Cwc7yxDU8fQAgi0aHnvajEb7FpsilbB9Pz9cU_bbcZqjMawFwy4OkNGKKLO HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmQwk7RVrRFl98YRsT86oiI0MxYBs4iuJJKFQHwP4Cwc7yxDU8fQAgi0aHnvajEb7FpsilbB9Pz9cU_bbcZqjMawFwy4OkNGKKLO&google_hm=rbbjWPUETzSs5aF3_gIH-kw

Request Chain 518

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESELI2oPQNwNaVqn-wliM6wIo&google_cver=1&google_push=AXcoOmTJRhvRjphQC2dzNBhUyfeLIeYYDJAwdE7J-rZqOmCcKKE1KJAk2VgFJCkpLgRO7bVS1zOwiAJpMQBKU-wN0lyLddIh4dds873f HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmTJRhvRjphQC2dzNBhUyfeLIeYYDJAwdE7J-rZqOmCcKKE1KJAk2VgFJCkpLgRO7bVS1zOwiAJpMQBKU-wN0lyLddIh4dds873f HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 530

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=66C09C57B6EE422CA2D1B504DA3F3592&RedC=c.clarity.ms&MXFR=3E384A2F95B866B925805E2F91B868ED HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=66C09C57B6EE422CA2D1B504DA3F3592&MUID=175DE34AFDC46C5001EEF74AFCC46DAD

Request Chain 552

https://rr2---sn-4g5edns7.googlevideo.com/videoplayback?expire=1704769143&ei=90WcZcPxM7rIi9oPyNWQaA&ip=45.141.152.76&id=d2c0b47fd6e89d82&itag=22&source=youtube&requiressl=yes&xpc=Eghovf3BOnoBAQ==&mh=pQ&mm=31&mn=sn-4g5edns7&ms=au&mv=m&mvi=2&pl=24&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=903.650&lmt=1704530007198225&mt=1704739996&cpn=aQOKOti9eMKh-A7M&txp=5308224&sparams=expire,ei,ip,id,itag,source,requiressl,xpc,susc,acao,ctier,mime,vprv,dur,lmt&sig=AJfQdSswRgIhAJxsWgS2KdkexPlvtLYc04X9KhWEuCuf_OvAihkLtDm_AiEAsE4SayeymUGqNlaDeoZm3OMl2je1AwsnrSsYflUSbPM=&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AAO5W4owRQIgAouuFzb7OR_L3w0A3Yje8mNSF7T_Kv4j5uK7MclbMDICIQD0wQru8Op0j9VKdfoAJDzJD_JNtYxC9D5sJ4uJP8tltA== HTTP 302
https://rr2---sn-4g5e6ns7.googlevideo.com/videoplayback?expire=1704769143&ei=90WcZcPxM7rIi9oPyNWQaA&ip=45.141.152.76&id=d2c0b47fd6e89d82&itag=22&source=youtube&requiressl=yes&xpc=Eghovf3BOnoBAQ==&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=903.650&lmt=1704530007198225&cpn=aQOKOti9eMKh-A7M&txp=5308224&sparams=expire,ei,ip,id,itag,source,requiressl,xpc,susc,acao,ctier,mime,vprv,dur,lmt&sig=AJfQdSswRgIhAJxsWgS2KdkexPlvtLYc04X9KhWEuCuf_OvAihkLtDm_AiEAsE4SayeymUGqNlaDeoZm3OMl2je1AwsnrSsYflUSbPM=&redirect_counter=1&rm=sn-4g5e6l7l&fexp=24350138,24350146,24350148,24350149,24350169&req_id=60afc68cbbe636e2&cms_redirect=yes&cmsv=e&ipbypass=yes&mh=pQ&mip=2001:ac8:20:3a00:1011:bee1:8168:3a07&mm=31&mn=sn-4g5e6ns7&ms=au&mt=1704739996&mv=m&mvi=2&pl=49&lsparams=ipbypass,mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AAO5W4owRgIhANbzs_R3QFi0f-Yh6BlIG0KEqnxNV5Yj_j7yrdedcQn_AiEAugIEBxiIRvjxnZOzdNLe9bId94VgOK4w1d35W3ErwpI%3D

564 HTTP transactions
31 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.foreks.com/
Redirect Chain

http://foreks.com/
https://foreks.com/
https://www.foreks.com/

3 KB
2 KB

76ms
39ms

Document
text/html

18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

78ac7b9399103f427712af4097365a5e2c4049673ff8899d5c62effa6673b9e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: none
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-site
date: Mon, 08 Jan 2024 18:58:59 GMT
etag: "d3c-8NcSBe31kM05QK9ZavPjcFPvXOQ"
feature-policy: geolocation 'self'; microphone 'none'; camera 'none'; payment 'none';
permissions-policy: fullscreen=()
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-id: TT9Zr94PDrIM5kwM1Lf_deKnq-7MnItYA9fbfLDc4Hvk6MAQIiPujQ==
x-amz-cf-pop: DUS51-P1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: DENY
x-ua-compatible: IE=edge,chrome=1
x-xss-protection: 1; mode=block

Redirect headers

content-length: 0
date: Mon, 08 Jan 2024 18:58:59 GMT
location: https://www.foreks.com/
server: CloudFront
via: 1.1 316c3f6f9514dc45c45cd1b2385757cc.cloudfront.net (CloudFront)
x-amz-cf-id: ypY1JggiROWEJlbVvkiy18tp7-0tVt3UjfhU2FXE6L3l73ur1VYwdA==
x-amz-cf-pop: AMS1-P3
x-cache: FunctionGeneratedResponse from cloudfront

GET
H2 200 current.js Show response
js.hscta.net/cta/ 18 KB
7 KB 32ms
14ms Script
application/javascript 2606:4700::6812:d333
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscta.net/cta/current.js

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d333 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

29639c85a6490eefb3a8c59d0486705e9c9116340aec86cc561f2a465295018b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-encoding: br
age: 88
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.246/bundles/current.js&cfRay=8426aaab2ec39054-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"b0469dca6a7c12b753f26739504dbf8c"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: cta-embed-js/static-1.246/bundles/current.js
date: Mon, 08 Jan 2024 18:58:59 GMT
x-amz-version-id: Znie3NyI4C7wXajyhvPTgW_1zW2MaLJD
via: 1.1 872e43fac89d80c9557000efb9c31650.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 13ce6bdf-f820-48f6-89d1-72c81b96e35c
x-cache: Hit from cloudfront
cache-tag: staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
x-evy-trace-route-configuration: listener_https/all
x-request-id: 13ce6bdf-f820-48f6-89d1-72c81b96e35c
last-modified: Thu, 04 Jan 2024 10:46:38 UTC
server: cloudflare
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-798df77cc5-962bg
cf-ray: 8426accfbb1c904f-FRA
x-amz-cf-id: k9pVES7Jptjuy7bM2GrEf-N_ZuaeXXkervvHmYAoTXrywSCR4v_hQQ==

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 91 KB
29 KB 122ms
87ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02cfe4f2d52b86a1ea1a025ca7d1a760aedb8024cbbc00cbce3591b31e0e7207

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29345
x-xss-protection: 0
server: cafe
etag: 865 / 19730 / m202401020101 / config-hash: 15758720963897963662
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:58:59 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 134 KB
51 KB 48ms
26ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-82686003-1

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bbc81574ad0ec8a29121e6d27ef5f40b0d496a4ba81ace7fbabd3edf27af7d81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 52351
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 08 Jan 2024 18:58:59 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 287 KB
94 KB 56ms
35ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-3HPQ6LZVLP

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ecdef87a396be7d031d0c5ad8b2098f323e0e28e77701f44e7c3fc40bfe5a1ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 96003
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 08 Jan 2024 18:58:59 GMT

GET
H2 200 gtag.js Show response
www.foreks.com/ 734 B
793 B 18ms
18ms Script
application/javascript 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.foreks.com/gtag.js
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 94a78761682fa48e72a3f4547a7d7f3bd6b9adf948c5885ef0988f294a5f68aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"2de-18ca4cfb930"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: _Bxl-mtnIKbKbmE9GKYnyUMEKUCrc-MZGgVUs77PL_dOmn-9kkJFbg==

GET
H2 200 netmera.js Show response
www.foreks.com/ 28 B
416 B 60ms
59ms Script
application/javascript 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.foreks.com/netmera.js
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: c14345412751f84fd061a93eeacdcae18c1d53a21501609217b1cf3f6f9dea41

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"1c-18ca4cfb930"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: OvYPcJ98bNC1967v1vJcJOK5KsxNSq6PEhK2gxCqImTN_YhZ4k2n2A==

GET
H2

200

netmera_sdk.js Show response
ntm.netmera-web.com/wsdk2/nmweb/
Redirect Chain

https://cdn.netmera-web.com/wsdkjs/OcYc2nxy4-IE1PVMgxSo2cIXLNyzI3PXAb6uUisJim44jRp89r7eWQ
https://ntm.netmera-web.com/wsdk2/nmweb/netmera_sdk.js

59 KB
17 KB

51ms
9ms

Script
application/javascript

31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://ntm.netmera-web.com/wsdk2/nmweb/netmera_sdk.js
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-2134 /
Resource Hash: 9c31edb555f9d7750905c3d52e87092fdca1f5443c1eb729758217972c5ce03d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-encoding: br
last-modified: Tue, 26 Dec 2023 21:15:50 GMT
server: MNCDN-2134
x-mnrequest-id: 99c35b1e7af2e50f449defe9e967a854
x-amz-request-id: 0SWDA4PBD9D9SP35
x-edge-location: DE-372
x-amz-server-side-encryption: AES256
x-cache-status: Edge : HIT,
content-type: application/javascript
cache-control: private, max-age=900, s-maxage=604800
x-amz-id-2: 3CwV/B3x584RVVf4LXb7+og/K1Rovf3NDbWjT/PdhRorQ39fnnT19Yds0gVvAStZjFqJzyf0e+U=
x-mserver: DE-372

Redirect headers

location: https://ntm.netmera-web.com/wsdk2/nmweb/netmera_sdk.js
date: Mon, 08 Jan 2024 18:58:59 GMT
server: nginx
content-length: 154
content-type: text/html

GET
H2 200 20f57ac.modern.js Show response
www.foreks.com/_nuxt/ 242 KB
84 KB 39ms
38ms Script
application/javascript 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.foreks.com/_nuxt/20f57ac.modern.js
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 45e18b1689e2f8036562775b899e2b5e1a6af1f30cc1b22f5b5d257d3d21b955

Request headers

Referer: https://www.foreks.com/
Origin: https://www.foreks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 12:26:02 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 31 Oct 2023 13:39:48 GMT
x-amz-cf-pop: DUS51-P1
age: 5898777
etag: W/"3c7b6-18b85f638a0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: YeaRP7N1dhffXSA3o3aNwS13akMKGRrxXiaDIHLIYvnLNxHTAjlchQ==

GET
H2 200 fb8ace3.css
www.foreks.com/_nuxt/css/ 456 KB
71 KB 13ms
12ms Stylesheet
text/css 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.foreks.com/_nuxt/css/fb8ace3.css
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 1078a9471c288413efb56e6171522052654e75f88c9c7b522317f481a8ab54d1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:32:50 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Wed, 08 Nov 2023 13:59:09 GMT
x-amz-cf-pop: DUS51-P1
age: 5282769
etag: W/"7213d-18baf3acfc8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: bZ04bTCSLOUm1QA4S_SZVbTXmoIKxt0hrGBgGW8m9fr857fKSHSCpQ==

GET
H2 200 1945bcc.modern.js Show response
www.foreks.com/_nuxt/ 643 KB
80 KB 42ms
41ms Script
application/javascript 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.foreks.com/_nuxt/1945bcc.modern.js
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 9587db045d9ba3eaec6420e5db67290e2ad0a037c16c5aa6055db938cd9dc911

Request headers

Referer: https://www.foreks.com/
Origin: https://www.foreks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 23 Nov 2023 15:06:17 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 11:01:28 GMT
x-amz-cf-pop: DUS51-P1
age: 3988362
etag: W/"a0c1f-18bfbd78740"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: m-y2Z9YWk5wX3WdoSEhLfSY2ulojPxtW5fCZuSqpDrO3O5OrMU_7sQ==

GET
H2 200 7a1a132.css
www.foreks.com/_nuxt/css/ 972 KB
148 KB 25ms
25ms Stylesheet
text/css 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.foreks.com/_nuxt/css/7a1a132.css
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 926d0470826aa90ed4f834f73cc2e6d0fea211a2efea75537c324f24f6668744

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 12:53:23 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Fri, 03 Nov 2023 08:36:39 GMT
x-amz-cf-pop: DUS51-P1
age: 5724336
etag: W/"f308e-18b9453c1d8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: MxX6DHk9U7ip1JH8OYaRn3bOD0FThjvTKuH_apbV-T30OAlN0NisTg==

GET
H2 200 9249113.modern.js Show response
www.foreks.com/_nuxt/ 7 MB
843 KB 45ms
44ms Script
application/javascript 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.foreks.com/_nuxt/9249113.modern.js
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 6d8a5e03e1cb0563d65b907587f13c41394e1feb582f29cca9f15195b2b4d51b

Request headers

Referer: https://www.foreks.com/
Origin: https://www.foreks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 06:41:04 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:33:16 GMT
x-amz-cf-pop: DUS51-P1
age: 1167475
etag: W/"773c1e-18ca4d3d7e0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: H0uS3bVXPYgLM-nv_7mjE6IZbx4ndV-r270hhGVDvZ9ui-KF07NV-Q==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 249 KB
78 KB 60ms
39ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NPH7P4

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9e7f223cb014d3679d7bd555a7443b5e1c85bd117140f7a583ee28de1ec83548

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 80234
x-xss-protection: 0
last-modified: Mon, 08 Jan 2024 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 08 Jan 2024 18:58:59 GMT

GET
H2 200 player_api Show response
www.youtube.com/ 993 B
2 KB 50ms
23ms Script
text/javascript 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/player_api

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/9249113.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0271e782d0e49674121fe3f5e703dfbff44ed8de8b8625a006eeb4a9702724d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type: text/javascript; charset=utf-8
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=0
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Mon, 08 Jan 2024 18:58:59 GMT

GET
H2 200 a140688.modern.js Show response
www.foreks.com/_nuxt/ 399 KB
130 KB 12ms
12ms Script
application/javascript 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.foreks.com/_nuxt/a140688.modern.js
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/9249113.modern.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 7d8e89f8a9f0f83d17f5fcd12ace577219a0ddcf73eece11c8a89e6bfb0a2d6e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 12:26:25 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 31 Oct 2023 13:39:48 GMT
x-amz-cf-pop: DUS51-P1
age: 5898754
etag: W/"63c94-18b85f638a0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: uESE3SHJwP0ds1CR07NuzdyJfbt3vZ2-eWzS4p6pZ0Plxb_DWI66ag==

GET
H2 200 ea11899.modern.js Show response
www.foreks.com/_nuxt/ 86 KB
30 KB 12ms
11ms Script
application/javascript 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.foreks.com/_nuxt/ea11899.modern.js
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/9249113.modern.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: f70e8b2108edfbcc2ff74ac7fd6e7cf46f0e9c381ab9b8781beb016f77061ac4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 12:26:25 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 31 Oct 2023 13:39:48 GMT
x-amz-cf-pop: DUS51-P1
age: 5898754
etag: W/"15856-18b85f638a0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: jCTchGpOJIY9PGm0D0MsHc4rFKvR_m7NfOu29V-cRgOmOhCYvEPd9g==

GET
H2 200 e0a6c36.modern.js Show response
www.foreks.com/_nuxt/ 8 KB
3 KB 12ms
12ms Script
application/javascript 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.foreks.com/_nuxt/e0a6c36.modern.js
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/9249113.modern.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 40fbdf939ee958bdf305369fb51495e63cc44d2a6357e138a865c1faca904c56

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 12:26:40 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 31 Oct 2023 13:39:48 GMT
x-amz-cf-pop: DUS51-P1
age: 5898739
etag: W/"1ef4-18b85f638a0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: mnitRuEo35BEUPaKqlY2iS1316JA9fkiezjxmohDprB7K8i5LaRN0g==

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/ 436 KB
137 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8538fa1e11fa1334100b86b0c251b8ffa0b51f5db3e732c23963053686a93dc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 13:50:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18504
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 140253
x-xss-protection: 0
server: cafe
etag: 11435206252018266965
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 07 Jan 2025 13:50:35 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 268 KB
89 KB 25ms
24ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-4Y6C81V13E&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-82686003-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4a0c6b73f521ba21f25e422588c0a01679808186cee9a406505d4095e7ebc1a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 91445
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 08 Jan 2024 18:58:59 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 27ms
6ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-82686003-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 08 Jan 2024 17:48:17 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 4242
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 08 Jan 2024 19:48:17 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
254 B 34ms
13ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-3HPQ6LZVLP&gtm=45je4130v9118958463&_p=1704740339205&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=29850689.1704740339&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1704740339&sct=1&seg=0&dl=https%3A%2F%2Fwww.foreks.com%2F&dt=Foreks%20Bilgi%20%C4%B0leti%C5%9Fim%20Hizmetleri%20A.%C5%9E&en=page_view&_fv=2&_nsi=1&_ss=2&_c=1&_ee=1&tfd=697
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3HPQ6LZVLP
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:58:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.foreks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
254 B 62ms
21ms Ping
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-3HPQ6LZVLP&cid=29850689.1704740339&gtm=45je4130v9118958463&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3HPQ6LZVLP
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:58:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.foreks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 end5q83kh4 Show response
www.clarity.ms/tag/ 1017 B
1 KB 246ms
189ms Script
application/x-javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/end5q83kh4?ref=gtm2
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: ae36470959223996193932b38efb21d5889b9f40d7a244cddd1e27a93d949207

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: -1
date: Mon, 08 Jan 2024 18:58:59 GMT
x-azure-ref: 20240108T185859Z-ccymea2rkp7yhdavv5heupct8w00000000sg000000004hzp
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 1017
request-context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 202 KB
54 KB 42ms
14ms Script
application/x-javascript 2a03:2880:f045:10:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b625d5a8adce0e637b3263a627b65445e87da3ec1e62aff4ff86869707ed4fe7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 08 Jan 2024 18:58:59 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54366
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: OXvkl2EdalB4TbOo43r0x2Jp2ghaHJcwdfLbJXcmngDtwvIU2GhBH6wVDOxrLSt47Ab7kCa28QokEV8jyh54Ow==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 53ms
32ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-3HPQ6LZVLP&cid=29850689.1704740339&gtm=45je4130v9118958463&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1708196466

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:58:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 www-widgetapi.js Show response
www.youtube.com/s/player/4fd50162/www-widgetapi.vflset/ 216 KB
67 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/4fd50162/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/player_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d772756f7f30b155def5b4c539d7883b69134c27e64be72d6e2fd98b37718843

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:05:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3209
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68492
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 02:44:34 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 07 Jan 2025 18:05:30 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 23ms
14ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-3HPQ6LZVLP&gtm=45je4130v9118958463&_p=1704740339205&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=29850689.1704740339&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1704740339&sct=1&seg=0&dl=https%3A%2F%2Fwww.foreks.com%2F&dt=Foreks%20Bilgi%20%C4%B0leti%C5%9Fim%20Hizmetleri%20A.%C5%9E&en=scroll&_c=1&epn.percent_scrolled=90&_et=10&tfd=710
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3HPQ6LZVLP
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:58:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.foreks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 login Show response
www.foreks.com/api/auth/ 11 B
1 KB 24ms
24ms XHR
application/json 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/auth/login

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

4062edaf750fb8074e7e83e0c9028c94e32468a8b6f1614774328ef045150f93

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: W/"b-Ai2R8hgEarLmHKwesT1qcY913ys"
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.foreks.com
origin-agent-cluster: ?1
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
x-ratelimit-reset: 1704740388
x-ratelimit-limit: 500
x-amz-cf-id: Zy53NvpTsXP1mUwjPTN-OBQgQfzwLDddDe3zRe5A960qYzx60pJxuA==

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
207 B 14ms
13ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=845787954&t=pageview&_s=1&dl=https%3A%2F%2Fwww.foreks.com%2F&ul=en-us&de=UTF-8&dt=Foreks%20Bilgi%20%C4%B0leti%C5%9Fim%20Hizmetleri%20A.%C5%9E&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1227840405&gjid=808464279&cid=29850689.1704740339&tid=UA-82686003-1&_gid=1064847478.1704740340&_r=1&gtm=457e4130&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&jsscut=1&z=1761283217

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:58:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.foreks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 get Show response
wsdkapi.netmera.com/sdk/3.0/config/ 7 KB
7 KB 53ms
53ms Fetch
application/json 185.57.65.125
VMIND

General

Check archive.org

Show headers Download Go to

Full URL

https://wsdkapi.netmera.com/sdk/3.0/config/get

Requested by

Host: cdn.netmera-web.com
URL: https://cdn.netmera-web.com/wsdkjs/OcYc2nxy4-IE1PVMgxSo2cIXLNyzI3PXAb6uUisJim44jRp89r7eWQ

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.57.65.125 Istanbul, Turkey, ASN9215 (VMIND, TR),

Reverse DNS

Software

nginx /

Resource Hash

fe4a646ea507da1fff3b7f36c84ab203e648482e50305b6bbf1f6ce61a089e32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

x-netmera-os: CHROME
accept-language: de-DE,de;q=0.9
x-netmera-device-type: DESKTOP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: application/json
accept: application/json
x-netmera-sdkv: 4.2.22
Referer: https://www.foreks.com/
x-netmera-api-key: OcYc2nxy4-IE1PVMgxSo2cIXLNyzI3PXAb6uUisJim44jRp89r7eWQ

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: GET, POST, PUT, OPTIONS
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
x-robots-tag: noindex
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
x-xss-protection: 1; mode=block

OPTIONS
H2 204 get
wsdkapi.netmera.com/sdk/3.0/config/ Frame 0
0 160ms
51ms Preflight 185.57.65.125
VMIND

General

Check archive.org

Show headers Download Go to

Full URL: https://wsdkapi.netmera.com/sdk/3.0/config/get
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.57.65.125 Istanbul, Turkey, ASN9215 (VMIND, TR),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-netmera-api-key,x-netmera-device-type,x-netmera-os,x-netmera-sdkv
Access-Control-Request-Method: GET
Origin: https://www.foreks.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1728000
content-length: 0
content-type: *
date: Mon, 08 Jan 2024 18:58:59 GMT
server: nginx

GET
H2 200 375018488541029 Show response
connect.facebook.net/signals/config/ 131 KB
34 KB 56ms
55ms Script
application/x-javascript 2a03:2880:f045:10:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/375018488541029?v=2.9.139&r=stable&domain=www.foreks.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

24b409a4a2b7345416ca8444450f96ff48d9c19fbf8e4038c4133772cf64e8fa

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 08 Jan 2024 18:58:59 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: vlsa6/y890o1FhriRl4nZhryatmjDlOFrDGFlxseBLQgBvYHcoAIdJ3O62IJrkcvJKqeI+TqWfukqaGlvl2oQw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 14ms
13ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-4Y6C81V13E&gtm=45je4130v888287377&_p=1704740339205&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=29850689.1704740339&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAAI&_s=1&sid=1704740339&sct=1&seg=0&dl=https%3A%2F%2Fwww.foreks.com%2F&dt=Foreks%20Bilgi%20%C4%B0leti%C5%9Fim%20Hizmetleri%20A.%C5%9E&en=page_view&_fv=2&_ss=2&_c=1&tfd=842
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4Y6C81V13E&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:58:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.foreks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
45 B 21ms
20ms Ping
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-4Y6C81V13E&cid=29850689.1704740339&gtm=45je4130v888287377&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4Y6C81V13E&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:58:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.foreks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 13ms
13ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-4Y6C81V13E&gtm=45je4130v888287377z872732486&_p=1704740339205&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=29850689.1704740339&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAAK&_s=2&sid=1704740339&sct=1&seg=1&dl=https%3A%2F%2Fwww.foreks.com%2F&dt=Foreks%20Bilgi%20%C4%B0leti%C5%9Fim%20Hizmetleri%20A.%C5%9E&en=page_view&_c=1&_et=2&tfd=845
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4Y6C81V13E&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:58:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.foreks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
45 B 15ms
15ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-4Y6C81V13E&gtm=45je4130v888287377z872732486&_p=1704740339205&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=29850689.1704740339&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAAI&_s=3&sid=1704740339&sct=1&seg=1&dl=https%3A%2F%2Fwww.foreks.com%2F&dt=Foreks%20Bilgi%20%C4%B0leti%C5%9Fim%20Hizmetleri%20A.%C5%9E&en=Video%20view&_c=1&_et=1&tfd=846
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4Y6C81V13E&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:58:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.foreks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 34ms
33ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-4Y6C81V13E&cid=29850689.1704740339&gtm=45je4130v888287377&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1916305318

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:58:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 019ce8f.modern.js Show response
www.foreks.com/_nuxt/ 66 KB
21 KB 11ms
11ms Script
application/javascript 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.foreks.com/_nuxt/019ce8f.modern.js
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/9249113.modern.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 4338b900dcb0f658dc52b480e9a98fad20b051f31d48277fe8a7b0cc0ba8f684

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 12:53:35 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Fri, 03 Nov 2023 08:36:39 GMT
x-amz-cf-pop: DUS51-P1
age: 5724324
etag: W/"10844-18b9453c1d8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: oyYPx_iDggPkk6DXmTFbNztlzZ5JVXKP63wrG9Gw7zTG0E2IroszCg==

GET
H2 200 78d920c.modern.js Show response
www.foreks.com/_nuxt/ 5 KB
2 KB 11ms
11ms Script
application/javascript 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.foreks.com/_nuxt/78d920c.modern.js
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/9249113.modern.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 18a4c05c50ff534451dd71190a11ffd4296cdcf519ad13afa11a365fcb2618a5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 12:27:16 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 31 Oct 2023 13:39:48 GMT
x-amz-cf-pop: DUS51-P1
age: 5898703
etag: W/"1444-18b85f638a0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: -lkwJ2GGj0cUEpPt92-_4DRORZo4X82M2Up6BIEIuMO_6_DGeWdyLg==

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 20ms
20ms XHR
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-82686003-1&cid=29850689.1704740339&jid=1227840405&gjid=808464279&_gid=1064847478.1704740340&_u=YADAAUAAAAAAACAAI~&z=292858833

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 08 Jan 2024 18:58:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.foreks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
region1.analytics.google.com/g/ 0
17 B 14ms
14ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-4Y6C81V13E&gtm=45je4130v888287377&_p=1704740339205&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=29850689.1704740339&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEAI&_s=4&sid=1704740339&sct=1&seg=1&dl=https%3A%2F%2Fwww.foreks.com%2F&dt=Foreks%20Bilgi%20%C4%B0leti%C5%9Fim%20Hizmetleri%20A.%C5%9E&en=scroll&_c=1&epn.percent_scrolled=90&_et=10&tfd=858
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4Y6C81V13E&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:58:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.foreks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 last Show response
www.foreks.com/api/news/ 24 KB
7 KB 24ms
24ms XHR
application/json 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/news/last?last=27&locale=tr&source=PICNEWS

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

56a165b2c6dfc6f49ade9a73cda691e327c40afda9853f70fe701a3fc4fef0e7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 495
content-type: application/json; charset=utf-8
vary: Origin, Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=24
access-control-allow-credentials: true
x-ratelimit-reset: 1704740388
x-ratelimit-limit: 500
x-amz-cf-id: wca5D26IBZYrKbF0DJa4RMCJM8-mNaG8W-teuPgwFWFijVJK7suUxQ==

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 52ms
32ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-82686003-1&cid=29850689.1704740339&jid=1227840405&_u=YADAAUAAAAAAACAAI~&z=31047745

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:58:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 30ms
30ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-82686003-1&cid=29850689.1704740339&jid=1227840405&_u=YADAAUAAAAAAACAAI~&z=31047745

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:58:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 outside.js Show response
static.virgul.com/theme/mockups/adcode/ 80 KB
28 KB 174ms
55ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL

https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19730

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/gtag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),

Reverse DNS

Software

openresty/1.15.8.3 /

Resource Hash

3cbf6597b6375386590a306aa3f8808cc302bc50a5121823b84e597402c69f2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-encoding: gzip
strict-transport-security: max-age=63072000
last-modified: Tue, 02 Jan 2024 17:31:43 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=43200

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 21ms
7ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=375018488541029&ev=PageView&dl=https%3A%2F%2Fwww.foreks.com%2F&rl=&if=false&ts=1704740339655&sw=1600&sh=1200&v=2.9.139&r=stable&a=tmgoogletagmanager&ec=0&o=4126&fbp=fb.1.1704740339655.120728287&ler=empty&it=1704740339586&coo=false&rqm=GET

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 08 Jan 2024 18:58:59 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 sourcesanspro-semibold-webfont.39e363b.woff2
www.foreks.com/_nuxt/fonts/ 34 KB
34 KB 12ms
11ms Font
font/woff2 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.foreks.com/_nuxt/fonts/sourcesanspro-semibold-webfont.39e363b.woff2
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/css/fb8ace3.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 0bb23de06711894ad6d763f25ab3b5576bdb41046983f9e3776937b05418f6e5

Request headers

Referer: https://www.foreks.com/_nuxt/css/fb8ace3.css
Origin: https://www.foreks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 13 Sep 2023 09:42:22 GMT
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Wed, 13 Sep 2023 09:30:32 GMT
x-amz-cf-pop: DUS51-P1
age: 10142197
etag: W/"8714-18a8de0c2c0"
x-cache: Hit from cloudfront
content-type: font/woff2
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 34580
x-amz-cf-id: iH6Djw9DOvfdOaohowN0vh_0gs8MyY55QyDf-Zgi__X5PAs_eStPVw==

GET
H2 200 sourcesanspro-regular-webfont.86b0cdc.woff2
www.foreks.com/_nuxt/fonts/ 33 KB
34 KB 13ms
13ms Font
font/woff2 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.foreks.com/_nuxt/fonts/sourcesanspro-regular-webfont.86b0cdc.woff2
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/css/fb8ace3.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 7912e72b602b2d0f47219cf7b075968b46b017f2f775ed62df64f28160d618ac

Request headers

Referer: https://www.foreks.com/_nuxt/css/fb8ace3.css
Origin: https://www.foreks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 13 Sep 2023 09:42:22 GMT
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Wed, 13 Sep 2023 09:30:32 GMT
x-amz-cf-pop: DUS51-P1
age: 10142197
etag: W/"850c-18a8de0c2c0"
x-cache: Hit from cloudfront
content-type: font/woff2
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 34060
x-amz-cf-id: XtXvAhRSs9s_okEGPT8WGrPp71zlMK99KxwyvhQ54AS4JL4oe1BCLw==

GET
H2 200 logo-forinvest-light.svg
www.foreks.com/img/ 8 KB
4 KB 37ms
36ms Image
image/svg+xml 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/logo-forinvest-light.svg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: bd639d613b54759e08ba0e73fcac45edef560aadcbb73d5103721134fd2103a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"1e2a-18ca4cfb930"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: QFiuqMOL9IrKL7WDg78_0Gkj138HQhUrI0SWTt-HseAbYnGe2i4lxw==

GET
H2 200 logo.svg
www.foreks.com/img/brand/ 3 KB
2 KB 30ms
30ms Image
image/svg+xml 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/brand/logo.svg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 67f63277f6b82526068df07bf12fad11eb52a2d7a9818991705a68a69376e44b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"c85-18ca4cfb930"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: WLm_Tv6SKQT-6qSSbDAblESZwJnZ6JfL_-VALwA-6TccCQcg8pQ0Mw==

GET
H2 200 logo-dark.svg
www.foreks.com/img/brand/ 3 KB
2 KB 26ms
25ms Image
image/svg+xml 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/brand/logo-dark.svg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 55568d78493cb7e0ee57d25db4418b7d0514549f94dc27314e7626f886b68f8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"c82-18ca4cfb930"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: zUUfkeHx-cpiPDSI0Ccq7lQmzG8U4_4hnqa34bjk5NGsDraQhzBaqQ==

GET
H2 200 4a8c97c.modern.js Show response
www.foreks.com/_nuxt/ 94 KB
31 KB 19ms
13ms Script
application/javascript 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.foreks.com/_nuxt/4a8c97c.modern.js
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/9249113.modern.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: ccae2b61a3aad8c4e607d727eb78e09f10c040b45f9188dcd461281a188ec3e8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 12:27:17 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 31 Oct 2023 13:39:48 GMT
x-amz-cf-pop: DUS51-P1
age: 5898702
etag: W/"17954-18b85f638a0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: FkwN04G31zK73zYu5W9MNjfRfRUPT-GO85hu8VqYui9U95vX3zy5lw==

GET
H2 200 forinvest-1.png
www.foreks.com/img/ 70 KB
70 KB 30ms
24ms Image
image/png 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/forinvest-1.png
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: cb8f1d149e89e2fc12e167bca2ffd7d934fac475417136b6ad6369a514523a4e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"117a2-18ca4cfb930"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 71586
x-amz-cf-id: CPMGORmXTVYCoUp9oBxfASPgq83yhEFdmhbeeOUg2WaDDf8SnGieWA==

GET
H2 200 app-store@2x.png
www.foreks.com/img/ 11 KB
12 KB 39ms
33ms Image
image/png 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/app-store@2x.png
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 4512e492257199f988691a0f342b97d0a0d0956bb867996666dc966e24862b71

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"2d6b-18ca4cfb930"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 11627
x-amz-cf-id: J4mCx9w5Pkq0b6UTeJKwpY-tYt9MiOsntIxZqOXmkFHTFWETDo9HgA==

GET
H2 200 google-play@2x.png
www.foreks.com/img/ 18 KB
18 KB 41ms
36ms Image
image/png 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/google-play@2x.png
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 932ffc85d925259f1a133aec23869b5d519252b9e4acc58faaf076d9c077e06e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"469d-18ca4cfb930"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 18077
x-amz-cf-id: Uz_bNHP80E9RbeLtamNx2k6B28oAC3MVd1JUYSqpoUZd6SKXRQlprQ==

GET
H2 200 app-gallery@2x.png
www.foreks.com/img/ 14 KB
14 KB 51ms
45ms Image
image/png 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/app-gallery@2x.png
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: fbb6a8fd8eb8b0e9642821c3000b8346b1b64eb8e75f8d55bd5e3be5b3887a96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"3688-18ca4cfb930"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 13960
x-amz-cf-id: I27J7CnKGv7BCuxZLk-hyzKDovTvG5Rn9jFxr4hOR23vkT7PROwdoQ==

GET
H2 200 trader-fxplus@2x.jpg
www.foreks.com/img/ 67 KB
67 KB 48ms
42ms Image
image/jpeg 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/trader-fxplus@2x.jpg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: d222cce9b803f746e839aa0febec4740b5d087d00deb8de050bb20db32164cce

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"10b92-18ca4cfb930"
x-cache: Miss from cloudfront
content-type: image/jpeg
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 68498
x-amz-cf-id: UYNIe5_6g9jSYQKEzKX8pJhO4wRVZWS7WdkckgqvgP-kHisM86fEDw==

GET
H2 200 x-app.svg
www.foreks.com/img/ 415 B
646 B 52ms
47ms Image
image/svg+xml 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/x-app.svg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: c1d5a94de96e16ff5cade47262ae251a766b737cdb70440e0aa96f2f3848f575

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"19f-18ca4cfb930"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: NHY1hn5UxISepeCpLVgfeLsrxI4H-xxAlG6F9Ps5EtjwpVRCTyTOsQ==

GET
H2 200 etbis.jpeg
www.foreks.com/img/ 35 KB
35 KB 53ms
48ms Image
image/jpeg 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/etbis.jpeg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: b6af033ab5b5d74fc4c4a81e72593e34f1c2b76bd74f5a568f69ee7a66026e83

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"8b4b-18ca4cfb930"
x-cache: Miss from cloudfront
content-type: image/jpeg
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 35659
x-amz-cf-id: Pct6kYr0mduOP53ozOghmVeLQQgte3BYims-OEo6vqNgkncxdcWZuw==

GET
H2 200 1704731700454_thumb.jpeg
news-files.foreks.com/images/ 18 KB
19 KB 122ms
61ms Image
image/jpeg 18.154.63.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1704731700454_thumb.jpeg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-73.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8aa36b09195fecaabd62aa061e560b68f9cdae7b1ad5a403d81a5294eadbbaea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: VdvI.P.X3u9WhGM0aef6S_6Z7R.NA_xd
date: Mon, 08 Jan 2024 18:59:00 GMT
via: 1.1 47c4e8338b148239463956ff49af0736.cloudfront.net (CloudFront)
last-modified: Mon, 08 Jan 2024 16:35:01 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
etag: "895c34645a2a7cf6b508586e941dc731"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 18878
x-amz-cf-id: GfgK0RSiiX4X4I7oU2CiyJVLpeeh-wtEj5-g6eFIjRLCHn_bS47EIg==

GET
H2 200 1704730780656_thumb.jpeg
news-files.foreks.com/images/ 6 KB
7 KB 120ms
59ms Image
image/jpeg 18.154.63.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1704730780656_thumb.jpeg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-73.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1f494baf825408402621f56ee70634ffebe173d7f084d07a21436c84ccb430b6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: 54QWWjgj.OQiFZE4RLpaEhnw2bVzhVfJ
date: Mon, 08 Jan 2024 18:59:00 GMT
via: 1.1 47c4e8338b148239463956ff49af0736.cloudfront.net (CloudFront)
last-modified: Mon, 08 Jan 2024 16:19:41 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
etag: "db9c20ddc7ea132279f5c467666ecf73"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 6535
x-amz-cf-id: mPtDyxa3GqDEiyvEkt_oOVrz62orUzRrnQ8HAUggq1WYjWDeg53fKg==

GET
H2 200 1704729841875_thumb.jpeg
news-files.foreks.com/images/ 26 KB
27 KB 130ms
70ms Image
image/jpeg 18.154.63.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1704729841875_thumb.jpeg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-73.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 52d223bf945d4a6585bab0d78752b7dc1cae352a56a5548927aab2c765a27a7c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: 2dIgCkvs9rvynXzHIftjGdX_WWpLmbQN
date: Mon, 08 Jan 2024 18:59:00 GMT
via: 1.1 47c4e8338b148239463956ff49af0736.cloudfront.net (CloudFront)
last-modified: Mon, 08 Jan 2024 16:04:03 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
etag: "cdfeaf7b332ca5f867ff6c9a30a037ab"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 27102
x-amz-cf-id: g1OgXi4Kdq53fm9XGEXJHtWcn_yWJFgxND2LAC57F6o7jCz4pd9H6w==

GET
H2 200 icon-bist.png
www.foreks.com/img/ 6 KB
6 KB 53ms
49ms Image
image/png 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/icon-bist.png
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 666a81a98b9d8ce2098b91b1ae26d1b7262f82c43c3ecf8232622d4f614f9a0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"1636-18ca4cfb930"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 5686
x-amz-cf-id: ySLqP8LivGhgB1t15ZJddPSKtSBRcb5VP9sVIJwtrU6CGdzWHXh3fg==

GET
H2 200 1704726559882_thumb.jpeg
news-files.foreks.com/images/ 25 KB
26 KB 142ms
82ms Image
image/jpeg 18.154.63.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1704726559882_thumb.jpeg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-73.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cff7e05e049290d1830d43a1ba66b28eb98ec8c9d37d51389dbca54c84ea201b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: c1CQwfpqzfR1h_A4lfSAy1dMdL4x2.vI
date: Mon, 08 Jan 2024 18:59:00 GMT
via: 1.1 47c4e8338b148239463956ff49af0736.cloudfront.net (CloudFront)
last-modified: Mon, 08 Jan 2024 15:09:21 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
etag: "8a1a5780e105445882f604216169d62c"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 25752
x-amz-cf-id: nbghsp2EUYBd-6qCw4EDebDRekUwLAGKAE2IgqldNH82tbcBnzO0sA==

GET
H2 200 1704722492667_thumb.jpeg
news-files.foreks.com/images/ 25 KB
26 KB 116ms
56ms Image
image/jpeg 18.154.63.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1704722492667_thumb.jpeg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-73.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 44bcef116097fc595634e5a8fd5f7831a82b0c909f06a4c4ee002edaa404f263

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: JpRU1IrjLuh4fp6pmEFtPnf.GUjL_lO6
date: Mon, 08 Jan 2024 18:59:00 GMT
via: 1.1 47c4e8338b148239463956ff49af0736.cloudfront.net (CloudFront)
last-modified: Mon, 08 Jan 2024 14:01:33 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
etag: "6e827d069c13dc5145c2c425101f7456"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 25942
x-amz-cf-id: azyJ7LtrPkdI7QO4foO8A9u3KhDvCCzyZKR-IOfCAau5zu36iuNcZQ==

GET
H2 200 1704718962342_thumb.jpeg
news-files.foreks.com/images/ 21 KB
21 KB 145ms
85ms Image
image/jpeg 18.154.63.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1704718962342_thumb.jpeg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-73.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cb9185e9d6ebbe344bac8715e379c56a62cdff9845f283d951d513a700683340

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
x-amz-version-id: _vy7z4PO05o4jsrQsgweSt.pOc5cA7Ho
via: 1.1 47c4e8338b148239463956ff49af0736.cloudfront.net (CloudFront)
last-modified: Mon, 08 Jan 2024 13:02:43 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
etag: "8512875f3ef9e478faf4aa0016ebfc8e"
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 21308
x-amz-cf-id: TkhapMXkMYz78Xg20hu3bYE3MmamFggLdxXOCDhEGIr17Ypg5tgfog==

GET
H2 200 1704716808164_thumb.jpeg
news-files.foreks.com/images/ 22 KB
22 KB 83ms
78ms Image
image/jpeg 18.154.63.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1704716808164_thumb.jpeg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-73.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: adfb37aca7f5fcd929ff53a7ca41eeed3de50f0ef3728a6ffadfb5bb6915cbf6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: 0ipJ.14c7tkc9mPEdEPBzpWaQ5a2rNuh
date: Mon, 08 Jan 2024 18:59:00 GMT
via: 1.1 47c4e8338b148239463956ff49af0736.cloudfront.net (CloudFront)
last-modified: Mon, 08 Jan 2024 12:26:49 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
etag: "9e0214d5b75f9fc8df5a5bdc8ba9b109"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 22348
x-amz-cf-id: XdBHFJe0ObeSqyFGYDXcC2zq6wcvX89YA5-863mDerEEpPL6SOuHBg==

GET
H2 200 1704715392222_thumb.jpeg
news-files.foreks.com/images/ 14 KB
14 KB 80ms
75ms Image
image/jpeg 18.154.63.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1704715392222_thumb.jpeg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-73.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 339c99dca268ba6cec38f366324b92e7dc7d24438768d8b21e9f16e0d6fd9663

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: AM0y8WdCa.OBYPp445wtMXQnXJKdekWg
date: Mon, 08 Jan 2024 18:59:00 GMT
via: 1.1 47c4e8338b148239463956ff49af0736.cloudfront.net (CloudFront)
last-modified: Mon, 08 Jan 2024 12:03:13 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
etag: "f833ff4028401d633e905983001394fc"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 14280
x-amz-cf-id: cigi4S848e0tdRSekYp7Ikid8IyaMZk4SkjpBfpkPXUsduddcZumOQ==

GET
H2 200 1704715094140_thumb.jpeg
news-files.foreks.com/images/ 20 KB
20 KB 95ms
90ms Image
image/jpeg 18.154.63.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1704715094140_thumb.jpeg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-73.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9c2fc7307943988ca28efd7763c2205045bf18310cb2147458ab5b3bdfc73116

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
x-amz-version-id: CePyV0kdl3ROkM6mqr6dh4t43HoMjZ5g
via: 1.1 47c4e8338b148239463956ff49af0736.cloudfront.net (CloudFront)
last-modified: Mon, 08 Jan 2024 11:58:15 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
etag: "0ccaf066436b26a35b574a737a76fc99"
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 20450
x-amz-cf-id: cEzvfAZXwyhRwOnnKRnDD7BP8bkuIZYOV41061g2twoZ_zMzuteAgg==

GET
H2 200 1704714667851_thumb.jpeg
news-files.foreks.com/images/ 26 KB
27 KB 78ms
72ms Image
image/jpeg 18.154.63.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1704714667851_thumb.jpeg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-73.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ea475eb5b869c80449c68b26f26dcdc596d53ea956ac9382566d4f70064bbeed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: KDY9zV3a0SEPffVzR8ivlAj3vTPY9Ppb
date: Mon, 08 Jan 2024 18:59:00 GMT
via: 1.1 47c4e8338b148239463956ff49af0736.cloudfront.net (CloudFront)
last-modified: Mon, 08 Jan 2024 11:51:08 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
etag: "a0298285c22c1619e5326ee17b194d25"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 26915
x-amz-cf-id: U9E8T39el3nD1XOWGXJ8AAfjr0e3FazKKogZoZpX7BOrLXTbRg810g==

GET
H2 200 1704713670125_thumb.jpeg
news-files.foreks.com/images/ 12 KB
12 KB 94ms
89ms Image
image/jpeg 18.154.63.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1704713670125_thumb.jpeg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-73.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 44c582726a868fd32d871de80b1dceb00d20454d9815a37a912eb384eb27314a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: 9O0e0L8VAbv5l1Mb6WUgcZPLb66Mavxk
date: Mon, 08 Jan 2024 18:59:00 GMT
via: 1.1 47c4e8338b148239463956ff49af0736.cloudfront.net (CloudFront)
last-modified: Mon, 08 Jan 2024 11:34:31 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
etag: "14e5c8ee6029c1126fd42c3260999ab9"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 12126
x-amz-cf-id: 4zGf3AWDS1CU5oD6nrzp17eymVlhQeFq9X3WrM186vqA6ssk1_wMhg==

GET
H2 200 1704712329028_thumb.jpeg
news-files.foreks.com/images/ 24 KB
25 KB 69ms
64ms Image
image/jpeg 18.154.63.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1704712329028_thumb.jpeg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-73.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3935edf8c6ce63a740b60b281c11bfeed2beed83b7be0612cd8a9412a53c4ab0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: c3aA63GHFRTC66lZmwkCL.sSh7aiKt0H
date: Mon, 08 Jan 2024 18:59:00 GMT
via: 1.1 47c4e8338b148239463956ff49af0736.cloudfront.net (CloudFront)
last-modified: Mon, 08 Jan 2024 11:12:10 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
etag: "55825783ca28e1f08501abfad3ee49f0"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 24702
x-amz-cf-id: VZnWVMN8Fk1vdFitpKCJzs3iovcKnRkX8vqSMxPfIr43vTnaw_cXlw==

GET
H2 200 US@3x.png
www.foreks.com/img/flags/ 7 KB
7 KB 34ms
30ms Image
image/png 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/flags/US@3x.png
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 178c85dd1cd4028c38f2a5812f63414c9d0bc67308a56227ffc9f18e5e2fa863

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"1c56-18ca4cfb930"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 7254
x-amz-cf-id: 6Gnj6X985g_x50pKXkavbY_RvDntYBZgTShJTvRyBTSuX8gNfpoLjQ==

GET
H2 200 EU@3x.png
www.foreks.com/img/flags/ 4 KB
4 KB 38ms
35ms Image
image/png 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/flags/EU@3x.png
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 0f9eae9df4a466cc9addece97de7d812741e1cac54ce97f94e08a467f13b0d3e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"1058-18ca4cfb930"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 4184
x-amz-cf-id: mwdJJSCSfQiLSQeRhU8GOi2NeKmjcp_KuDLIVKUl4JRl1eaVsuiT3g==

GET
H2 200 GB@3x.png
www.foreks.com/img/flags/ 3 KB
3 KB 45ms
41ms Image
image/png 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/flags/GB@3x.png
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 96d2738ac93887026499a36bbead36fbb3307af0389119ce89bff112618577ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"ab7-18ca4cfb930"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 2743
x-amz-cf-id: Z7hQGIOGxLo6h3_0i8xX7wJpm3aTw0-nVVClKNOaHr3ipa1nC-6wCw==

GET
H2 200 CH@3x.png
www.foreks.com/img/flags/ 569 B
887 B 43ms
39ms Image
image/png 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/flags/CH@3x.png
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 42e6e358bc7f764358842d65d23e2fa64dca92a503e253654538a43236ee3562

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"239-18ca4cfb930"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 569
x-amz-cf-id: uBOzA6Y2fhbBMcyMKYetuWUTAxDxv2TLsJu5pa_7g1nOyByBb6YX1Q==

GET
H2 200 CA@3x.png
www.foreks.com/img/flags/ 3 KB
3 KB 49ms
46ms Image
image/png 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/flags/CA@3x.png
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: b2fcfbc79f4d51f9afaa3f8c42ce6b8ade64c1c36f599876bbd018a69eb6301d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"a47-18ca4cfb930"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 2631
x-amz-cf-id: wxgA_8u0-z-qTAh3JX0k2W8O9DSWBTBsV6dVgtsa7WeG6q4EzuH_fg==

GET
H2 200 1704711654945_thumb.jpeg
news-files.foreks.com/images/ 3 KB
4 KB 81ms
76ms Image
image/jpeg 18.154.63.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1704711654945_thumb.jpeg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-73.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 15f5b48fea2eba3149d89e554cc32840fda209c53da2269f5c163a22c80fdfd1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: 8LUvFh9J3PRJWe4Y3Msgzv0jubvcRsRo
date: Mon, 08 Jan 2024 18:59:00 GMT
via: 1.1 47c4e8338b148239463956ff49af0736.cloudfront.net (CloudFront)
last-modified: Mon, 08 Jan 2024 11:00:56 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
etag: "8a92de2f8cdac378a31362c9bf996727"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 3424
x-amz-cf-id: Ux5TRHX9_cmTSeP72rbAa0gQquSMyCakGgw3Sdp6hCsGzebLUEIqRg==

GET
H2 200 1704710826977_thumb.jpeg
news-files.foreks.com/images/ 16 KB
16 KB 97ms
92ms Image
image/jpeg 18.154.63.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1704710826977_thumb.jpeg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-73.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 084d1ab9612bfe764a12bca357591614c1ab8e066ba5057bc31072e9d3685037

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: EzHshXieO0Ro5rgXDkC_Al0Tg0SsT56e
date: Mon, 08 Jan 2024 18:59:00 GMT
via: 1.1 47c4e8338b148239463956ff49af0736.cloudfront.net (CloudFront)
last-modified: Mon, 08 Jan 2024 10:47:08 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
etag: "7c17f801580d0d6319aa095e4dc39c2e"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 16141
x-amz-cf-id: R7wsyQEjR9Qi6he1R2bD91cxoVMXJuzqPpdDvZopzPby9V_Ozd1tcg==

GET
H2 200 1704709821289_thumb.jpeg
news-files.foreks.com/images/ 9 KB
9 KB 56ms
51ms Image
image/jpeg 18.154.63.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1704709821289_thumb.jpeg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-73.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e95af539420559a250994e6cb58b697631778cad3bb789f53fdc776097845132

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: _iCRiPVnXGM_Bv.PfPGwJODNzaz2YS2g
date: Mon, 08 Jan 2024 18:59:00 GMT
via: 1.1 47c4e8338b148239463956ff49af0736.cloudfront.net (CloudFront)
last-modified: Mon, 08 Jan 2024 10:30:22 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
etag: "0d4b11995909f3a669a6bcd9f8223410"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 9143
x-amz-cf-id: hw7-ADNKdnXHuU7dwXhgw9D0NFBUjM7E28TVkwGoab62aFvITu3JXQ==

GET
H2 200 XAUUSD.svg
www.foreks.com/img/flags/ 1 KB
1 KB 40ms
38ms Image
image/svg+xml 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/flags/XAUUSD.svg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 806bd0ebadf98dbdfee863e715a395ab7a2a82eddefd365648deb48ef592302c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"595-18ca4cfb930"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: yD2d5IqmHsjRaZB1lEM5CkbjAnXNoTaXZPITPnfFbmPSIkzVzoofKQ==

GET
H2 200 GAUTRY.svg
www.foreks.com/img/flags/ 1 KB
852 B 39ms
37ms Image
image/svg+xml 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/flags/GAUTRY.svg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 33fb46b1d3bd789033cbb8cfa7b72c00c9c0be7eecedde183c253668d3fa4a1b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"50a-18ca4cfb930"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: _3NtVdrr8V2NJ39RJ85Qw6qUO0NDefvF7kRFZN2RGXVdHm0J4W9AJw==

GET
H2 200 SGCEYREK.svg
www.foreks.com/img/flags/ 694 B
684 B 49ms
47ms Image
image/svg+xml 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/flags/SGCEYREK.svg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: a7871476057d36f6562b06be9d18fdea94c2265820128c364c815d8b24831030

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"2b6-18ca4cfb930"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: Z9aoO3qu5KCpfh-p7u8KPPXk7mkSv-Z6Xl5hRx1BFbZar_rl7zpP3g==

GET
H2 200 SGYARIM.svg
www.foreks.com/img/flags/ 727 B
691 B 40ms
38ms Image
image/svg+xml 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/flags/SGYARIM.svg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 44017113e515baeb9edbc21bd74660937194feead9156878006411232f1e4302

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"2d7-18ca4cfb930"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: t5x7XsnHQj4bMgSkuvMsWWqgNgSeqneG2NCSKuBHyTMu8UmIy0MtTg==

GET
H2 200 SCUM.svg
www.foreks.com/img/flags/ 1 KB
858 B 38ms
37ms Image
image/svg+xml 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/flags/SCUM.svg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 33fb46b1d3bd789033cbb8cfa7b72c00c9c0be7eecedde183c253668d3fa4a1b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"50a-18ca4cfb930"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: WKr_t0x9mfrS8lli29FtE4Iafbu_5ka2Fym8qpXOJ25MQ__i5PsHnA==

GET
H2 200 1704708997323_thumb.jpeg
news-files.foreks.com/images/ 20 KB
20 KB 89ms
84ms Image
image/jpeg 18.154.63.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1704708997323_thumb.jpeg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-73.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3ee6a49f4818706bc8b190dce5ebed504bde4f84ad74e09d40c1ab304c8255d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: AKIlXCzTs5awHhpEpea2K9AwGj53v3YO
date: Mon, 08 Jan 2024 18:59:00 GMT
via: 1.1 47c4e8338b148239463956ff49af0736.cloudfront.net (CloudFront)
last-modified: Mon, 08 Jan 2024 10:16:38 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
etag: "98795c2614640ca4f205d6778897485b"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 20071
x-amz-cf-id: -d2rcF38HX8pZMHNL4Bc_vBXQUqdfQzFYWVZKPPU1WskwZeGx3WItA==

GET
H2 200 1704703565928_thumb.jpeg
news-files.foreks.com/images/ 13 KB
13 KB 92ms
87ms Image
image/jpeg 18.154.63.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1704703565928_thumb.jpeg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-73.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7d75f1e19e34aba94b7915a3319156152d0b9b13716821e6459e4a2341285ab5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: IO5KogFnRYZ_1VDhG0olXIS0aj0FjKyz
date: Mon, 08 Jan 2024 18:59:00 GMT
via: 1.1 47c4e8338b148239463956ff49af0736.cloudfront.net (CloudFront)
last-modified: Mon, 08 Jan 2024 08:46:07 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
etag: "22942ce1e1b00f33f331bae44d4880df"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 12859
x-amz-cf-id: fYDjwd78InKEjC2IGhc1ehFNAANaAi2N0ZsqUz2NpwqwjYsbZUucgQ==

GET
H2 200 1704707340136_thumb.jpeg
news-files.foreks.com/images/ 29 KB
29 KB 95ms
90ms Image
image/jpeg 18.154.63.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1704707340136_thumb.jpeg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-73.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a6480d5583c337bf4b92a83cd56202c2a52e735756f82cccfa3b57d649b5ad4b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: RDOCpPIEIGbS0vVlbgnbdzihX5nLL6Qy
date: Mon, 08 Jan 2024 18:59:00 GMT
via: 1.1 47c4e8338b148239463956ff49af0736.cloudfront.net (CloudFront)
last-modified: Mon, 08 Jan 2024 09:49:01 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
etag: "2a9e6e92c11979f86f3e5c964d99ac4f"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 29588
x-amz-cf-id: PeAlvdyiugXmGiMnyP_x21ZOszZr0wy2JOOkMrDJCbBZhio5oMme1g==

GET
H2 200 btc.png
www.foreks.com/img/flags/crypto-icons/ 1 KB
2 KB 42ms
40ms Image
image/png 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/flags/crypto-icons/btc.png
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 6a00ef2670157738264638d4f31a657e3990ec342fd82599617f8934f4f9de72

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"5e2-18ca4cfb930"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 1506
x-amz-cf-id: zC1ylSL1KGTcNyUwanmtUTz4Yt-Ymh6HZFl77fUoqQ7P_XElua92xA==

GET
H2 200 usdt.png
www.foreks.com/img/flags/crypto-icons/ 2 KB
3 KB 40ms
39ms Image
image/png 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/flags/crypto-icons/usdt.png
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: eb658766bc0865b719c76913b6b82ba32d0e14660216bf8d6d3953e30ad3e06d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"9a9-18ca4cfb930"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 2473
x-amz-cf-id: 9O2TBndP9BMyUrrApTMgBWqSJoupjq4igvKovKgO3bOwrua322smlg==

GET
H2 200 eth.png
www.foreks.com/img/flags/crypto-icons/ 3 KB
3 KB 51ms
50ms Image
image/png 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/flags/crypto-icons/eth.png
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: eebe29898b8b7de5c9e47daab474152be8095e3ab42d768b84b085c5a12b95c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"adc-18ca4cfb930"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 2780
x-amz-cf-id: z4uBRa7TZV0eBvI5Gbdft9HlamPs05Kvd5b6roApsu2ldQqgrQW0dw==

GET
H2 200 doge.png
www.foreks.com/img/flags/crypto-icons/ 4 KB
4 KB 46ms
44ms Image
image/png 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/flags/crypto-icons/doge.png
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 47fb417f6b72c4edc08dfb90a376b2c88b3b51992bf3c83dd14e011edba2f339

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"109b-18ca4cfb930"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 4251
x-amz-cf-id: PACSceDgoWkZLYBfJ8tNzutw8UwX1u1kB6HKmC3wZUS2mQfX2rakww==

GET
H2 200 xmr.png
www.foreks.com/img/flags/crypto-icons/ 2 KB
3 KB 44ms
42ms Image
image/png 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/flags/crypto-icons/xmr.png
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: aeb35390525c9a2ff55b35bceabd869925940837d658ac837fd1603db2c1455f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"95c-18ca4cfb930"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 2396
x-amz-cf-id: QWVFwhUC7qlwlaQlU2_6qs-wz7tFEQnHzRyIzBWBBiT7A5wqVgD4tg==

GET
H2 200 1704706891562_thumb.jpeg
news-files.foreks.com/images/ 16 KB
16 KB 90ms
86ms Image
image/jpeg 18.154.63.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1704706891562_thumb.jpeg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-73.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7e31b56f9b340d357de43ee58d72a6ea2dcb0dace14abcc4d7b801dc6bb18f71

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: 49WDnGIdCXq7TesFykwcvaAwiPQSzrCL
date: Mon, 08 Jan 2024 18:59:00 GMT
via: 1.1 47c4e8338b148239463956ff49af0736.cloudfront.net (CloudFront)
last-modified: Mon, 08 Jan 2024 09:41:32 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
etag: "0fb92f5639994cc61a3435d93f9de2eb"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 16272
x-amz-cf-id: YQZOYk_dNzXau7DcggJoLtVFrPoJtgdAVHWXnKaFEMZ8H-4mdeGmjA==

GET
H2 200 1704706638262_thumb.jpeg
news-files.foreks.com/images/ 15 KB
15 KB 89ms
85ms Image
image/jpeg 18.154.63.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1704706638262_thumb.jpeg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-73.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d517789f7f2287f125d0e691b3a03f1750120104b436360b69811393e0958149

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: 44SU6bxhGFHCLSmHc3V4S0KPiC0ivsgF
date: Mon, 08 Jan 2024 18:59:00 GMT
via: 1.1 47c4e8338b148239463956ff49af0736.cloudfront.net (CloudFront)
last-modified: Mon, 08 Jan 2024 09:37:19 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
etag: "017780fcd7c5cdaf61fcc5ab41744b8e"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 15289
x-amz-cf-id: 32f36-ROsNMaM32mbefbeDiT6Dv592xkJuCcA5KQBWKbvZ72CqpwaQ==

GET
H2 200 1665338243719_thumb.jpeg
news-files.foreks.com/images/ 17 KB
17 KB 87ms
83ms Image
image/jpeg 18.154.63.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1665338243719_thumb.jpeg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-73.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 31503700561854889f00738eb4abc910732ca6655a6593b0491a1e20dfbabd84

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: xADPH0HlrKyjLnqqttdKHP5U40kWnC1.
date: Mon, 08 Jan 2024 18:59:00 GMT
via: 1.1 47c4e8338b148239463956ff49af0736.cloudfront.net (CloudFront)
last-modified: Sun, 09 Oct 2022 17:57:24 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
etag: "372ced885c9f8958957438e5698d4dc9"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 17383
x-amz-cf-id: 8C0o2XhptuyvR1kisGA7BlPevMAN5FXOFVPC-INNoOjajU1Q6O8AJg==

GET
H2 200 logo-forinvest.svg
www.foreks.com/img/ 7 KB
4 KB 40ms
39ms Image
image/svg+xml 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/logo-forinvest.svg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 084dfc6236ad61686eccbb10710be44b70afddf750aad7694f1ae81c92c79b20

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"1d83-18ca4cfb930"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: VUoK9IyWTSM2tetYuHfpJ5EkzCi9BTrzFaMd2QL_8aPUggbdpjElHg==

GET
H2 200 foreks-haber.svg
www.foreks.com/img/ 10 KB
4 KB 41ms
40ms Image
image/svg+xml 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/foreks-haber.svg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: c41da4ed8360857d1789b6356a4562ac9a0c57d7dbf0d5e9571372abd73bc162

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"26f8-18ca4cfb930"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: yZ03C-q-6LL4Eo6hOmCccrSpuM9P9i9LhyilvZg6LGhEm8Pv0cHRbg==

GET
H2 200 icoPhone.png
www.foreks.com/img/ 7 KB
7 KB 33ms
16ms Image
image/png 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/icoPhone.png
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 47444c3556b254a17d7b6fee8d662cefd56d998a48ee6c36974ef6c7a668b9b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"1c7e-18ca4cfb930"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 7294
x-amz-cf-id: GSGhTVePMbdsIWc_ilo4hUibTYSdmZaL37F2vaVLCjwe_Il0ZNqrFQ==

GET
H2 200 send.svg
www.foreks.com/img/ 1 KB
980 B 31ms
14ms Image
image/svg+xml 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/send.svg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: cc79a1c2e75cb8a81a7df1aab90877149ae77867bb537fbf22c62a0977658344

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"558-18ca4cfb930"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: 4sBpMsLVhDvIWLKbksJve__lVtiv5WNtucuaKvQuQR1J8jQjxrFVLg==

GET
H2 200 logoTeamViewer.webp
www.foreks.com/img/ 15 KB
15 KB 32ms
15ms Image
image/webp 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/logoTeamViewer.webp
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 1f7401be53d97db43455bdbcedc182e33833c813e66543e44cdeb1de45615e0d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"3a4c-18ca4cfb930"
x-cache: Miss from cloudfront
content-type: image/webp
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 14924
x-amz-cf-id: 7hxpB1bhNILnMxoxQyrvIVxMNFOzshRZzJ3hVxykxBsiuxxRO_onEg==

GET
H2 200 last Show response
www.foreks.com/api/news/ 5 KB
3 KB 28ms
28ms XHR
application/json 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/news/last?last=6&locale=tr&source=PICNEWS&tag=HEADLINE

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

45aba51b4a9fd6f6716cf981b873ff9755c803a6f3cb28bfb9f00e745a6a5239

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json; charset=utf-8
vary: Origin, Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=60
access-control-allow-credentials: true
x-ratelimit-reset: 1704740388
x-ratelimit-limit: 500
x-amz-cf-id: 9JKlNm1rhK5mUs73ALwMIu8w43kiP55bhmrSIcU5tNnQHK7nZ1ko9A==

GET
H2 200 financial-calendar Show response
www.foreks.com/api/ 81 KB
10 KB 21ms
20ms XHR
application/json 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/financial-calendar?from=20240108000000&to=20240108235959&lang=tr

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

bb59aae963092ebbb9554935feae1d631c8d7550f963b8ead804ea39d76998c3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json
vary: Origin, Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=260
access-control-allow-credentials: true
x-ratelimit-reset: 1704740388
x-ratelimit-limit: 500
x-amz-cf-id: B6lUM7zvxYlBiQJizSg_5vCDqX7GXHVAvARvFL5fq6IhlFLv-fhSbg==

GET
H2 200 youtube-rss Show response
www.foreks.com/api/ 36 KB
7 KB 19ms
19ms XHR
text/xml 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/youtube-rss?channelId=UCBbRYu2nqeGGsRrKu5jh-Pw

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

YouTube RSS Feeds server /

Resource Hash

8fef85d0ee4bf6b4399b0a416fbbdb8a5fc71800ef98bfb7433da04b09159c1e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
content-length: 5759
x-xss-protection: 0
referrer-policy: no-referrer
server: YouTube RSS Feeds server
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: text/xml; charset=UTF-8
vary: Origin, Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=174
access-control-allow-credentials: true
x-ratelimit-reset: 1704740028
x-ratelimit-limit: 500
x-amz-cf-id: n9-e-EOD2zmwGc_NJWLEH6ijecVVFKveX26W7f54HeEM3dVb3RFGRA==
expires: Mon, 08 Jan 2024 19:06:53 GMT

GET
H2 200 youtube-rss Show response
www.foreks.com/api/ 36 KB
7 KB 17ms
14ms XHR
text/xml 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/youtube-rss?channelId=UCBbRYu2nqeGGsRrKu5jh-Pw

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

YouTube RSS Feeds server /

Resource Hash

8fef85d0ee4bf6b4399b0a416fbbdb8a5fc71800ef98bfb7433da04b09159c1e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
content-length: 5759
x-xss-protection: 0
referrer-policy: no-referrer
server: YouTube RSS Feeds server
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: text/xml; charset=UTF-8
vary: Origin, Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=174
access-control-allow-credentials: true
x-ratelimit-reset: 1704740028
x-ratelimit-limit: 500
x-amz-cf-id: cJcczLEw5kTWf-jIUuFnnlYXNJNmSg24jzfnEJmUoSECn9jaIjx_rA==
expires: Mon, 08 Jan 2024 19:06:53 GMT

GET
H2 200 last Show response
www.foreks.com/api/news/ 4 KB
3 KB 19ms
17ms XHR
application/json 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/news/last?last=4&locale=tr&source=PICNEWS&tag=HEADLINE

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

84ec73bf5c442323c5fb7a77ddb52d555c74559717d1c9500872528a6f676032

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 479
content-type: application/json; charset=utf-8
vary: Origin, Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=20
access-control-allow-credentials: true
x-ratelimit-reset: 1704740388
x-ratelimit-limit: 500
x-amz-cf-id: ieLTTxdy9I95OLscldRr6J58A57JkMPs6GT_82lLJQvpNXIEdukTXw==

GET
H2 200 last Show response
www.foreks.com/api/news/ 8 KB
3 KB 27ms
26ms XHR
application/json 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/news/last?last=10&locale=tr&source=FRKS&tag=FRKS-W

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

d815bc66c3283a00192965dfe2248be7e9e7fdf21dceea1364c0fdaaa5889f4c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 497
content-type: application/json; charset=utf-8
vary: Origin, Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=7
access-control-allow-credentials: true
x-ratelimit-reset: 1704740388
x-ratelimit-limit: 500
x-amz-cf-id: vELdj-CzLyAwsiEeZ_07XLZKAF7giwEBz33z1TQ6gOGFladfSPoBYw==

GET
H2 200 intraday Show response
www.foreks.com/api/historical/ 2 KB
1 KB 23ms
23ms XHR
application/json 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/historical/intraday?code=USD/TRL&period=60&last=24

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

9e07d9ec8e82eb4fa3943845db09a2d069a8edfe194e3b3c03029a857009623d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 497
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=1
access-control-allow-credentials: true
x-ratelimit-reset: 1704740388
x-ratelimit-limit: 500
x-amz-cf-id: Yf7pxMzyM6xlg8raJwwwxr3SpOxQ_2mB4fxPpqdhtOsX4KakTynP2Q==

GET
H2 200 intraday Show response
www.foreks.com/api/historical/ 2 KB
2 KB 27ms
27ms XHR
application/json 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/historical/intraday?code=XU100.I.BIST&period=1&last=24

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

41843d248056a3ffa490dd390a6c077342e8ce37d2ae60e7bb9a1dd33fcac301

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 498
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=10
access-control-allow-credentials: true
x-ratelimit-reset: 1704740388
x-ratelimit-limit: 500
x-amz-cf-id: 1Ol4H7UxwxLhrOE7lr4SnIi61Ty1wShJ4xR02a4y6xgZssZRcX8Z-g==

GET
H2 200 history Show response
www.foreks.com/api/historical/ 3 KB
2 KB 55ms
54ms XHR
application/json 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/historical/history?symbol=XU100.I.BIST&resolution=60&from=1704304800000&to=1704736800000

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

85c2bff65ad5b190bcc028a7d91d977938e18c2960259beb8dcf5145fb5d0f1f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:58:59 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=10
access-control-allow-credentials: true
x-ratelimit-reset: 1704740388
x-ratelimit-limit: 500
x-amz-cf-id: 90Gho9oY_Dsx53OnDtH6o-nlAMm5T9KygWR6b77YjCMa9qwwg5pcjA==

GET
H2 200 history Show response
www.foreks.com/api/historical/ 26 KB
10 KB 72ms
72ms XHR
application/json 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/historical/history?symbol=XU100.I.BIST&resolution=D&from=1673564400000&to=1704740339000

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

51084ebf49f9c58b1ac49e69f1d3ae175be4ce398d43b7c7715de9bede6947a3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 498
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=10
access-control-allow-credentials: true
x-ratelimit-reset: 1704740388
x-ratelimit-limit: 500
x-amz-cf-id: iL620hwHaLvYBc3mZP081LlEuO98SAjVQyaawJ_FlPHNb-1cymB2aQ==

GET
H2 200 intraday Show response
www.foreks.com/api/historical/ 2 KB
1 KB 90ms
89ms XHR
application/json 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/historical/intraday?code=USD/TRL&period=1&last=24

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

a13e884d6656462348faecfc7185ab2d0a575e2cd62ebecc053e83a621790d01

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 498
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=10
access-control-allow-credentials: true
x-ratelimit-reset: 1704740388
x-ratelimit-limit: 500
x-amz-cf-id: -pEhFQCqCNM8CpyBlx9HnlIW-5JBaO5oB-6eUEQqf8g9DKUGlmuYuw==

GET
H2 200 history Show response
www.foreks.com/api/historical/ 5 KB
2 KB 65ms
65ms XHR
application/json 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/historical/history?symbol=USD/TRL&resolution=60&from=1704304800000&to=1704736800000

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

883be0f894fc4951fd0407629f16d91dccb9d6a51c14da9a244f18129ed14d24

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=10
access-control-allow-credentials: true
x-ratelimit-reset: 1704740388
x-ratelimit-limit: 500
x-amz-cf-id: -Lj-g9JfxK_lAXhJbM-auQ4QumlueUUskDQ4WanmMTiXw-xTIQKuDg==

GET
H2 200 history Show response
www.foreks.com/api/historical/ 17 KB
5 KB 66ms
66ms XHR
application/json 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/historical/history?symbol=USD/TRL&resolution=D&from=1673564400000&to=1704740339000

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

6bee848969d05548d45dcc23a41786cd8d7911a4de25e38081042bb494109360

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=10
access-control-allow-credentials: true
x-ratelimit-reset: 1704740388
x-ratelimit-limit: 500
x-amz-cf-id: wND0lvXdtmphDC-nb3R2CZVtgU5_6hCMj4iKbGvXhgaVSA_DPKpzoA==

GET
H2 200 intraday Show response
www.foreks.com/api/historical/ 2 KB
1 KB 88ms
88ms XHR
application/json 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/historical/intraday?code=XAU/USD&period=1&last=24

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

f2d05f39822a17b55e801e6e5f907efd491c30b7e8574eaf6fe5be5fbfbba648

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=10
access-control-allow-credentials: true
x-ratelimit-reset: 1704740388
x-ratelimit-limit: 500
x-amz-cf-id: EgOz8Z5U9gD9x5wlA3IXEpbDaQ2fGZcSrGkCkkUM3lUM3wbmlV9fVQ==

GET
H2 200 history Show response
www.foreks.com/api/historical/ 5 KB
2 KB 65ms
65ms XHR
application/json 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/historical/history?symbol=XAU/USD&resolution=60&from=1704304800000&to=1704736800000

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

7fc04564513aeaf36af3cd6058820b56bb7862b0d94eaf974a42d880fc7e5ca8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=10
access-control-allow-credentials: true
x-ratelimit-reset: 1704740388
x-ratelimit-limit: 500
x-amz-cf-id: Cu6FwNb4zbms2TyPEgGKxivbKqcFmCopzGMryAcskiqocX3g0_llCA==

GET
H2 200 history Show response
www.foreks.com/api/historical/ 17 KB
6 KB 69ms
68ms XHR
application/json 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/historical/history?symbol=XAU/USD&resolution=D&from=1673564400000&to=1704740339000

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

dda2af63e1ccbcf97f5c23c6f9efb37c40c3b7efc10954209172f664e7a52385

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 498
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=10
access-control-allow-credentials: true
x-ratelimit-reset: 1704740388
x-ratelimit-limit: 500
x-amz-cf-id: oQUj0HaP9nHm1_pn5YjVnKDwIMomz4SvFx1TH3tLmq7mRk131V5zAA==

GET
H2 200 intraday Show response
www.foreks.com/api/historical/ 2 KB
1 KB 115ms
115ms XHR
application/json 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/historical/intraday?code=BTCUSD:BNN&period=1&last=24

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

d9ee64664bd309bcb0f0b6a8f8cd49db71bdba8ba3276e3d39d8c721c9c55b68

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=10
access-control-allow-credentials: true
x-ratelimit-reset: 1704740388
x-ratelimit-limit: 500
x-amz-cf-id: jeXwr3oDFxe54_087qBe_vwiPP-L0pttKmJFk0H62eHP-IvPdZIw-g==

GET
H2 200 history Show response
www.foreks.com/api/historical/ 8 KB
3 KB 73ms
73ms XHR
application/json 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/historical/history?symbol=BTCUSD:BNN&resolution=60&from=1704304800000&to=1704736800000

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

d736fce89948bed318a12e26b2f45fb03e9b696bc7126f93ab37aa336c753211

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 498
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=10
access-control-allow-credentials: true
x-ratelimit-reset: 1704740388
x-ratelimit-limit: 500
x-amz-cf-id: 1yH9wsV4MFT3nkZHi4jtHQTHRN7MvTKtgW5bnsKbeuDvHfVRBgYt1w==

GET
H2 200 history Show response
www.foreks.com/api/historical/ 24 KB
8 KB 64ms
59ms XHR
application/json 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/historical/history?symbol=BTCUSD:BNN&resolution=D&from=1673564400000&to=1704740339000

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

d03ddfe5ee7c2f43d9cc2d9d9fe7eebb1e6c12ce7a3e282e121bce75f25d8ffb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 498
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=10
access-control-allow-credentials: true
x-ratelimit-reset: 1704740388
x-ratelimit-limit: 500
x-amz-cf-id: 8yX0DQqoSTZ9A-yie6hhNe4rLjV1xHXvu6JHFBZa9W9XlgSNqAeWqQ==

GET
H2 200 ic-youtube.5414add.svg
www.foreks.com/_nuxt/img/ 1 KB
962 B 16ms
15ms Image
image/svg+xml 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/_nuxt/img/ic-youtube.5414add.svg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/css/7a1a132.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 8201b02c2df0c6496a05372d58423399054d4553832a91fcc83150854c39ad7f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/_nuxt/css/7a1a132.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 19 Sep 2023 19:44:48 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Mon, 18 Sep 2023 14:00:53 GMT
x-amz-cf-pop: DUS51-P1
age: 9587651
etag: W/"536-18aa8981208"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 1syj-trqSiT2UN6G9XM5Sj4Od_ooUwSzmmC30A5Eigi-GGZjKxAXPw==

GET
H2 200 video-play.8cd1c53.svg
www.foreks.com/_nuxt/img/ 2 KB
1 KB 16ms
16ms Image
image/svg+xml 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/_nuxt/img/video-play.8cd1c53.svg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/css/7a1a132.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: c22f9d5f6507963d8f78d019c222001b4e6f0819bb2fac28c8b02353f667b80b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/_nuxt/css/7a1a132.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 17:26:12 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Mon, 18 Sep 2023 14:00:53 GMT
x-amz-cf-pop: DUS51-P1
age: 8731968
etag: W/"878-18aa8981208"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: ZM2x9Gcl-BijWRVFkbgAp94B69gDTPs5nx_FmNZYJZLGCe1OeLSdWg==

GET
DATA 200
OK truncated
/ 204 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e88e7d1d0170fdb08fc22f8e0a4549f01477fc6654f4efb900c65eb9b4b88fe

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 178 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f51deb4b17f3929fc38473d43ed9b2a88d480864757574ff0e8f1ce327a5babe

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 ic-youtube-white.2f2376b.svg
www.foreks.com/_nuxt/img/ 1 KB
962 B 14ms
13ms Image
image/svg+xml 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/_nuxt/img/ic-youtube-white.2f2376b.svg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/css/7a1a132.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 2a4b16a34759fec47ef434fb04b4c177a682990e3fe33a4935b6202146662a71

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/_nuxt/css/7a1a132.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 13 Sep 2023 09:38:58 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Wed, 13 Sep 2023 09:30:32 GMT
x-amz-cf-pop: DUS51-P1
age: 10142402
etag: W/"536-18a8de0c2c0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 46y1_k7PqXEn3BS0sWQYRjn2NM7kBC6I1aIeVODqGgweVtPBj94wRw==

GET
H2 200 logo-brand.ffb3e00.svg
www.foreks.com/_nuxt/img/ 7 KB
4 KB 18ms
17ms Image
image/svg+xml 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/_nuxt/img/logo-brand.ffb3e00.svg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/css/7a1a132.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: e3c185d7172e2bbe4b5febef13973e745e0fa130113b993b150602b3bcdf9b32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/_nuxt/css/7a1a132.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 12:53:45 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Fri, 03 Nov 2023 08:36:39 GMT
x-amz-cf-pop: DUS51-P1
age: 5724315
etag: W/"1d91-18b9453c1d8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: PlyZkqhXLfL_2TRqoqF6dWkqQaS1UjaB841_ygYR4To7by4TcXgFhg==

GET
H2 200 icon-font.7265c8f.woff2
www.foreks.com/_nuxt/fonts/ 12 KB
12 KB 14ms
14ms Font
font/woff2 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.foreks.com/_nuxt/fonts/icon-font.7265c8f.woff2
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/css/fb8ace3.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 5d57d88f79fd5b685f1ba3bd66081456f0b90c1da546002d4e5a6d4517e11156

Request headers

Referer: https://www.foreks.com/_nuxt/css/fb8ace3.css
Origin: https://www.foreks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 13 Sep 2023 09:42:22 GMT
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Wed, 13 Sep 2023 09:30:32 GMT
x-amz-cf-pop: DUS51-P1
age: 10142198
etag: W/"3064-18a8de0c2c0"
x-cache: Hit from cloudfront
content-type: font/woff2
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 12388
x-amz-cf-id: LcdWgfPhvFVQCzZBFYhAEPaSSBiWc6TAO3ONIKKlEUL3a14gGKsAqw==

GET
H2 200 la-brands-400.3a8109c.woff2
www.foreks.com/_nuxt/fonts/ 83 KB
83 KB 15ms
15ms Font
font/woff2 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.foreks.com/_nuxt/fonts/la-brands-400.3a8109c.woff2
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/css/fb8ace3.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: ff70c9bc4650cf5e6b12d1feaa7af29ebf0681993fc0c5ffe3658cea0dbd5403

Request headers

Referer: https://www.foreks.com/_nuxt/css/fb8ace3.css
Origin: https://www.foreks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 13 Sep 2023 10:02:35 GMT
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Wed, 13 Sep 2023 09:30:32 GMT
x-amz-cf-pop: DUS51-P1
age: 10140985
etag: W/"14b24-18a8de0c2c0"
x-cache: Hit from cloudfront
content-type: font/woff2
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 84772
x-amz-cf-id: i7duVMj4JWzalwPxVbkx9fMROxwIem9-4ri7ninx2f2nBGQ8F8_NNA==

GET
H2 200 sourcesanspro-italic-webfont.1da1088.woff2
www.foreks.com/_nuxt/fonts/ 35 KB
35 KB 15ms
15ms Font
font/woff2 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.foreks.com/_nuxt/fonts/sourcesanspro-italic-webfont.1da1088.woff2
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/css/fb8ace3.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 68efbddaf18604b239c9507b60f9837b892697a3d698bcf2c131a2be8dd5fe6c

Request headers

Referer: https://www.foreks.com/_nuxt/css/fb8ace3.css
Origin: https://www.foreks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 13 Sep 2023 10:02:35 GMT
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Wed, 13 Sep 2023 09:30:32 GMT
x-amz-cf-pop: DUS51-P1
age: 10140985
etag: W/"8c44-18a8de0c2c0"
x-cache: Hit from cloudfront
content-type: font/woff2
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 35908
x-amz-cf-id: MZAYijnyoDsY4E0WVaxsqgeGym7vRu6fMMY_-r7skOpvQBYqe5ib5A==

GET
H2 200 sourcesanspro-semibolditalic-webfont.28d6182.woff2
www.foreks.com/_nuxt/fonts/ 35 KB
35 KB 14ms
14ms Font
font/woff2 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.foreks.com/_nuxt/fonts/sourcesanspro-semibolditalic-webfont.28d6182.woff2
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/css/fb8ace3.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 0a98542c5c77556365676280c173fee3e7cf786f90303ec7e74aeac0855c591b

Request headers

Referer: https://www.foreks.com/_nuxt/css/fb8ace3.css
Origin: https://www.foreks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 13 Sep 2023 09:42:22 GMT
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Wed, 13 Sep 2023 09:30:32 GMT
x-amz-cf-pop: DUS51-P1
age: 10142198
etag: W/"8be4-18a8de0c2c0"
x-cache: Hit from cloudfront
content-type: font/woff2
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 35812
x-amz-cf-id: cXLDG4uq-asNmwXMCxjNSKK0G5BKR7NzDagtHkAjewfV-S7hkibRgA==

GET
H2 200 cta-json Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 3 KB
3 KB 171ms
155ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fwww.foreks.com%2Fhaberler%2Fekonomik-takvim&pid=6100458&sv=cta-embed-js-static-1.246&rdy=1&df=t&pg=ecc136ef-40f2-4547-bee9-f39c75a1114d

Requested by

Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3e05684eb43771985206b71d928855901c5dc6b9eb9df92343d057b608ef3e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-origin-hublet: na1
date: Mon, 08 Jan 2024 18:59:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 69fdc977-d9fb-4a07-968c-ac7825568a1a
content-encoding: br
x-envoy-upstream-service-time: 42
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 69fdc977-d9fb-4a07-968c-ac7825568a1a
server: cloudflare
x-trace: 2BF093F39BE87BE8F6F38D9D7054045F0D4B1039A3000000000000000000
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.foreks.com
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-795b47fdff-4w87j
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mim1cqY8mwERSkiEDnOJkQiIq5IOFWRm0xIKccJhskY6FedVPU5KWPJeGW57ciKbjzkFgl48QLCO6NbPVqhkrGx6ogxGUaTrCmosCK%2FvCX8%2FqU%2F4bLap4dvfnS3LgZvGCVZbsN1ACoVGP%2Fl2WUhX5oYPpuJqctKbTfc%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 8426acd56e4392ad-FRA

GET
H2 200 1704731700454.webp
news-files.foreks.com/images/ 42 KB
43 KB 59ms
58ms Image
image/jpeg 18.154.63.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1704731700454.webp
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-73.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c8dad1e6405f440b7e00eebc5fd54d82829faebf668062bd520b676bffb07f63

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: rIAOzI.cPT0Vkh8.jSGdMqvtUM_HUN9x
date: Mon, 08 Jan 2024 18:59:01 GMT
via: 1.1 47c4e8338b148239463956ff49af0736.cloudfront.net (CloudFront)
last-modified: Mon, 08 Jan 2024 16:35:01 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
etag: "2e04a5912ec9e995a08a7f39a99578dd"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 43506
x-amz-cf-id: _-aGcYmpvfYjnhLxMQvHbQDC5tG-S1proPHp5M2BzmAl2iQHSF-5JQ==

GET
H2 200 1704726559882.webp
news-files.foreks.com/images/ 68 KB
68 KB 64ms
63ms Image
image/jpeg 18.154.63.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1704726559882.webp
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-73.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 799fd87b9973e7bb24fbd6ebb6417997a8b62888c65bcd3bd4d0fefe404dd1d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: f1UouyVQW5GJHCM8q6aGAn9I2GgOSxeu
date: Mon, 08 Jan 2024 18:59:01 GMT
via: 1.1 47c4e8338b148239463956ff49af0736.cloudfront.net (CloudFront)
last-modified: Mon, 08 Jan 2024 15:09:21 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
etag: "95a848c5542ce32db9205f66ca5ac241"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 69218
x-amz-cf-id: 420PEm45c4TVw1n6X_VvERLoZtb6RsWACDo2hhLQv-QEXffrxe69rQ==

GET
H2 200 1704716808164.webp
news-files.foreks.com/images/ 82 KB
82 KB 99ms
98ms Image
image/jpeg 18.154.63.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1704716808164.webp
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-73.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: eff2899ad60aaec641f4b9933186cf1f8c525f6481f6212223c23c9f610aa080

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
x-amz-version-id: dHCnJS3pN5uc9HHQxKwGWpifat0HmjvQ
via: 1.1 47c4e8338b148239463956ff49af0736.cloudfront.net (CloudFront)
last-modified: Mon, 08 Jan 2024 12:26:49 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
etag: "3538fb004ff3d2eafe03b36202c3ee80"
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 83980
x-amz-cf-id: 9oAf7dpdYIkOLqXLoklPMTbZlulC5V-YD3fP0kXpT70g4MDZknRioA==

GET
H2 200 1704715392222.webp
news-files.foreks.com/images/ 26 KB
27 KB 97ms
97ms Image
image/jpeg 18.154.63.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1704715392222.webp
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-73.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b7df0f8e8d115e37800cc570c3587c64a355d38a41c1cfb63c62e96ad3cf7250

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
x-amz-version-id: __2L21mNEUA_z.sq34h3RvSnJgsGEST6
via: 1.1 47c4e8338b148239463956ff49af0736.cloudfront.net (CloudFront)
last-modified: Mon, 08 Jan 2024 12:03:13 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
etag: "1cd85bd95f4f82e19493deae35c8f647"
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 27058
x-amz-cf-id: pA7Dy_rpvYEL_-a0C2Ny1jS_s2zQ7pn_sztWkmRBcE1_V6RuYIHdqg==

GET
H2 200 1704714667851.webp
news-files.foreks.com/images/ 105 KB
106 KB 71ms
70ms Image
image/jpeg 18.154.63.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1704714667851.webp
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-73.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 92206bbec062ce5905115e37e922529a28790a785e9b0f882a5f6fd87b9d41a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
x-amz-version-id: i2X8VqJlL4SK9L5BXN3EwjjPe65LC_lL
via: 1.1 47c4e8338b148239463956ff49af0736.cloudfront.net (CloudFront)
last-modified: Mon, 08 Jan 2024 11:51:09 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
etag: "5ca97c8b92b0cb8f358c2a54297a0a56"
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 107662
x-amz-cf-id: jC_J-lK9V1AkjlGTu3OBxxCA2kwS4TCFSi94e6ELVDKnNgyEdwbWxw==

GET
H2 200 1704710826977.webp
news-files.foreks.com/images/ 45 KB
45 KB 94ms
93ms Image
image/jpeg 18.154.63.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1704710826977.webp
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.154.63.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-154-63-73.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7b0d144f812d0dde96d2b56b904e0b4616e654dade04b85b10c4889ccc680ebf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
x-amz-version-id: lxZfkMZearxfBTLrkmU4AvyRuw1WA34b
via: 1.1 47c4e8338b148239463956ff49af0736.cloudfront.net (CloudFront)
last-modified: Mon, 08 Jan 2024 10:47:08 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P4
etag: "e7b5e21cb23d971527967f5b90170d22"
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 45758
x-amz-cf-id: odqif1Y5CtyqT9eZPuIh1wAyukWR2aObcOqJQeX6hYa_vPCILDDJ2Q==

GET
H2 200 youtube Show response
www.foreks.com/api/ 120 KB
19 KB 18ms
18ms XHR
application/json 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/youtube?channelId=UCBbRYu2nqeGGsRrKu5jh-Pw

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

a817d5e7c6a02da4018060272bbeec4287a6288bc76173450f0764dc8e1c215a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: W/"1e11e-duTDAOQfFefxRzwK/g7vHdPHwiM"
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json; charset=utf-8
vary: Origin, Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=174
access-control-allow-credentials: true
x-ratelimit-reset: 1704740028
x-ratelimit-limit: 500
x-amz-cf-id: IwD8AHJPiwfm5cQHe5G475TPnOukdktUw8wcuYjAjr76zVj8mhzLCg==

GET
H2 200 youtube Show response
www.foreks.com/api/ 120 KB
19 KB 22ms
22ms XHR
application/json 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/youtube?channelId=UCBbRYu2nqeGGsRrKu5jh-Pw

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

a817d5e7c6a02da4018060272bbeec4287a6288bc76173450f0764dc8e1c215a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: W/"1e11e-duTDAOQfFefxRzwK/g7vHdPHwiM"
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json; charset=utf-8
vary: Origin, Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=174
access-control-allow-credentials: true
x-ratelimit-reset: 1704740028
x-ratelimit-limit: 500
x-amz-cf-id: 5R0rWMVp6uNuTt0pBUotm_i3wTUNIzFVNkrfpAsNbm9eWm76wFjXIw==

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.20/ 60 KB
25 KB 15ms
15ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.20/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/end5q83kh4?ref=gtm2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: cbcfb303a1e7d1f9da8965565b535f4122f2de2f1f3ed9f61f3f9e2dad3dcf9d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
content-encoding: br
last-modified: Wed, 03 Jan 2024 15:51:12 GMT
etag: W/"0x8DC0C73CFCC02AC"
vary: Accept-Encoding
x-azure-ref: 20240108T185900Z-ccymea2rkp7yhdavv5heupct8w00000000sg000000004k1e
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 8a35a586-e01e-0013-28fb-410ad7000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28

GET
H2 200 ads.js Show response
static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ 120 B
338 B 53ms
53ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL

https://static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ads.js

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19730

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),

Reverse DNS

Software

openresty/1.15.8.3 /

Resource Hash

d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
strict-transport-security: max-age=63072000
last-modified: Wed, 21 Dec 2022 18:47:42 GMT
server: openresty/1.15.8.3
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000
accept-ranges: bytes
content-length: 120

GET
H2 200 str.html Show response
static.virgul.com/theme/mockups/outside/ Frame 4072 891 B
1 KB 53ms
53ms Document
text/html 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL

https://static.virgul.com/theme/mockups/outside/str.html?v=2

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19730

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),

Reverse DNS

Software

openresty/1.15.8.3 /

Resource Hash

2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://www.foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=5184000
content-length: 891
content-type: text/html
date: Mon, 08 Jan 2024 18:59:00 GMT
last-modified: Wed, 28 Sep 2022 10:07:57 GMT
server: openresty/1.15.8.3
strict-transport-security: max-age=63072000

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 146 KB
51 KB 76ms
56ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19730

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c2fa9911d1958ae7e8a37d87371d241be79f176fdc5fc3210930b96b10d1c94b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.foreks.com/
Origin: https://www.foreks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51291
x-xss-protection: 0
server: cafe
etag: 4747723656614877476
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:00 GMT

GET
H2 200 prebid8.23.0.js Show response
static.virgul.com/theme/mockups/outside/ 543 KB
204 KB 59ms
59ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL

https://static.virgul.com/theme/mockups/outside/prebid8.23.0.js

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19730

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),

Reverse DNS

Software

openresty/1.15.8.3 /

Resource Hash

643dd75cf9812c16397f2d14bd471c6265b4b2edf68b1a4297ca7daaf0f97dc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
content-encoding: gzip
strict-transport-security: max-age=63072000
last-modified: Thu, 16 Nov 2023 07:43:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 282 KB
70 KB 44ms
15ms Script
application/javascript 18.173.232.200
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19730
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.232.200 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-232-200.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4d3c300c1cd89393c7f945c06656981e3ac1c034f59996affcd1062a3092f40c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:04:03 GMT
content-encoding: gzip
via: 1.1 00746b020527dcdbeca0dab6f6de299a.cloudfront.net (CloudFront), 1.1 818fd5af033e15165f0e7cde0c631ba6.cloudfront.net (CloudFront)
last-modified: Tue, 12 Dec 2023 22:20:09 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, DUS51-P3
age: 3298
x-amz-server-side-encryption: AES256
etag: W/"d6937d02acbbf691a008906e9d0617e0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: lv9DwmS2M38l9nE76wBZsmIJJMWjlIDqZZlk0BpNBqY30DNZMgVe1A==

GET
H2 200 pageview Show response
ng.virgul.com/ 16 KB
4 KB 210ms
102ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/pageview?c=site_geneli&mt=1704740340252&v=https%3A%2F%2Fwww.foreks.com%2F&r=foreks:site_geneli&userId=&tp=&os=&call=noktaad.ads.vvad&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc0,hf1,vv1&info=&ref=&rdmt=0.10603175705356715
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19730
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 74c228298bc973bb338c87fa5aa68ccd914dba883b1d05327ec8820231a70b46

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://www.foreks.com
content-type: application/javascript
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT

GET
H2 200 foreks.js Show response
static.virgul.com/theme/mockups/fallback/ 15 KB
5 KB 53ms
53ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL

https://static.virgul.com/theme/mockups/fallback/foreks.js?dts=19730

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19730

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),

Reverse DNS

Software

openresty/1.15.8.3 /

Resource Hash

3b9e6c123a29565dda481f36bef0219ff2103640c858e4ddda1a50c31b23ffb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
content-encoding: gzip
strict-transport-security: max-age=63072000
last-modified: Mon, 08 Jan 2024 18:28:27 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/Mxmd8wBdkJc/ 26 KB
27 KB 28ms
8ms Image
image/jpeg 2a00:1450:4001:80f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/Mxmd8wBdkJc/hqdefault.jpg

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a36207c1b389e4884bfbac41fd10b62c4b2975f68b84151453179a5d1a13549

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:11:35 GMT
x-content-type-options: nosniff
age: 2845
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26832
x-xss-protection: 0
server: sffe
etag: "1703258357"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Mon, 08 Jan 2024 20:11:35 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/DackrWdYQjc/ 27 KB
27 KB 34ms
14ms Image
image/jpeg 2a00:1450:4001:80f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/DackrWdYQjc/hqdefault.jpg

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db2458d872da75659225b712eb5fe08a468c3d08c3e75732728296b5350039c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:06:28 GMT
x-content-type-options: nosniff
age: 6752
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27969
x-xss-protection: 0
server: sffe
etag: "1702627750"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Mon, 08 Jan 2024 19:06:28 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/OHFoEQJTBqM/ 24 KB
24 KB 41ms
21ms Image
image/jpeg 2a00:1450:4001:80f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/OHFoEQJTBqM/hqdefault.jpg

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

73ab5c76f545a93a484e94f983735c938d22eeadbb6ebee699278acb9d7b2917

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:11:35 GMT
x-content-type-options: nosniff
age: 2845
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24966
x-xss-protection: 0
server: sffe
etag: "1702391002"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Mon, 08 Jan 2024 20:11:35 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/NoOj25DG1eM/ 28 KB
28 KB 34ms
17ms Image
image/jpeg 2a00:1450:4001:80f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/NoOj25DG1eM/hqdefault.jpg

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2fe31f5a5ce7f15aaa8dde47882b84c2ac4888b2b4960e42deffc82fdcafe88e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:59:36 GMT
x-content-type-options: nosniff
age: 3564
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28309
x-xss-protection: 0
server: sffe
etag: "1704183352"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Mon, 08 Jan 2024 19:59:36 GMT

GET
H2 200 cta-loaded.js Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 0
515 B 142ms
141ms Script
application/javascript 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-loaded.js?pid=6100458&pg=ecc136ef-40f2-4547-bee9-f39c75a1114d&lt=1704740339702&dt=1704740339703&at=1704740340272

Requested by

Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-origin-hublet: na1
date: Mon, 08 Jan 2024 18:59:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c6476ec2-4729-4015-9deb-edace526b1a0
x-envoy-upstream-service-time: 24
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c6476ec2-4729-4015-9deb-edace526b1a0
last-modified: Mon, 08 Jan 2024 18:59:00 GMT
server: cloudflare
x-trace: 2B3FD6E618986D89F37E3F4DA5EA858EE6719CC0CA000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1JtV8iuTiZZbNr2Kd1TlfwvHGFXKH4CaK9KhlrWBNi9VTewTNKQCQpN2ywI1K3Tkd8PAQBqH7Pfcnn1KP9llcWfCcnc%2Ft2L%2BrTLArvGP4gbI13f1JfwJF2SsZbn8mMOFHw%2FRbUI3QRx7wIL3lQjrXbdB%2BGBOc12Iln0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-795b47fdff-md75r
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-robots-tag: noindex, follow
cf-ray: 8426acd6bf3592ad-FRA

GET
H/1.1 200
OK counters.gif
perf.hsforms.com/embed/v3/ 35 B
1 KB 144ms
119ms Image
image/gif 2606:4700::6811:cff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:cff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 08 Jan 2024 18:59:00 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 37b49ea7-a919-41d4-a270-4972cb914b7d
x-envoy-upstream-service-time: 1
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 37b49ea7-a919-41d4-a270-4972cb914b7d
Last-Modified: Mon, 08 Jan 2024 18:59:00 GMT
Server: cloudflare
X-Trace: 2B9E3B13E776EF3C9DEF3F9A912CFA401E6747719A000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-795b47fdff-bhrjw
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 8426acd6dbed9c00-FRA

GET
H/1.1 200
OK counters.gif
perf.hsforms.com/embed/v3/ 35 B
1 KB 331ms
306ms Image
image/gif 2606:4700::6811:cff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:cff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 08 Jan 2024 18:59:00 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 06a544a4-6b94-4ed6-a399-313a4492319b
x-envoy-upstream-service-time: 1
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 06a544a4-6b94-4ed6-a399-313a4492319b
Last-Modified: Mon, 08 Jan 2024 18:59:00 GMT
Server: cloudflare
X-Trace: 2B804EA5778E3215741E8FA0045A6894F5FE3E558A000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-795b47fdff-b9wb8
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 8426acd6d8eb4d58-FRA

GET
DATA 200
OK truncated
/ 681 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5feb736923115c10a6ce2636540d6950f32509e1f3554226ac004b73a8382675

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 TR@3x.png
www.foreks.com/img/flags/ 3 KB
4 KB 21ms
21ms Image
image/png 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/flags/TR@3x.png
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 5812d2557010d144492cc7ac39b6a8196983793dc1dc16ca6e9df8d0f4e57a39

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"d7b-18ca4cfb930"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 3451
x-amz-cf-id: zVoPbAAx3HcKeAHmSdpWvGnUWE7IkqgsXXCDbi31UjRD1sKGQ4eK4A==

GET
DATA 200
OK truncated
/ 615 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d2ea3d6894c8f52d233d9601335945dd49782562a187a4627cf224c4915d8806

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 656 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d46df17d4e3239b6eaf05d2e349fc1bcc81d004d35f3e1fb8c12308aa2d439b5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 intraday Show response
www.foreks.com/api/historical/ 10 KB
4 KB 19ms
18ms XHR
application/json 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/historical/intraday?code=XU100.I.BIST&period=15&last=100

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

b920c9788dc4c50a7875139e02ead52f2de250017bd7d1ec5211c8cf4a292592

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=9
access-control-allow-credentials: true
x-ratelimit-reset: 1704740388
x-ratelimit-limit: 500
x-amz-cf-id: hpF8H4WE0y-hUdRQbxx2lNLv2dr2EsbtXZGKVdy67OJkSAZKJ7aatA==

GET
H2 200 intraday Show response
www.foreks.com/api/historical/ 7 KB
2 KB 20ms
19ms XHR
application/json 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/historical/intraday?code=USD/TRL&period=15&last=100

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

f6e66da412973873d72fc1552cbe03faff46d043097510b7cf0c09d8b90958a7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=9
access-control-allow-credentials: true
x-ratelimit-reset: 1704740388
x-ratelimit-limit: 500
x-amz-cf-id: nibFOOj4anqMzFh2fh2QaX8z1sjG8oK-1dD-oHlyMU8Hgnp_OOCglg==

GET
H2 200 intraday Show response
www.foreks.com/api/historical/ 7 KB
2 KB 20ms
20ms XHR
application/json 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/historical/intraday?code=EUR/TRL&period=15&last=100

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

17250316be2a573fff6e7aee64e0179f34698d65fab66012f1891b097bb8c543

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=9
access-control-allow-credentials: true
x-ratelimit-reset: 1704740388
x-ratelimit-limit: 500
x-amz-cf-id: TH-UbqaalM4PDODUymUIt0vRBADOhrXU-zR0uXeFWSedv99JIZ8EZA==

GET
H2 200 intraday Show response
www.foreks.com/api/historical/ 7 KB
2 KB 21ms
21ms XHR
application/json 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/historical/intraday?code=SGLD&period=15&last=100

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

922e0b86f21ad638a8155f6dbd9dc80c7ed472cfe3a012f1966f48b3cf8b5639

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 498
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=9
access-control-allow-credentials: true
x-ratelimit-reset: 1704740388
x-ratelimit-limit: 500
x-amz-cf-id: 0LszmJ7a4Bs5R-_5jYmFebO07Z7LOf5Oe3ZuQXsP60SZmwWgSCpcjg==

GET
H2 200 intraday Show response
www.foreks.com/api/historical/ 7 KB
3 KB 22ms
22ms XHR
application/json 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/historical/intraday?code=BTCUSD:BNN&period=15&last=100

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

4fd582aea874113cb657ca39e45b8adacf045ca1b05c9f262ea6a195cfa2c057

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=9
access-control-allow-credentials: true
x-ratelimit-reset: 1704740388
x-ratelimit-limit: 500
x-amz-cf-id: c79HDf5NpwgTIm0aESRxeaCBwqCJg6dzHEykUZm8x4eAgyv_su6Vkw==

GET
H2 200 intraday Show response
www.foreks.com/api/historical/ 5 KB
2 KB 22ms
22ms XHR
application/json 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.foreks.com/api/historical/intraday?code=TAHVIL&period=15&last=100

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-121.dus51.r.cloudfront.net

Software

Resource Hash

e992cb223edb9e7c0053725fc2382be6c7199fa499dad0571a8e60248c48c595

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 498
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=9
access-control-allow-credentials: true
x-ratelimit-reset: 1704740388
x-ratelimit-limit: 500
x-amz-cf-id: YuMF_sAbSnR_M3q3DQNXmnhPlqsbSqtrMk15s2cDgtehQXSXucHfyg==

GET
H2 200 hb Show response
ng.virgul.com/ 26 KB
3 KB 112ms
102ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/hb?call=noktaad.setHbParameters&site=foreks&dts=473538
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19730
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 4ab2e39e5e25d65c2d1f9c076b2168aec697d983cb68da374b2d23216e735d2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:00 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://www.foreks.com
content-type: application/javascript
cache-control: max-age=3600
access-control-allow-credentials: true

GET
DATA 200
OK truncated
/ 180 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a32a2f8e63f3c2d90d9653f6f762f980b13b90e3a32777b2228930045a951213

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 180 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 825f99a399ad27c48025d7dc29e1f7e79f0da08282dccece11495a299a19eb78

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
6ms Image
image/gif 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=845787954&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.foreks.com%2F&ul=en-us&de=UTF-8&dt=Piyasalar%2C%20Canl%C4%B1%20Borsa%2C%20D%C3%B6viz%2C%20Alt%C4%B1n%20Fiyatlar%C4%B1%20-%20Foreks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Clarity&ea=1622m5x&_u=aDDAAUABAAAAACAAI~&jid=&gjid=&cid=29850689.1704740339&tid=UA-82686003-1&_gid=1064847478.1704740340&gtm=457e4130&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cd1=https%3A%2F%2Fclarity.microsoft.com%2Fga%2Fend5q83kh4%2F961asp%2F1622m5x&z=301347886

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 07 Jan 2024 22:07:25 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 75096
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 29ms
10ms XHR
application/javascript 18.173.232.200
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.232.200 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-232-200.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: 9yABOonr2HqHtwbarUcdbIqN0f4A8Qog
content-encoding: gzip
via: 1.1 a7922bb75420f6c3485eed5adcb99ce2.cloudfront.net (CloudFront)
date: Mon, 08 Jan 2024 06:05:14 GMT
x-amz-cf-pop: DUS51-P3
age: 46428
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 29 Aug 2023 08:30:37 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: RxCbczkBtzvHW8nAUKY2BRVmW2kXksBUY4MhxcT4AjJ-sQzCIQgUIA==

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/ 403 KB
136 KB 90ms
76ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=www.foreks.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2d3c04bef92289f2765dfe9196e8da1f330c1aeed8a73ea6a46a9ae03bcaa64c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 139432
x-xss-protection: 0
server: cafe
etag: 9544720383061465453
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:01 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240103/r20190131/ Frame 491D 9 KB
4 KB 27ms
6ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240103/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 11733
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 15:43:28 GMT
etag: 9219409622527106327
expires: Mon, 22 Jan 2024 15:43:28 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 e0a76a78-9ad1-46f2-a337-886c2e24ac91 Show response
config.aps.amazon-adsystem.com/configs/ 564 B
838 B 47ms
14ms Script
application/javascript 18.165.183.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://config.aps.amazon-adsystem.com/configs/e0a76a78-9ad1-46f2-a337-886c2e24ac91
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.165.183.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-165-183-3.zrh55.r.cloudfront.net
Software: CloudFront /
Resource Hash: 7f6b21cd7ee672e0e0bca400f200999960bac58960a4139f44f956e73532a7c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:22:23 GMT
via: 1.1 2aefdd231d9806ea2eced3399f411f80.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: ZRH55-P1
age: 2198
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
content-length: 564
x-amz-cf-id: gSooRSX8Ya7qp1H2gmWhsihzGNOUIgrt4cp02688_gxC8bBK1zoBJA==

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 488 B
844 B 10ms
10ms XHR
application/json 18.173.232.200
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.foreks.com&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.232.200 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-232-200.dus51.r.cloudfront.net
Software: Server /
Resource Hash: 844b87b27dc65dd4bfd6b4a840673478ecdb0512337f6b30f7af691c339908af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:34:51 GMT
via: 1.1 818fd5af033e15165f0e7cde0c631ba6.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: DUS51-P3
age: 5049
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.foreks.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 488
x-amz-cf-id: FT3WlrW5deQo7J_OYrAuEesByrCYXpW3i637PbkbKl5Dh6oBa5Nbgg==

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 91 KB
29 KB 72ms
72ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8bb6da2cc697565a46ee2e8fd1a17ab824af2ba65b4957bbb7384a3cb4fe49b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29350
x-xss-protection: 0
server: cafe
etag: 71 / 19730 / m202401020101 / config-hash: 15758720963897963662
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:01 GMT

GET
H2 200 foreks.js Show response
static.virgul.com/theme/mockups/sites/ 3 KB
1 KB 52ms
52ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL

https://static.virgul.com/theme/mockups/sites/foreks.js?dts=473538

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19730

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),

Reverse DNS

Software

openresty/1.15.8.3 /

Resource Hash

b6202d74eea96342e886a6277475ba00bfff60ef5e53a84a5fb9662b5830bb63

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: gzip
strict-transport-security: max-age=63072000
last-modified: Tue, 26 Dec 2023 09:21:11 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 pandg-sdk.js Show response
pghub.io/js/ 17 KB
5 KB 40ms
7ms Script
application/javascript 35.241.45.217
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://pghub.io/js/pandg-sdk.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19730
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.217 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 217.45.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:38:05 GMT
content-encoding: gzip
age: 1256
x-guploader-uploadid: ABPtcPqfU-aoSEdbscleiG1tBjomaRLaB-fknVyfwSEP8xD_0M6EsGdQvn7G6FmWyRMKOArjJUhlMq9CSg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5009
last-modified: Mon, 05 Jun 2023 16:36:50 GMT
server: UploadServer
etag: "47a886353056caf33a998c6041e20896"
vary: Accept-Encoding
x-goog-generation: 1685983010517890
x-goog-hash: crc32c=aHj4lg==, md5=R6iGNTBWyvM6mYxgQeIIlg==
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public,max-age=3600
x-goog-stored-content-length: 5009
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 zoneview
ng.virgul.com/ 0
213 B 53ms
53ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1704740341383&v=https%3A%2F%2Fwww.foreks.com%2F&r=158529@158735@158735@158735@158735@158735@158735@158735@158528@158733@158820:foreks&userId=vnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1&info=&ref=&rdmt=0.12331138936265917
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: https://www.foreks.com
date: Mon, 08 Jan 2024 18:59:01 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 42 KB
13 KB 51ms
24ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

9bec4810857c8523bd1c6966212260eabb19826bb94394bb19856f7dd92b1c32

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 04 Jan 2024 12:38:38 GMT
server: nginx
etag: W/"6596a6ce-a9b8"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 09 Jan 2024 18:59:01 GMT

GET
H2 200 ob.js Show response
cdn-ima.33across.com/ 11 KB
5 KB 41ms
18ms Script
application/javascript 104.18.35.167
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-ima.33across.com/ob.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.35.167 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c707d5798e40035ef5aa307db04e295703514d654b1e65fa62b04492c687c255

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 20 Dec 2023 19:21:40 GMT
server: cloudflare
age: 428017
etag: W/"65833ec4-2d18"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 8426acddea849a00-FRA
expires: Thu, 11 Jan 2024 18:59:01 GMT

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 40ms
7ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 19:42:46 GMT
content-encoding: gzip
age: 256575
x-guploader-uploadid: ABPtcPoloqixCCgTXomADCSOsA3BvcXFUxsBHUY7D-XO-cwUIkLuV-5nhidCq6Qut0LCqSjbEWf0KZgVTA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Sat, 04 Jan 2025 19:42:46 GMT

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 39 KB
12 KB 53ms
11ms Script
text/javascript 18.66.248.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-90.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 05:37:14 GMT
content-encoding: gzip
via: 1.1 1f16598f51b4c33e5f56e49ea72a6154.cloudfront.net (CloudFront)
last-modified: Wed, 06 Sep 2023 15:56:57 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P1
age: 48109
x-amz-server-side-encryption: AES256
etag: W/"e073e71ed7a44e6f9cdd72904fda5940"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=86400
x-amz-cf-id: rchi21SjSRlJo_dLyc1D34vwsX_vQL-gatLCugrUgOiufzvmC85L7w==

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 1 KB
1 KB 89ms
26ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
via: 1.1 google, 1.1 google
last-modified: Thu, 03 Aug 2023 03:28:51 GMT
server: Google Frontend
etag: fc4e6bfe266081c4873c6f08c8298e5c
content-type: text/javascript; charset=utf-8
x-cloud-trace-context: 4d714e2e67935138f3680c037ef9efb3
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1207

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
1 KB 34ms
18ms Script
application/javascript 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 19549
x-jsd-version: master
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230031-FRA
x-jsd-version-type: branch
server: cloudflare
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cBEVsmdmY7%2BworXCTbBZNk49F7YSmfUYP6fm691UGaEqmOPT4JnAFBOBIdlo%2FUwWjpZx4oEmuZOuT7qhQLfPRO6ZRm5P%2BOAAC2JUcBbOCoWiuO37DBOsFvUoplEoBhIzzgUVkeLN5Ep2wGEuOg0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 8426acdde8499034-FRA

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 114 KB
28 KB 44ms
18ms Script
text/javascript 2606:4700:10::6816:3456
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3456 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7bf4f406f5a9bf165c21dfebea2257eab80882e23e887a24756956daac44373

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 08 Jan 2024 11:20:59 GMT
server: cloudflare
x-amz-request-id: HKP1V3SEAMEW355Z
age: 834
etag: W/"3732dd6fc229ed015d7d7eddf157953f"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 8426acddf9489229-FRA
x-amz-id-2: G/bbfXEgLZnSs/sThnnByTsGsbfxzKHt0EjGUCAG7rMgLeFzyHacmBYQlPcqHkQcZoULOO+weEM=

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 26 KB
11 KB 344ms
344ms Fetch
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1599564253928301&correlator=1476493510006349&eid=31080284%2C31080294%2C31080295%2C31080297&output=ldjh&gdfp_req=1&vrg=202401020101&ptt=17&impl=fif&iu_parts=21728129623%3A158935454%2Cweb_foreks_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60%7C680x90%7C728x50%7C320x50%7C300x50&fluid=height&ifi=2&didk=3047743917&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1704740341409&lmt=1704740341&adxs=276&adys=980&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.foreks.com%2F&vis=1&psz=964x0&msz=964x0&fws=128&ohw=0&ga_vid=29850689.1704740339&ga_sid=1704740341&ga_hid=845787954&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQYnY3F084xSABSAghkEhsKDDMzYWNyb3NzLmNvbRidjcXTzjFIAFICCGQSGQoKcHViY2lkLm9yZxidjcXTzjFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20YnY3F084xSABSAghkEhQKBW9wZW54GJ2NxdPOMUgAUgIIZBIXCghydGJob3VzZRidjcXTzjFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGJ2NxdPOMUgAUgIIZA..&dlt=1704740339138&idt=427&ppid=vnet7f0de5d86afb47fbaee9b70ad1fe45eb&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dforeks%26mt%3D1704740340252%26pager%3D1%2540site_geneli%2540foreks%253Asite_geneli%26policy%3D0%26host%3Dwww.foreks.com%26url%3Dhttps%253A%2520%2520www.foreks.com%2520%26targetCtr%3D0%26pid%3Dvnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0&adks=3820039281&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

820ded4f7abf3187c3521ad72cf991bd3c3a373ca118e49c9c0f6aa35228aa22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11624
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.foreks.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 26 KB
11 KB 261ms
260ms Fetch
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1599564253928301&correlator=1257501486020195&eid=31080284%2C31080294%2C31080295%2C31080297&output=ldjh&gdfp_req=1&vrg=202401020101&ptt=17&impl=fif&iu_parts=21728129623%3A158935454%2Cweb_foreks_alt_300x250&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C160x160%7C300x100%7C300x50&fluid=height&ifi=3&didk=1985298808&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1704740341417&lmt=1704740341&adxs=1142&adys=3322&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.foreks.com%2F&vis=1&psz=300x0&msz=300x0&fws=128&ohw=0&ga_vid=29850689.1704740339&ga_sid=1704740341&ga_hid=845787954&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQYnY3F084xSABSAghkEhsKDDMzYWNyb3NzLmNvbRidjcXTzjFIAFICCGQSGQoKcHViY2lkLm9yZxidjcXTzjFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20YnY3F084xSABSAghkEhQKBW9wZW54GJ2NxdPOMUgAUgIIZBIXCghydGJob3VzZRidjcXTzjFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGJ2NxdPOMUgAUgIIZA..&dlt=1704740339138&idt=427&ppid=vnet7f0de5d86afb47fbaee9b70ad1fe45eb&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dforeks%26mt%3D1704740340252%26pager%3D1%2540site_geneli%2540foreks%253Asite_geneli%26policy%3D0%26host%3Dwww.foreks.com%26url%3Dhttps%253A%2520%2520www.foreks.com%2520%26targetCtr%3D0%26pid%3Dvnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0&adks=2654342334&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

96c9511b7c64f93785177226f8b96bf4eab8fee1f4341f00c9fb82d436a8a56f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11623
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.foreks.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 87 KB
39 KB 434ms
433ms Fetch
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1599564253928301&correlator=3888527447419365&eid=31080284%2C31080294%2C31080295%2C31080297&output=ldjh&gdfp_req=1&vrg=202401020101&ptt=17&impl=fif&iu_parts=21728129623%3A158935454%2Cweb_foreks_sidebar_300x250&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C160x160%7C300x100%7C300x50&fluid=height&ifi=4&didk=1043972858&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1704740341420&lmt=1704740341&adxs=1142&adys=697&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.foreks.com%2F&vis=1&psz=300x0&msz=300x0&fws=128&ohw=0&ga_vid=29850689.1704740339&ga_sid=1704740341&ga_hid=845787954&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQYnY3F084xSABSAghkEhsKDDMzYWNyb3NzLmNvbRidjcXTzjFIAFICCGQSGQoKcHViY2lkLm9yZxidjcXTzjFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20YnY3F084xSABSAghkEhQKBW9wZW54GJ2NxdPOMUgAUgIIZBIXCghydGJob3VzZRidjcXTzjFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGJ2NxdPOMUgAUgIIZA..&dlt=1704740339138&idt=427&ppid=vnet7f0de5d86afb47fbaee9b70ad1fe45eb&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dforeks%26mt%3D1704740340252%26pager%3D1%2540site_geneli%2540foreks%253Asite_geneli%26policy%3D0%26host%3Dwww.foreks.com%26url%3Dhttps%253A%2520%2520www.foreks.com%2520%26targetCtr%3D0%26pid%3Dvnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0&adks=2254628106&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2d152c6b1bfe9bec6d66a8d2515c393d0bb4c058e48f94f0fb1a006bd5036e2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40145
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.foreks.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 26 KB
11 KB 359ms
358ms Fetch
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1599564253928301&correlator=4451246340480456&eid=31080284%2C31080294%2C31080295%2C31080297&output=ldjh&gdfp_req=1&vrg=202401020101&ptt=17&impl=fif&iu_parts=21728129623%3A158935454%2Cweb_foreks_sidebar_300x250_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C160x160%7C300x100%7C300x50&fluid=height&ifi=5&didk=1252517706&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1704740341423&lmt=1704740341&adxs=1142&adys=2133&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.foreks.com%2F&vis=1&psz=300x0&msz=300x0&fws=128&ohw=0&ga_vid=29850689.1704740339&ga_sid=1704740341&ga_hid=845787954&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQYnY3F084xSABSAghkEhsKDDMzYWNyb3NzLmNvbRidjcXTzjFIAFICCGQSGQoKcHViY2lkLm9yZxidjcXTzjFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20YnY3F084xSABSAghkEhQKBW9wZW54GJ2NxdPOMUgAUgIIZBIXCghydGJob3VzZRidjcXTzjFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGJ2NxdPOMUgAUgIIZA..&dlt=1704740339138&idt=427&ppid=vnet7f0de5d86afb47fbaee9b70ad1fe45eb&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dforeks%26mt%3D1704740340252%26pager%3D1%2540site_geneli%2540foreks%253Asite_geneli%26policy%3D0%26host%3Dwww.foreks.com%26url%3Dhttps%253A%2520%2520www.foreks.com%2520%26targetCtr%3D0%26pid%3Dvnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0&adks=246007431&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83a96cb88b706963fc1f4f8f42800145a00434eacd48be9b7cb55a321552d5f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11607
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.foreks.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 87 KB
39 KB 449ms
448ms Fetch
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1599564253928301&correlator=54511798509476&eid=31080284%2C31080294%2C31080295%2C31080297&output=ldjh&gdfp_req=1&vrg=202401020101&ptt=17&impl=fif&iu_parts=21728129623%3A158935454%2Cweb_foreks_masthead&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C970x250%7C970x90%7C728x90%7C300x250%7C468x60%7C250x250%7C200x200%7C160x160&fluid=height&ifi=6&didk=4231602529&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1704740341425&lmt=1704740341&adxs=315&adys=273&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.foreks.com%2F&vis=1&psz=970x0&msz=1600x0&fws=128&ohw=0&ga_vid=29850689.1704740339&ga_sid=1704740341&ga_hid=845787954&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQYnY3F084xSABSAghkEhsKDDMzYWNyb3NzLmNvbRidjcXTzjFIAFICCGQSGQoKcHViY2lkLm9yZxidjcXTzjFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20YnY3F084xSABSAghkEhQKBW9wZW54GJ2NxdPOMUgAUgIIZBIXCghydGJob3VzZRidjcXTzjFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGJ2NxdPOMUgAUgIIZA..&dlt=1704740339138&idt=427&ppid=vnet7f0de5d86afb47fbaee9b70ad1fe45eb&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dforeks%26mt%3D1704740340252%26pager%3D1%2540site_geneli%2540foreks%253Asite_geneli%26policy%3D0%26host%3Dwww.foreks.com%26url%3Dhttps%253A%2520%2520www.foreks.com%2520%26targetCtr%3D0%26pid%3Dvnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0&adks=1593130247&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1c4de14d6484e6f48bdfb5afdd0446fa234daef464dddd798ed9f958c45a536c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40191
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.foreks.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 26 KB
11 KB 295ms
294ms Fetch
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1599564253928301&correlator=2177156784053073&eid=31080284%2C31080294%2C31080295%2C31080297&output=ldjh&gdfp_req=1&vrg=202401020101&ptt=17&impl=fif&iu_parts=21728129623%3A158935454%2Cweb_foreks_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60%7C680x90%7C728x50%7C320x50%7C300x50&fluid=height&ifi=7&didk=388927376&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1704740341427&lmt=1704740341&adxs=276&adys=2268&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=3&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.foreks.com%2F&vis=1&psz=924x0&msz=964x0&fws=128&ohw=0&ga_vid=29850689.1704740339&ga_sid=1704740341&ga_hid=845787954&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQYnY3F084xSABSAghkEhsKDDMzYWNyb3NzLmNvbRidjcXTzjFIAFICCGQSGQoKcHViY2lkLm9yZxidjcXTzjFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20YnY3F084xSABSAghkEhQKBW9wZW54GJ2NxdPOMUgAUgIIZBIXCghydGJob3VzZRidjcXTzjFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGJ2NxdPOMUgAUgIIZA..&dlt=1704740339138&idt=427&ppid=vnet7f0de5d86afb47fbaee9b70ad1fe45eb&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dforeks%26mt%3D1704740340252%26pager%3D1%2540site_geneli%2540foreks%253Asite_geneli%26policy%3D0%26host%3Dwww.foreks.com%26url%3Dhttps%253A%2520%2520www.foreks.com%2520%26targetCtr%3D0%26pid%3Dvnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0&adks=4217441780&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4c618aa1d91338d2fe74bc5c68684a3051965c1eb80d8629701ff24ad7f55193

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11507
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.foreks.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 29 KB
12 KB 227ms
226ms Fetch
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1599564253928301&correlator=127792724533816&eid=31080284%2C31080294%2C31080295%2C31080297&output=ldjh&gdfp_req=1&vrg=202401020101&ptt=17&impl=fif&iu_parts=21728129623%3A158935454%2Cweb_foreks_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60%7C680x90%7C728x50%7C320x50%7C300x50&fluid=height&ifi=8&didk=388927379&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1704740341430&lmt=1704740341&adxs=276&adys=3346&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=4&ucis=7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.foreks.com%2F&vis=1&psz=924x0&msz=964x0&fws=128&ohw=0&ga_vid=29850689.1704740339&ga_sid=1704740341&ga_hid=845787954&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQYnY3F084xSABSAghkEhsKDDMzYWNyb3NzLmNvbRidjcXTzjFIAFICCGQSGQoKcHViY2lkLm9yZxidjcXTzjFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20YnY3F084xSABSAghkEhQKBW9wZW54GJ2NxdPOMUgAUgIIZBIXCghydGJob3VzZRidjcXTzjFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGJ2NxdPOMUgAUgIIZA..&dlt=1704740339138&idt=427&ppid=vnet7f0de5d86afb47fbaee9b70ad1fe45eb&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dforeks%26mt%3D1704740340252%26pager%3D1%2540site_geneli%2540foreks%253Asite_geneli%26policy%3D0%26host%3Dwww.foreks.com%26url%3Dhttps%253A%2520%2520www.foreks.com%2520%26targetCtr%3D0%26pid%3Dvnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0&adks=1598237200&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8b9c6129678c3e94167ee40ed02f6bd3395345f0184005d33bc66780280df84e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12746
x-xss-protection: 0
google-lineitem-id: 6241543851
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138425927431
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.foreks.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 29 KB
12 KB 228ms
227ms Fetch
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1599564253928301&correlator=2269495610604105&eid=31080284%2C31080294%2C31080295%2C31080297&output=ldjh&gdfp_req=1&vrg=202401020101&ptt=17&impl=fif&iu_parts=21728129623%3A158935454%2Cweb_foreks_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60%7C680x90%7C728x50%7C320x50%7C300x50&fluid=height&ifi=9&didk=388927378&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1704740341434&lmt=1704740341&adxs=276&adys=3837&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=5&ucis=8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.foreks.com%2F&vis=1&psz=924x0&msz=964x0&fws=128&ohw=0&ga_vid=29850689.1704740339&ga_sid=1704740341&ga_hid=845787954&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQYnY3F084xSABSAghkEhsKDDMzYWNyb3NzLmNvbRidjcXTzjFIAFICCGQSGQoKcHViY2lkLm9yZxidjcXTzjFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20YnY3F084xSABSAghkEhQKBW9wZW54GJ2NxdPOMUgAUgIIZBIXCghydGJob3VzZRidjcXTzjFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGJ2NxdPOMUgAUgIIZA..&dlt=1704740339138&idt=427&ppid=vnet7f0de5d86afb47fbaee9b70ad1fe45eb&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dforeks%26mt%3D1704740340252%26pager%3D1%2540site_geneli%2540foreks%253Asite_geneli%26policy%3D0%26host%3Dwww.foreks.com%26url%3Dhttps%253A%2520%2520www.foreks.com%2520%26targetCtr%3D0%26pid%3Dvnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0&adks=3246492315&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dad3694d81efeecd763fc8d651a9ee58b547765660bec0110aaeea9d788f0600

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12718
x-xss-protection: 0
google-lineitem-id: 6241543851
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138425583957
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.foreks.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 29 KB
12 KB 236ms
235ms Fetch
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1599564253928301&correlator=4309196763180636&eid=31080284%2C31080294%2C31080295%2C31080297&output=ldjh&gdfp_req=1&vrg=202401020101&ptt=17&impl=fif&iu_parts=21728129623%3A158935454%2Cweb_foreks_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60%7C680x90%7C728x50%7C320x50%7C300x50&fluid=height&ifi=10&didk=388927469&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1704740341436&lmt=1704740341&adxs=276&adys=4327&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=6&ucis=9&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.foreks.com%2F&vis=1&psz=964x0&msz=964x0&fws=128&ohw=0&ga_vid=29850689.1704740339&ga_sid=1704740341&ga_hid=845787954&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQYnY3F084xSABSAghkEhsKDDMzYWNyb3NzLmNvbRidjcXTzjFIAFICCGQSGQoKcHViY2lkLm9yZxidjcXTzjFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20YnY3F084xSABSAghkEhQKBW9wZW54GJ2NxdPOMUgAUgIIZBIXCghydGJob3VzZRidjcXTzjFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGJ2NxdPOMUgAUgIIZA..&dlt=1704740339138&idt=427&ppid=vnet7f0de5d86afb47fbaee9b70ad1fe45eb&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dforeks%26mt%3D1704740340252%26pager%3D1%2540site_geneli%2540foreks%253Asite_geneli%26policy%3D0%26host%3Dwww.foreks.com%26url%3Dhttps%253A%2520%2520www.foreks.com%2520%26targetCtr%3D0%26pid%3Dvnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0&adks=1526775893&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ed618e24e12104a91b63dbb3396772177910e749bbd5d95a2cd7afd9456e175f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12729
x-xss-protection: 0
google-lineitem-id: 6241543851
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138425583939
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.foreks.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 29 KB
12 KB 285ms
284ms Fetch
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1599564253928301&correlator=2260879352452742&eid=31080284%2C31080294%2C31080295%2C31080297&output=ldjh&gdfp_req=1&vrg=202401020101&ptt=17&impl=fif&iu_parts=21728129623%3A158935454%2Cweb_foreks_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60%7C680x90%7C728x50%7C320x50%7C300x50&fluid=height&ifi=11&didk=388927468&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1704740341439&lmt=1704740341&adxs=276&adys=5579&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=7&ucis=a&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.foreks.com%2F&vis=1&psz=924x0&msz=964x0&fws=128&ohw=0&ga_vid=29850689.1704740339&ga_sid=1704740341&ga_hid=845787954&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQYnY3F084xSABSAghkEhsKDDMzYWNyb3NzLmNvbRidjcXTzjFIAFICCGQSGQoKcHViY2lkLm9yZxidjcXTzjFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20YnY3F084xSABSAghkEhQKBW9wZW54GJ2NxdPOMUgAUgIIZBIXCghydGJob3VzZRidjcXTzjFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGJ2NxdPOMUgAUgIIZA..&dlt=1704740339138&idt=427&ppid=vnet7f0de5d86afb47fbaee9b70ad1fe45eb&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dforeks%26mt%3D1704740340252%26pager%3D1%2540site_geneli%2540foreks%253Asite_geneli%26policy%3D0%26host%3Dwww.foreks.com%26url%3Dhttps%253A%2520%2520www.foreks.com%2520%26targetCtr%3D0%26pid%3Dvnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0&adks=2323977110&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4135302dfd219eef0a3ef4efa22460d35f559f6bbd6c80075668ea0024fd673b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12750
x-xss-protection: 0
google-lineitem-id: 6241543851
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138425583939
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.foreks.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 29 KB
12 KB 271ms
270ms Fetch
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1599564253928301&correlator=4189308202952708&eid=31080284%2C31080294%2C31080295%2C31080297&output=ldjh&gdfp_req=1&vrg=202401020101&ptt=17&impl=fif&iu_parts=21728129623%3A158935454%2Cweb_foreks_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60%7C680x90%7C728x50%7C320x50%7C300x50&fluid=height&ifi=12&didk=388927471&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1704740341442&lmt=1704740341&adxs=276&adys=6430&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=8&ucis=b&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.foreks.com%2F&vis=1&psz=924x0&msz=964x0&fws=128&ohw=0&ga_vid=29850689.1704740339&ga_sid=1704740341&ga_hid=845787954&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQYnY3F084xSABSAghkEhsKDDMzYWNyb3NzLmNvbRidjcXTzjFIAFICCGQSGQoKcHViY2lkLm9yZxidjcXTzjFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20YnY3F084xSABSAghkEhQKBW9wZW54GJ2NxdPOMUgAUgIIZBIXCghydGJob3VzZRidjcXTzjFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGJ2NxdPOMUgAUgIIZA..&dlt=1704740339138&idt=427&ppid=vnet7f0de5d86afb47fbaee9b70ad1fe45eb&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dforeks%26mt%3D1704740340252%26pager%3D1%2540site_geneli%2540foreks%253Asite_geneli%26policy%3D0%26host%3Dwww.foreks.com%26url%3Dhttps%253A%2520%2520www.foreks.com%2520%26targetCtr%3D0%26pid%3Dvnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0&adks=2926202557&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2e533ea83f56317b6516ae6cfefc06d4ad65144ce48b57785c39491fa6fff668

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12738
x-xss-protection: 0
google-lineitem-id: 6241543851
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138425927431
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.foreks.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2142 6 KB
3 KB 60ms
14ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:01 GMT
expires: Tue, 07 Jan 2025 18:59:01 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 empowerwebplayer3.js Show response
static.virgul.com/theme/mockups/outside/ 10 KB
3 KB 53ms
53ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL

https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=19

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),

Reverse DNS

Software

openresty/1.15.8.3 /

Resource Hash

525d4bcb494f29edfbcf472fec04988765bb0cd93dafc4bf88bf7e66af4e6b40

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: gzip
strict-transport-security: max-age=63072000
last-modified: Tue, 22 Aug 2023 14:18:41 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
DATA 200
OK truncated
/ 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e57378e77a92940db56c07311efdbe76662b76eebd32f3098c016426df8f9dc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 128 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0adb33ca1a9776a37cb4501f171ea405ab5ec85ccd1b6b07ca2f534932f86cd0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 180 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: da048d750f80c54a010a455dea80502cdbb958225d4e4bf059c087adc42a96a9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 203 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 09ac9215e23e9e0c0472ba3ee0835146d896cba96798b92d86d507beeaa1d59e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 177 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dd750c079ff8953fb54c97e67fde64e5ca38e999a76d4ece21dd3b87629d2929

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H2 200 init Show response
wsdkapi.netmera.com/sdk/3.0/session/ 2 B
266 B 55ms
55ms Fetch
application/json 185.57.65.125
VMIND

General

Check archive.org

Show headers Download Go to

Full URL

https://wsdkapi.netmera.com/sdk/3.0/session/init

Requested by

Host: cdn.netmera-web.com
URL: https://cdn.netmera-web.com/wsdkjs/OcYc2nxy4-IE1PVMgxSo2cIXLNyzI3PXAb6uUisJim44jRp89r7eWQ

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.57.65.125 Istanbul, Turkey, ASN9215 (VMIND, TR),

Reverse DNS

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

x-netmera-os: CHROME
accept-language: de-DE,de;q=0.9
x-netmera-device-type: DESKTOP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: application/json
accept: application/json
x-netmera-sdkv: 4.2.22
Referer: https://www.foreks.com/
x-netmera-api-key: OcYc2nxy4-IE1PVMgxSo2cIXLNyzI3PXAb6uUisJim44jRp89r7eWQ

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: GET, POST, PUT, OPTIONS
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
x-robots-tag: noindex
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
x-xss-protection: 1; mode=block

OPTIONS
H2 204 init
wsdkapi.netmera.com/sdk/3.0/session/ Frame 0
0 51ms
51ms Preflight 185.57.65.125
VMIND

General

Check archive.org

Show headers Download Go to

Full URL: https://wsdkapi.netmera.com/sdk/3.0/session/init
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.57.65.125 Istanbul, Turkey, ASN9215 (VMIND, TR),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-netmera-api-key,x-netmera-device-type,x-netmera-os,x-netmera-sdkv
Access-Control-Request-Method: POST
Origin: https://www.foreks.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1728000
content-length: 0
content-type: *
date: Mon, 08 Jan 2024 18:59:01 GMT
server: nginx

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 113 KB
28 KB 18ms
18ms Script
text/javascript 2606:4700:10::6816:3456
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3456 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d351ad9e0491a3bb72ba3995d0dfe67f6af54bbf7d97e18f43ff203ffc5efe1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 08 Jan 2024 11:20:59 GMT
server: cloudflare
x-amz-request-id: J6PPM7V0DYP0CFJH
age: 1150
etag: W/"9692928e9024f20ea54c02122b35d5bb"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 8426acdee9e59229-FRA
x-amz-id-2: E2dxCfXCsx5k4HZcSQw7dFRHO24XSWaZz7wnd5zFsTjIK8baUgGgcqyDTc+PxPqbmAAxz610ANk=

GET
H2 200 zoneview
ng.virgul.com/ 0
213 B 229ms
229ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1704740341601&v=https%3A%2F%2Fwww.foreks.com%2F&r=158822:foreks&userId=vnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1&info=&ref=&rdmt=0.4375600802599928
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: https://www.foreks.com
date: Mon, 08 Jan 2024 18:59:01 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 zoneview
ng.virgul.com/ 0
213 B 235ms
235ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1704740341602&v=https%3A%2F%2Fwww.foreks.com%2F&r=158821:foreks&userId=vnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1&info=&ref=&rdmt=0.626270327808905
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: https://www.foreks.com
date: Mon, 08 Jan 2024 18:59:01 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

POST
H2 200 encrypt Show response
esp.rtbhouse.com/ 157 B
431 B 58ms
27ms Fetch
application/json 35.190.39.111
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://esp.rtbhouse.com/encrypt
Requested by: Host: invstatic101.creativecdn.com
URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 111.39.190.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: dca34d4085f9aec1933f6d4ac88c52563c2f37aa20f84cfff5135acad4e15af0

Request headers

Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
via: 1.1 google, 1.1 google
server: Google Frontend
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
x-cloud-trace-context: 5916c0f1744bbc829e4525b9fc986dd6
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With
content-length: 157
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.foreks.com%2F&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.foreks.com%2F&rid=esp&cc=1

85 B
193 B

119ms
118ms

Fetch
application/json

34.120.135.53
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.foreks.com%2F&rid=esp&cc=1
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Server: 34.120.135.53 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 53.135.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: 2ace5a4f127fa756acdc46f090b63d1d38d452d1bad9777a38877c1e8b53820b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-Z2iVmem0hO9P0/MzuEvZwy9xE2Q"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.foreks.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Mon, 08 Jan 2024 18:59:01 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://www.foreks.com
location: /esp?url=https%3A%2F%2Fwww.foreks.com%2F&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 NoktaNpmPlayerApi.js Show response
c1.imgiz.com/player_others/html5/ 7 KB
3 KB 347ms
62ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19730
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=19
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 11:58:21 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Mon, 15 Jan 2024 18:59:01 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 4D35 14 KB
6 KB 857ms
245ms Document
text/html 178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.foreks.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

cf66b1a88c1b59fe8d1068ff7ec392816c6a8a43a1d0647bd940591f09974446

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:01 GMT
server: Kestrel
server-processing-duration-in-ticks: 390782
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
x-robots-tag: noindex

GET
H2 204 increment Show response
id5-sync.com/api/esp/ 0
230 B 29ms
7ms XHR
text/plain 162.19.138.83
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.83 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31532338.ip-162-19-138.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.foreks.com
date: Mon, 08 Jan 2024 18:59:00 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H2 200 tag Show response
feed.pghub.io/ Frame 5D18 13 B
261 B 58ms
21ms Document
text/html 34.102.243.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://feed.pghub.io/tag?referrer_url=&page_url=https%3A%2F%2Fwww.foreks.com%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D

Requested by

Host: pghub.io
URL: https://pghub.io/js/pandg-sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.243.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

38.243.102.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
access-control-max-age: 300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-store
content-security-policy: default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
content-type: text/html;charset=utf-8
date: Mon, 08 Jan 2024 18:59:01 GMT
server: Jetty(11.0.13)
strict-transport-security: max-age=31536000
via: 1.1 google

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 60 B
334 B 94ms
28ms XHR
application/json 54.78.109.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.78.109.25 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-109-25.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 824acd0c32164947f5fedae901cc02c9860e107d1f31224fb20696af20ba62b7

Request headers

Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:01 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://www.foreks.com
cache-control: no-cache
x-server: 10.45.4.212
access-control-allow-credentials: true
content-length: 60
expires: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4625 0
315 B 368ms
366ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3025194257&lmt=1704740341&plat=2%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.foreks.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740341325&bpp=2&bdt=2187&idt=324&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2818979527367&frm=20&pv=2&ga_vid=29850689.1704740339&ga_sid=1704740341&ga_hid=845787954&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926&oid=2&pvsid=1599564253928301&tmod=1143210592&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=354

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=www.foreks.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:02 GMT
expires: Mon, 08 Jan 2024 18:59:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&cls=header-top%20d-none%20d-lg-block&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 204
No Content collect Show response
v.clarity.ms/ 0
294 B 317ms
100ms XHR
text/plain 20.114.189.135
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://v.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.114.189.135 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.foreks.com
Date: Mon, 08 Jan 2024 18:59:01 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H2 200 container.html Show response
087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3D90 6 KB
3 KB 8ms
8ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:01 GMT
expires: Tue, 07 Jan 2025 18:59:01 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame C611 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:01 GMT
expires: Tue, 07 Jan 2025 18:59:01 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2CD8 6 KB
3 KB 8ms
8ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:01 GMT
expires: Tue, 07 Jan 2025 18:59:01 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 993F 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:01 GMT
expires: Tue, 07 Jan 2025 18:59:01 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2048 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:01 GMT
expires: Tue, 07 Jan 2025 18:59:01 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 3D90 24 KB
7 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 10:17:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 290477
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 04 Jan 2025 10:17:44 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 3D90 146 KB
50 KB 62ms
61ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

66f50e61f7a6ab9c9872b6341879353d62364b09ca5ea3d5aedbed1f44d8a6d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Origin: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51319
x-xss-protection: 0
server: cafe
etag: 6325151463241963522
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:01 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3D90 204 KB
65 KB 36ms
14ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65775
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704286440049996"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:01 GMT

GET
H3 200 container.html Show response
087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2D7F 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:01 GMT
expires: Tue, 07 Jan 2025 18:59:01 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame C611 24 KB
6 KB 19ms
8ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 10:17:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 290477
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 04 Jan 2025 10:17:44 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame C611 146 KB
50 KB 100ms
100ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee266cad83dd463bc5e78ea6cfce1c06d37cb9610efc3f221ba3c18a2382fa55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Origin: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51319
x-xss-protection: 0
server: cafe
etag: 9464829371082725633
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:01 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame C611 204 KB
64 KB 51ms
40ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65775
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704286440049996"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:01 GMT

GET
H3 200 container.html Show response
087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 9A73 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:01 GMT
expires: Tue, 07 Jan 2025 18:59:01 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 2CD8 24 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 10:17:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 290477
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 04 Jan 2025 10:17:44 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 2CD8 146 KB
50 KB 70ms
70ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

825c9781037f85140b4e968c77a87087e23d04604ac8a1081daa162e23a43c2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Origin: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51324
x-xss-protection: 0
server: cafe
etag: 1884377013384630297
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:01 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2CD8 204 KB
64 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65775
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704286440049996"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:01 GMT

GET
H2 200 zoneview
ng.virgul.com/ 0
213 B 53ms
53ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1704740341856&v=https%3A%2F%2Fwww.foreks.com%2F%26vi%3D10816958%40&r=158528:foreks&userId=vnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1&info=&ref=&rdmt=0.7439626309720593
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: https://www.foreks.com
date: Mon, 08 Jan 2024 18:59:01 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 container.html Show response
087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B149 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:01 GMT
expires: Tue, 07 Jan 2025 18:59:01 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 fire Show response
wsdkapi.netmera.com/sdk/3.0/event/ 0
234 B 52ms
52ms Fetch 185.57.65.125
VMIND

General

Check archive.org

Show headers Download Go to

Full URL

https://wsdkapi.netmera.com/sdk/3.0/event/fire

Requested by

Host: cdn.netmera-web.com
URL: https://cdn.netmera-web.com/wsdkjs/OcYc2nxy4-IE1PVMgxSo2cIXLNyzI3PXAb6uUisJim44jRp89r7eWQ

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.57.65.125 Istanbul, Turkey, ASN9215 (VMIND, TR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

x-netmera-os: CHROME
accept-language: de-DE,de;q=0.9
x-netmera-device-type: DESKTOP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: application/json
accept: application/json
x-netmera-sdkv: 4.2.22
Referer: https://www.foreks.com/
x-netmera-api-key: OcYc2nxy4-IE1PVMgxSo2cIXLNyzI3PXAb6uUisJim44jRp89r7eWQ

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: *
x-robots-tag: noindex
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 0
x-xss-protection: 1; mode=block

OPTIONS
H2 204 fire
wsdkapi.netmera.com/sdk/3.0/event/ Frame 0
0 51ms
51ms Preflight 185.57.65.125
VMIND

General

Check archive.org

Show headers Download Go to

Full URL: https://wsdkapi.netmera.com/sdk/3.0/event/fire
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.57.65.125 Istanbul, Turkey, ASN9215 (VMIND, TR),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-netmera-api-key,x-netmera-device-type,x-netmera-os,x-netmera-sdkv
Access-Control-Request-Method: POST
Origin: https://www.foreks.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1728000
content-length: 0
content-type: *
date: Mon, 08 Jan 2024 18:59:01 GMT
server: nginx

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 8FD4 624 B
246 B 47ms
46ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNWfXSJzX5cFhC0WJXtea1as-MF0YkusbVPQOAgBvU-hLhfZ_QbAfTrD9-pT417iLokismqOvzVcGoJ6in129OTAnPGK2YtBfD7zu99PV2yVa5fgsQRgiBC1-zMpbnIuBxhW6Ik0V967imjPTOx-7-fqWot-qIdkK6PcczwvvjHbFq0C1gRuMz7uTfli-Lx1VcetrKmG

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:01 GMT
expires: Mon, 08 Jan 2024 18:59:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 993F 89 KB
31 KB 89ms
88ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:01 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 993F 42 B
63 B 42ms
41ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CvH6AzmiIzFZbWQzDEyZDGQ-YnJhFFEIbiM1zNCKvebYY5efGI6o9BY23a6CqLqEivv93dL-nhoeQ3v6d40fFq5BnrQnrZbu2jX-I7eTwk_WAijyk

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/ Frame 993F 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/window_focus_fy2021.js

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 12:23:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23750
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 12:23:11 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/ Frame 993F 20 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f764c969a82705ba7838239087f5ff9b33e978b6bae2657e299b6b14c30ad7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:12:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31581
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8523
x-xss-protection: 0
server: cafe
etag: 16500369019378894752
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 10:12:40 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 993F 204 KB
64 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65775
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704286440049996"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:01 GMT

GET
H3 200 container.html Show response
087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0C04 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:01 GMT
expires: Tue, 07 Jan 2025 18:59:01 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 2048 24 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 10:17:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 290477
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 04 Jan 2025 10:17:44 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 2048 146 KB
50 KB 65ms
64ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9371e82947a34df42771c3bb99b1df923e119cb6fef753ddac447e4d496b4b5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Origin: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51319
x-xss-protection: 0
server: cafe
etag: 14632649702004463730
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:01 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2048 204 KB
64 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65775
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704286440049996"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:01 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 2D7F 24 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 10:17:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 290477
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 04 Jan 2025 10:17:44 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 2D7F 146 KB
50 KB 107ms
107ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0104f5a4256dba1888e2ac755ef7495f737d3d72eba83d1bef0346eb7e5bc8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Origin: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51317
x-xss-protection: 0
server: cafe
etag: 7381365129584388407
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:01 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2D7F 204 KB
64 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65775
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704286440049996"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:01 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0117 624 B
246 B 48ms
47ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXwWFTFqeGwAQGLh_ZGRi2ziqWkn4QNsuDbUjcLknht5bIsoow3Mt9Cjp3o5SYtpi5-Ymr9u7MPE-wtM0yX6XxdW2RMbylhMISSXrT1_HTRpmoYQVL2osuKcQuOpn0iUfEoIYK6TSddPfEfDdtLZF_xirBVJ4yuBC3T_bI-ZYyBhrv9H_R3IElKljF55QT4R765CkZl

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:01 GMT
expires: Mon, 08 Jan 2024 18:59:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 9A73 89 KB
31 KB 65ms
64ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:01 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9A73 42 B
63 B 42ms
42ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CkquKhh1sNuE729dtmHrNZOFCT_3h26x94ymzAl_PPSycaj1TxEJory5iomXYBfOvgd510hC3hJjKPFjAb9SGphTr_S-BJs9OniFl-79eLj00QLIo

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/ Frame 9A73 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/window_focus_fy2021.js

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 12:23:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23750
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 12:23:11 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/ Frame 9A73 20 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f764c969a82705ba7838239087f5ff9b33e978b6bae2657e299b6b14c30ad7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:12:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31581
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8523
x-xss-protection: 0
server: cafe
etag: 16500369019378894752
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 10:12:40 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9A73 204 KB
64 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65775
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704286440049996"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:01 GMT

GET
H3 200 container.html Show response
087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2DFE 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:01 GMT
expires: Tue, 07 Jan 2025 18:59:01 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 3D90 0
0 46ms
46ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstzmfQ0u3os_aaOM_sY1V9lsM3M01y7hspavTVU2Ifa2A7AiJxbqW84rSC26XukDam62RFSooYA9xfaNKo6uLioPjuZzO8Ehbs4VVMMxojHgtWqdUe8Mj3YlcT1dUik_qTxYlmBf9shUen66SwnxK5U8UMy2otnaz15nJ0d7w3nUAZj3nOLIdv8h_WUa9ORNqFDpXQHVP0jcQe88za7I_QkloZkzoHlwxcGW2pUMpFO9Mvvq7KAlKlfaT9urm_FUnVwPVOshsqgmM67SGlGu8hB-twzT2jLAA9QW8xNBcE29yRE2F-TsFBRSv9XWzKLiHxdzwAHvMmzLyNATfu7exRWRj3k9EHDFFUPwOMG-G1nuyZBH71habil3ss4YEc&sai=AMfl-YR5uMMHW1ngkk59VRvNcgY2emN3T_S9jI1E22iR-gUbxoV5YMqEm0rvZERK1iDrPVocnuAe8L1T9gYwCLGGScuWy8UG_gq8ONv3mpIU9lIG8CLS-d4paUOqAHtlScfjtnV4Gu42KqGDlI4a6AW7Jpagf5wM4cslAeDaut20iNesJgXR&sig=Cg0ArKJSzHYAWUAHMZA4EAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame C611 0
0 47ms
46ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsswWBJ1wn4Oevqkh7ToPz5AoTQ4-QizgkeQvY8InW1CPUI5LHlOvoM-2qYQXPfPnI20-hvFXfT0zhX7wgataWV0qapj4d7mujTtaGq37AGakN2X4NWdoagMa2KXf7fwTJ0VAIgJHQCatITdnfJ0lPOHGmYAw9i33GqBOY0e1K6p-cY8Quo__hkPcFDM4WCtQajOtRnIkg_WIJ_74dYCpLMta5tgxXZgfuXp-wnHq7_2yJZwHjZO1jbZtO8t1pr9Coh2_O90oeeEunjOMYkZypc528Y6XksPZU1EGmLi6bfD6ldasmV-FNgcHuSV413j73qHL22IUvG_5RHP_hgo6TRCigkTZ2grT87nSV1Ns73t1qWVFcr1dbJPbFcGAV0&sai=AMfl-YQJ6O0o0gOwzxT1k8RIKzSpkIk6i2I1HvX8iTBIUHawjS-v95ckEhb22uhRxcPkOaUstJYhSnNxnly0pm2O5erSlurrat8STJ7vUJ8lU-f_LwaLhEhZ3mUtveuObr0ABc--SMtt56KqbJNykEC1sFCvXYjZNYVN1PS2tK9XjowQ2hM&sig=Cg0ArKJSzB2-TH9MoZJXEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 51B2 624 B
242 B 48ms
47ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVlJ9VhrQAibkflOxdmApXrNhpNV0Pz7hIpqNrlAnbJQuhV_NgxGR1a-OQhns5y3-fglV3iX58m1IOFbPnwGHNVjebmA5tI8fl2TLxc6uIVFb-5N3mOgpESPZ5mAEZxiC9--6_ZjCnJ4Vp5ORd1dVlEP4PZdshLFEnTNmc3jZxzGjxNkv2FODEhrZLf_zePs0CMNkfK

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame B149 89 KB
31 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:02 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B149 42 B
63 B 42ms
41ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BkRykW76kziCLmNTHQPvStBv_i6HcEsRds5vcqOZjEnb23D5is35nqcfYUeNI5BplypA-Z9J1Mb1Baw8FuUao95niED_vqHgO-03PhePDS3f9q3R4

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/ Frame B149 3 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/window_focus_fy2021.js

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 12:23:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23751
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 12:23:11 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/ Frame B149 20 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f764c969a82705ba7838239087f5ff9b33e978b6bae2657e299b6b14c30ad7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:12:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31582
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8523
x-xss-protection: 0
server: cafe
etag: 16500369019378894752
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 10:12:40 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame B149 204 KB
64 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65775
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704286440049996"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:02 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2CD8 0
0 45ms
45ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuzM56rnrqmX-cHoj626Qt1KXLlR7EM0zPXX1IuuKweiULnsBTBnyo2NDpmlivEcO03HAObG4KqWZT_TBUi7GRKyk-GUDsD-PbzXvbhcvGfJRUSGSvJl_NX3rIb_oFW9dMNIc5skoMBOCt_4eUmwsFEkgF7eFFn6jtPAfi9gi-euB0aw44KzeCHnaw9tXY1Se52uoG1M7kGykUNfI4OHfM1uXZ9W0uBeRXqK5NsAn8HGZX2sU9tqC9Zet5TsSTOqi8btkQKileybg9LGKKs0qxRulP0UgmmfGBSALrRSPgD_QTP9PMXVR-OxvcWGnXeQTn_C2SfVezoUU3SyBFDkrQoEze5HUIsRRf7tx7FEcnyK2AXyVakZVLmWsqzUpI&sai=AMfl-YQ-SPxUU2zwjhACFeUqFXIU2vvppfJjQTwoUBVLqKynhxJsjqNoVHUq7gqO34OoFe8OaTIqPzjFDU3BxTZ55IVYxIrEtWndcMNyYc1sB0Jvu4ef1X6uRAuU_cCFWv9J5iRPJBF8f_QDm8OaUpx9MpLVVodqhR7JKPzZ4IBZqsVZ072F&sig=Cg0ArKJSzMvNYTrc52eREAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 container.html Show response
087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 4CAD 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:01 GMT
expires: Tue, 07 Jan 2025 18:59:01 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame A649 624 B
242 B 48ms
47ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNX4gitPBz67pbsVEHy96CMb6bJgnhCWkcQL8FpN6WWYknAeQgN04Fh7n7v9k8BTPYHryCbcrw6ss3dnwbwSbWV4oHH3em4aquAk3La2wHa82Ogl_Ouc7dXb5Em49jvgBo8hR65h1G34-TdOXrx7TKoqg8SQJm355HuEHyhgUo3vpfeeGAJOOlWQV3W7bZG7Fein4I1q

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 0C04 89 KB
31 KB 119ms
119ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:02 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0C04 42 B
63 B 42ms
42ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DrzS1XKh4zYzqnj4EmdIUs55fQtWGVkZrm8clyTNoEpmPypcpGGM8pWRkd9JAqtxhj-GBs2BXVkStJYV_91_VKig3mI0bsTRoQ5kHYvZcRdkSSrGU

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/ Frame 0C04 3 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/window_focus_fy2021.js

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 12:23:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23751
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 12:23:11 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/ Frame 0C04 20 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f764c969a82705ba7838239087f5ff9b33e978b6bae2657e299b6b14c30ad7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:12:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31582
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8523
x-xss-protection: 0
server: cafe
etag: 16500369019378894752
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 10:12:40 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0C04 204 KB
64 KB 38ms
36ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65775
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704286440049996"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:02 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 8FD4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1

43 B
342 B

22ms
22ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNWfXSJzX5cFhC0WJXtea1as-MF0YkusbVPQOAgBvU-hLhfZ_QbAfTrD9-pT417iLokismqOvzVcGoJ6in129OTAnPGK2YtBfD7zu99PV2yVa5fgsQRgiBC1-zMpbnIuBxhW6Ik0V967imjPTOx-7-fqWot-qIdkK6PcczwvvjHbFq0C1gRuMz7uTfli-Lx1VcetrKmG
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oESM5OYonnKYpKv9n5PKM5%2BYbVViiWOXwUzj3YRP6KzltQ4sOo3%2F%2FLWKs1orXUfIbsjw2H7h8%2FcIZ0tNZRn44kU6TS2toaUI6qib7ljXF%2F7PwT9WyFYIEzKZRrI0quH7LqXuXaUMG%2BEC0A%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8426ace23f521d8e-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 8FD4
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZZxF9nvSuzvwKxfEX-Vr-QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1

43 B
737 B

21ms
21ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNWfXSJzX5cFhC0WJXtea1as-MF0YkusbVPQOAgBvU-hLhfZ_QbAfTrD9-pT417iLokismqOvzVcGoJ6in129OTAnPGK2YtBfD7zu99PV2yVa5fgsQRgiBC1-zMpbnIuBxhW6Ik0V967imjPTOx-7-fqWot-qIdkK6PcczwvvjHbFq0C1gRuMz7uTfli-Lx1VcetrKmG
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1fOgyIA6bGpM446abn30QKJ%2BxXc0vDjvkTEeG9NVPU2%2BAoImp3MTUK4229KVvyFduP%2F1HsO7ZLYs%2BX1iOAx8TZRyVdrOHk1vPhuZ%2F1rOoW5ZfLL8p4zFQDEj5zdM566nENovNMzZC7PIQw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8426ace29c919130-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame 8FD4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEAt0tB-mXb_DG5b-Ho_s6f4&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAt0tB-mXb_DG5b-Ho_s6f4%26google_cver%3D1

43 B
1 KB

14ms
14ms

Image
image/gif

185.89.211.116
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAt0tB-mXb_DG5b-Ho_s6f4%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNWfXSJzX5cFhC0WJXtea1as-MF0YkusbVPQOAgBvU-hLhfZ_QbAfTrD9-pT417iLokismqOvzVcGoJ6in129OTAnPGK2YtBfD7zu99PV2yVa5fgsQRgiBC1-zMpbnIuBxhW6Ik0V967imjPTOx-7-fqWot-qIdkK6PcczwvvjHbFq0C1gRuMz7uTfli-Lx1VcetrKmG

Protocol

Server

185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
an-x-request-uuid: e3115105-f0ec-4e11-81f8-2cb9ff9b2459
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 45.141.152.76; 45.141.152.76; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
an-x-request-uuid: e43aca63-ddc0-476e-bf48-aeeebebf8177
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAt0tB-mXb_DG5b-Ho_s6f4%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 45.141.152.76; 45.141.152.76; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8FD4
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTU2Nzk4NjQ2NjUxNTE2NTg4

170 B
188 B

19ms
18ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTU2Nzk4NjQ2NjUxNTE2NTg4

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
an-x-request-uuid: a6b897fa-e96f-4a8a-8d88-6c058b8c3fad
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTU2Nzk4NjQ2NjUxNTE2NTg4
x-proxy-origin: 45.141.152.76; 45.141.152.76; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/ Frame 3D90 403 KB
136 KB 70ms
70ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6a75dbb9026abde609be1b49466d12e2f383bd184c54f75bcf96f55cc593c1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 139425
x-xss-protection: 0
server: cafe
etag: 16422721448637780862
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:02 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 0117
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1

43 B
734 B

23ms
23ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXwWFTFqeGwAQGLh_ZGRi2ziqWkn4QNsuDbUjcLknht5bIsoow3Mt9Cjp3o5SYtpi5-Ymr9u7MPE-wtM0yX6XxdW2RMbylhMISSXrT1_HTRpmoYQVL2osuKcQuOpn0iUfEoIYK6TSddPfEfDdtLZF_xirBVJ4yuBC3T_bI-ZYyBhrv9H_R3IElKljF55QT4R765CkZl
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i2H%2BV6snbWDOp91noRIZpvXacXwr1NmjamWLjrk84%2BwVN%2FjVh2k2nlGz2RAOVa%2F90ThhHgMoVoHna9OAfrpY9p0xmOSGGQ5%2F8SJQ3sBKOFTFfd2wVzZ3ofqtcAX3FURthyp79IsH7p1ebg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8426ace25c4d9130-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 0117
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZZxF9vmzGPZEtqnBO93HSAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1

43 B
730 B

29ms
29ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXwWFTFqeGwAQGLh_ZGRi2ziqWkn4QNsuDbUjcLknht5bIsoow3Mt9Cjp3o5SYtpi5-Ymr9u7MPE-wtM0yX6XxdW2RMbylhMISSXrT1_HTRpmoYQVL2osuKcQuOpn0iUfEoIYK6TSddPfEfDdtLZF_xirBVJ4yuBC3T_bI-ZYyBhrv9H_R3IElKljF55QT4R765CkZl
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4tR%2BrIbpeWM8G33dcmoDc2vD0H2MMslbVLtqrrzvKZnMupMs0s0sO05ADb8RMDFNhJ6NuadC%2Bk6WlmTvIWqbw243sMXQ1aAcjAXxn7idsEUQF1TQVw3hLUd9uVH%2FYB21ExyhejN2ryTOUA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8426ace2aca89130-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame 0117
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEAt0tB-mXb_DG5b-Ho_s6f4&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAt0tB-mXb_DG5b-Ho_s6f4%26google_cver%3D1

43 B
1 KB

15ms
14ms

Image
image/gif

185.89.211.116
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAt0tB-mXb_DG5b-Ho_s6f4%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXwWFTFqeGwAQGLh_ZGRi2ziqWkn4QNsuDbUjcLknht5bIsoow3Mt9Cjp3o5SYtpi5-Ymr9u7MPE-wtM0yX6XxdW2RMbylhMISSXrT1_HTRpmoYQVL2osuKcQuOpn0iUfEoIYK6TSddPfEfDdtLZF_xirBVJ4yuBC3T_bI-ZYyBhrv9H_R3IElKljF55QT4R765CkZl

Protocol

Server

185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
an-x-request-uuid: bfc23382-1569-4a0a-9007-22857bedf597
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 45.141.152.76; 45.141.152.76; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
an-x-request-uuid: e48779f4-5d5f-43eb-a3f1-454565366d1c
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAt0tB-mXb_DG5b-Ho_s6f4%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 45.141.152.76; 45.141.152.76; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0117
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTU2Nzk4NjQ2NjUxNTE2NTg4

170 B
188 B

20ms
19ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTU2Nzk4NjQ2NjUxNTE2NTg4

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
an-x-request-uuid: cc00c9a7-7701-4038-97ea-91779a0c700a
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTU2Nzk4NjQ2NjUxNTE2NTg4
x-proxy-origin: 45.141.152.76; 45.141.152.76; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 2CD8 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b88b424759020d37552e324c6f32d9b87443bda67dbb3785cbd6b00f9dbee8db

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 3D90 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1ece2917b6ef392a1061eb0b9b3e45965b1f975608316df3f500f6c9a574bb38

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame C611 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a9018b1f339489260a59a3023df211eb1a5f38cf20c2df423c780e08893b01eb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2048 0
0 44ms
44ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstDVtlcZNKr2W_PR55pt2yS-G-JxKguYdLcFs3zrsMo7JZFCM7zCa2ByyxklwXtuOzikys7XWYwwRS9ewFo4w6XhfzNnzRly5yoULTkrXpoN52bCd_ehIEzHpB8fFDLo8kexCQhcoGtzymQxLXezMIOZokiVqmZnKP1v1ae2g1H3GYZssy788v_gpu1eCzGu2VcGj3UK-REajE01RReVhbgqQqYsytMkJMVLFx0WYQOYJcQ8e0lzc-9fI27M3nHGdp96Ic13-rO93tf4kl3D8GtqVX6e9ar3trFxJWj85lM1RygjC8HjkHgFzJ3bPDfojSrn1ZKgli3IlH2aIhpNX2TVlXlhSE4d6aAon_95-MUPkaZm2V8yUI2iaSkC_I&sai=AMfl-YRNkQeFsZJ9Vhwcf7riMCLZXGFixJLkdzWuSUK7IYrSjuTKvEsx6bAQozzc0pNa6K0EDhPjOHlgfKrmXyufnEqWomgz3i74BgekcSiF_WRAp-UbUXUUcsdax-cvk166Uhas5t2T8rQ_OpK5QL8v-sJYEIO6IiG56FXZfX_moDknSG23&sig=Cg0ArKJSzLx04ZQFptM4EAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 51B2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1

43 B
739 B

23ms
23ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVlJ9VhrQAibkflOxdmApXrNhpNV0Pz7hIpqNrlAnbJQuhV_NgxGR1a-OQhns5y3-fglV3iX58m1IOFbPnwGHNVjebmA5tI8fl2TLxc6uIVFb-5N3mOgpESPZ5mAEZxiC9--6_ZjCnJ4Vp5ORd1dVlEP4PZdshLFEnTNmc3jZxzGjxNkv2FODEhrZLf_zePs0CMNkfK
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eTGHrB5%2FlwrmUWx3W64jUiB%2F6Yr2VPONNoA%2BEbL1uaM%2FMzr23v44DJb7v%2B1bWJxWsAgVdjIcb%2Fjn8qA%2FpHs6hh79vtiTZ1xZ8n2wT%2FomayrCF3t0oFCKi%2BYC2G6FvjBgi10v1z2DAhbU7A%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8426ace28c749130-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 51B2
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZZxF9vmzGPZEtqnBO93HSAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1

43 B
735 B

28ms
27ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVlJ9VhrQAibkflOxdmApXrNhpNV0Pz7hIpqNrlAnbJQuhV_NgxGR1a-OQhns5y3-fglV3iX58m1IOFbPnwGHNVjebmA5tI8fl2TLxc6uIVFb-5N3mOgpESPZ5mAEZxiC9--6_ZjCnJ4Vp5ORd1dVlEP4PZdshLFEnTNmc3jZxzGjxNkv2FODEhrZLf_zePs0CMNkfK
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tjZ06t%2BASCqWTlblXHtVXRcJOYeJQGhXo5RR4ZJ7ssZH7aPP6sBiiI596pn%2FU8ycOfUp5oXR%2BR8c0VBIgBT%2BugpJmJsrQHZeqIDhqI5UBxtsCnzqLgJ5ibHYnV5EYJ%2FzjrSlUkL3Tn8HIw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8426ace2aca79130-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 51B2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEAt0tB-mXb_DG5b-Ho_s6f4&google_cver=1

43 B
1009 B

15ms
15ms

Image
image/gif

185.89.211.116
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEAt0tB-mXb_DG5b-Ho_s6f4&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVlJ9VhrQAibkflOxdmApXrNhpNV0Pz7hIpqNrlAnbJQuhV_NgxGR1a-OQhns5y3-fglV3iX58m1IOFbPnwGHNVjebmA5tI8fl2TLxc6uIVFb-5N3mOgpESPZ5mAEZxiC9--6_ZjCnJ4Vp5ORd1dVlEP4PZdshLFEnTNmc3jZxzGjxNkv2FODEhrZLf_zePs0CMNkfK

Protocol

Server

185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
an-x-request-uuid: eaa9da4a-88aa-47b1-988d-2152f7d285e2
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 45.141.152.76; 45.141.152.76; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEAt0tB-mXb_DG5b-Ho_s6f4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 51B2
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTU2Nzk4NjQ2NjUxNTE2NTg4

170 B
188 B

25ms
23ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTU2Nzk4NjQ2NjUxNTE2NTg4

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
an-x-request-uuid: 56640029-7889-4cbc-836a-124395d72824
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTU2Nzk4NjQ2NjUxNTE2NTg4
x-proxy-origin: 45.141.152.76; 45.141.152.76; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame AFD9 624 B
242 B 46ms
46ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKv65gIQm-jrAhjb8sP_ATAB&v=APEucNX1fTT2T4p2TKpQPyupCX86Isqb9QBty4EuZDSuHTznoBkuOaGZuTjOLuMjpFIVcHA3GH8eE427STerd5E3KqIQ4OQHX-2hjufjwfh_bN3uHjdTV9t22iHpUTDWwUZWEl3WLi2wq09mS2RmyUYadCMfVK3xtoBvC2eGQD7tfx8SuxqZeH0lCaVI-yMRLyE16QssSFj8

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/ Frame 2DFE 23 KB
9 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/abg_lite_fy2021.js

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 14:42:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15366
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 14:42:56 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/elements/html/ Frame 2DFE 7 KB
3 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 00:37:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66064
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 00:37:58 GMT

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 2DFE 0
0 93ms
52ms Fetch
image/gif 172.217.23.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsuP45h6KkI7iNXtLD-tsgx_ixjDF7_c7ED2bpfEqSaQPUhDIIby1oh8jaorW7Gi4zTD5MqwN2KQkhcGS8by3n_oT8HiDYiy4GzTom6s6uiG4X62Tis3h2A_AZLTqNl5Pevi5_-6xEZw3x2dbKEYGXElf_g9uNiys2oJpUHuXpfq60OHePwLruxFoXkrAXPVCTa4-Hlp_SFt2z6Nv3UT3CBvm1LGLxzXBQYbd1T-h2ONilYlvfGr03NLgmE-wiuI8HN2jTVG1-VkyN6kQJlWxlkp1czMEurvyLSuVTDGXcqDypenBRsRyzt3nGCkDm7RgoArjNnfy4vYu_zJHBcqeVV7QTafuLyX_zlz5i4Z8FIk3zYLMHvxyWVsSOd2n20w21dN1yqOrrLzh5LINHlr0TaqtxAAwyTWlTW7K-aAXNXE41vg0A86ynzxM3j3temH8tD2X0sckwSZBPaKyscLqYsZk5P8NjnySBixYCHp6fcC6dl4_kRY0xIHsZ2STUYORRNyUZ_TcpwmtIRnVfYLZ5uHekh7PStujiYpFFvMcdBJlgtBn8bGMxqXXKspazNwjUNKUV5iKza4o1R6hodWskI8kzJr7QypnSQOpSt4c69thkmr6khzWjQcpTKltnuHwzc7d0w0psTK84yf08C6sV_Yk55pWvqSsis0UBe3MxYiZjSGwp-bkrXV2CL5AeMQygZ4y3tPilxUbyVVAcrTrDUf6CTr65iiEJ-Z94ngXm_kJbutWCkBiDx6xuMKiqpXUBtG5gzRxtj1eBBSSMvYp7TA41gfEznUSR0AZtDvYWDK8H9sdLp752ikSErEsFRxn4E0daOFrFMSB_sPpfaErLtfXlE068E7ApdSXj1EjpoNg2EANfqqOY9IkqL60LYuSXArievIatQk87CQgAQYPyTJy72cD6WLoN3yTSZSpGeACSnPNfYLIFl1J4pEd1nD6V7Zlwo-pcpmxb5QdapHTfKxI7O8DEQAs54nHTuQj1h_zi02WHcRcF1vux1Tgm5Z-UHan6ppMxWtQjvuuQn515rt49HHch_eDw6WWmb56KvS2D0o-fjbpq4TcHv3-S1e96Jnz5YaRdQjsbDmeOQ_xYlJFoBS2_h5WvQPEuh0v3XuvvEG3qvu36Hz34xKyM6a4qnzMpvzX4oUzBMhCfPltiHWKg4PR89qeypEmGiKE1Kk4fuSb6CzdFDucb_qp4yprxvDSGI_PY7RPrxeW5bK8_fJw7phA9StiMdfD3y6uUNEoVPmk9klB8KLumoE-_E_VLR36aBarTEhPeK24C9_82faeXyBHXKZZPpM0Ycvzb9ARE3zK-k5jfUJjC4fMOJTN9_fxdK30qWPfj74Pn-gGianFyps9r5t7F_eIV4Nafv2Y9Vpuhew_SbmDF49ZGtSTQ3sLmK7ODOGZouKrC8xo57L&sai=AMfl-YSZwp46d1XxvR9gTKuRS55kZ7rCf_E6QW2PUdeo-gYP8vEH-GtnLpYIb_177qS4-lgpu8vSfvC8SKYdZVe-h7srfynz9DqSiOhluSsejPJRJQYGTXPCkWsWjsrEkBOje6McI1iCX15Psj0so7tUgFYLwaaes05SMak-KG7HNl3cvbcuEF2OzvfSqDFMzuadyDHTjCdNnu9wHgwPtNpt8ineoq-rJUVPx1Pj6ENtZ73gfEA7cqjmU7lOFNJJmwXUqsIbFbIMLqJtwec83-T1JyfU7-z88KOKcRjQJ71afdMnvVErcE1ESRxSJoKIE4n8-AoYtzNnVE2MPbr-escca7g7mSCKddiVnjsXnPIlPYNeoDlCD4shasIijcAywh-9n6SuDUxB7hFP0VTyForFio5vG7jACYNRPZbc7tHDg07o0ItAvM7B4Vfsdru9JE9rs3UpAO0FJF94PqXIl-sLhF3rLnybobfZG9r0SHdPRGnjP-RhmUVXr3PXd5uXs7m9S9jdpEBCQtrFYTudZ8uF51ESetFsEAbFm9rCwnwaHgqNKIW2Ogoyd17x27WrVeP9bgNxokcAydIAR8_DSp1evRNhGGgPUNoJoA&sig=Cg0ArKJSzHj6jpg8dRTwEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9ldG9yby5jb20&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=0&cbvp=1&cstd=0&cisv=r20240103.35691&arae=0&ftch=1&adurl=

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 2DFE 41 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 262434
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jan 2025 18:05:08 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/ Frame 2DFE 3 KB
1 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/window_focus_fy2021.js

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 12:23:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23751
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 12:23:11 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/ Frame 2DFE 20 KB
8 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f764c969a82705ba7838239087f5ff9b33e978b6bae2657e299b6b14c30ad7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:12:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31582
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8523
x-xss-protection: 0
server: cafe
etag: 16500369019378894752
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 10:12:40 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2DFE 42 B
63 B 43ms
42ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B28ZzamNFX5oo41cwNgeGAWO3mJMsfHqZQ5NJMG0wHZSi3wxCmrlz16vIw-xbWd32BJTHcEiAZIDxMCKEVPd2QnydlqXDUqSKatBeD73GxCSo813o

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2DFE 204 KB
64 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65775
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704286440049996"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:02 GMT

GET
H2 200 7955616546247655826
s0.2mdn.net/simgad/ Frame 2DFE 747 KB
748 KB 46ms
7ms Image
image/gif 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/7955616546247655826

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ca585e408547339e90795c9a2cb1c78792bd35df4e2ff0308d760ed078ceeba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Wed, 01 Jan 2025 06:53:34 GMT
date: Tue, 02 Jan 2024 06:53:34 GMT
x-content-type-options: nosniff
age: 561928
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 764708
x-xss-protection: 0
last-modified: Mon, 27 Nov 2023 14:08:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame 1A37 199 B
298 B 54ms
16ms Document
text/html 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: de259eb7ba7a0e45575deb33946f1fbc695c97c33145ae4e49af0069d010868e

Request headers

Referer: https://www.foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 151
content-type: text/html
date: Mon, 08 Jan 2024 18:59:02 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2D7F 0
0 44ms
44ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssfVib202Nrjmx-sXRXGQ1on-cxXDSYJDvXPW1FqF9c_FZZW4K0xBvys5I5baa7tM0R9tqI3uSLf67XAP2nXeVwbjpS58yvXzFmnJA64kMiUyIhJY_Wf3E3TeP92o1h_2U-fbnVxE_N7lSHO5RR8OodbyiwmsW0rITHYwVv3xVledYsOtJZNMbVkGpL2zf4IvOIDMBdiBR6d42115i7XpF7csUTOmVT_QQWgRe0Rmbq4Xx--Ha7Riu42iEe4eu4NsW_z3hhYMUyhwS2fXIt-dhd8wWzNiMmIDGtW1937Kt9hDj60PdRJ6dO6Cd5cJ-UDGgFhRyfGzeibOSWt0IhRbt5S_y1BKPG3wMXIauem3ndvuhTDhFX-bvK1DZB430&sai=AMfl-YQPEGSIGAINlnLDZAYY4k1axz81NecmVTzbyH1D3-yuczKgZG0TX0fedPCSI3E8PlemXTbirkUNPxmLPxaxnZDZahvbW7USlPWr1ROLQOT_r6TVhEJnb_zJ46FQjbXzz4lrRzQfmOEdTvezQdktSNoAoqlZvHEUhrfNaYRADZeU_amZ&sig=Cg0ArKJSzHB_UQ28ZDAjEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/ Frame 2CD8 403 KB
136 KB 66ms
66ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6a75dbb9026abde609be1b49466d12e2f383bd184c54f75bcf96f55cc593c1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 139425
x-xss-protection: 0
server: cafe
etag: 16422721448637780862
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:02 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame A649
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1

43 B
740 B

28ms
28ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNX4gitPBz67pbsVEHy96CMb6bJgnhCWkcQL8FpN6WWYknAeQgN04Fh7n7v9k8BTPYHryCbcrw6ss3dnwbwSbWV4oHH3em4aquAk3La2wHa82Ogl_Ouc7dXb5Em49jvgBo8hR65h1G34-TdOXrx7TKoqg8SQJm355HuEHyhgUo3vpfeeGAJOOlWQV3W7bZG7Fein4I1q
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zW00osWm0jVIEXyqEXp9iN7qTePExTyPUAEQ4vafeRHUwKcBQtKFuvZFuyOea3BIU1usbu2kX18uFP4UwZsH%2FKLMjmzOiZW%2FAEo331J3XB8MBtIj%2BMzs4ZZ%2FQvzUtPCWn6%2F262%2BzIWLH%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8426ace2bcb29130-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame A649
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZZxF9vmzGPZEtqnBO93HSAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1

43 B
743 B

35ms
33ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNX4gitPBz67pbsVEHy96CMb6bJgnhCWkcQL8FpN6WWYknAeQgN04Fh7n7v9k8BTPYHryCbcrw6ss3dnwbwSbWV4oHH3em4aquAk3La2wHa82Ogl_Ouc7dXb5Em49jvgBo8hR65h1G34-TdOXrx7TKoqg8SQJm355HuEHyhgUo3vpfeeGAJOOlWQV3W7bZG7Fein4I1q
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=og4%2Fft%2FCQWCmINcyXRIhP%2FDTyvMEf5v%2BfRIE%2Fn1FSwvdbtVUPj5p2Jxp%2BwU3bhbNsOG4VcXuEPbYNVQyZA%2Bkw1MVk2il8jBL%2FCmsyplQPDC2sQz%2FcMNVsc0FWRB%2BWo6APcePd49tpIZFnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8426ace30d0a9130-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame A649
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEAt0tB-mXb_DG5b-Ho_s6f4&google_cver=1

43 B
1007 B

13ms
13ms

Image
image/gif

185.89.211.116
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEAt0tB-mXb_DG5b-Ho_s6f4&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNX4gitPBz67pbsVEHy96CMb6bJgnhCWkcQL8FpN6WWYknAeQgN04Fh7n7v9k8BTPYHryCbcrw6ss3dnwbwSbWV4oHH3em4aquAk3La2wHa82Ogl_Ouc7dXb5Em49jvgBo8hR65h1G34-TdOXrx7TKoqg8SQJm355HuEHyhgUo3vpfeeGAJOOlWQV3W7bZG7Fein4I1q

Protocol

Server

185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
an-x-request-uuid: ea05ddd4-0ede-4418-a1c7-29993d363921
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 45.141.152.76; 45.141.152.76; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEAt0tB-mXb_DG5b-Ho_s6f4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A649
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTU2Nzk4NjQ2NjUxNTE2NTg4

170 B
188 B

19ms
18ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTU2Nzk4NjQ2NjUxNTE2NTg4

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
an-x-request-uuid: f961d48f-6afc-4f5e-93f4-36852d70df2f
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTU2Nzk4NjQ2NjUxNTE2NTg4
x-proxy-origin: 45.141.152.76; 45.141.152.76; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/ Frame C611 403 KB
136 KB 112ms
112ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37c4d6d85873383f6f8d0369c7528d8af49b359d4ac65369ce55f70823fb7756

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 139431
x-xss-protection: 0
server: cafe
etag: 783925011095930372
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:02 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 993F 0
20 B 42ms
42ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3087767446407&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 993F 0
20 B 45ms
45ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3087767446407&version=m202309260101&ct=77&x=1&cor=8173984081397032000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 993F 19 KB
13 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AAWcFQSu2FbntuHGUsDCfiwUMU0dgCkm72Xxd5-0jL7uNnVD6r2vw4vK1yLsQkpJ0Ei1DNRH_Npy_wI2yevo64JRbMYtjLScUVwV7qNbtQhT3rhXDF9-0H-_rMek1vFK_aAZ_enl2yRSJpr_SEU1cfRnrCDBOS9rdcPpXaYYTfD2iBkeo&cry=1&dbm_d=AKAmf-AOA80lX4r-4w9WbgZ8JKHquU3HwJrZCRsoQ0N7GAaxpCAD_hrkQEs1ZF_DwK2nuyvTwKuDFNi9DVQ3db74FCtoOPem4F9v12Qc3Gz1z2YnigV6DXGDOiES-51vcKX9A5fMRKf3I0wx_wuWnSWFKNt7F80RX7TiMbIvT3rdpDr4U04WuFVsJICeutS5r9lbRzpZ2dnyfUsBgu7fz-h2slIaw5lHMl2vQUw29NasCFsR9sF-CeHNq2T3xkr49ITdIRoJBm66bwi_KTPsvI62SVY5nPa-WxzWzmPJEPdVaO1UG2q-Cy8Tzycx7f3geOegB6waVCQ495IqvOgs_Ikhi3xyrPeayd4fNXkankA77JNVs1tlTsGiXdDu3nnO3L6-uwe_CCQyXLDj8yMNL05iyS1s4qi_V5SDUmI9CKdqp4qrYSl4X_b7ebV9ddDazRn-SOBdspss4khNyOecqOlvh4HDRdhtASc8WFBLlW87WKWB2wAOCWozc-6EXU3LBtvapBk5QzsImZwUhngApqFnAN8kYKQKYHclRy55LFCt-x1ebrldSaEgg_G9Z3LmzKqTk4DUpnXCfw9TSV5tGQMq7HNmpncd096-fFMjoQC6iP3iDsgDoogv-Dr195wDcB_x2dr9ocmGZFZeMaplEwABxM36FuIaNEycq5vBetzJNNgVA8LyQ1PFGjlJofy06dOHQFo18Dkun4_s08biiHAB7l-YiiW--rv8EbJRcfwBC7vaNHwplyiSe0khgO8pIQgH36iy1AqBEUGfMrTHciI_uUEaoG-nKzO3PQRiUgI7ZO458RxdawmFNvGOAbld_Ske1yEMacer44T4Kvhhnu-6-ol0lg3dNemVdSWaToEckJnpm5oksf9O6EYMzaLnjoN9LqCih9OQDDpI0CdvwtvyShLzDdwYi7kF_WzdYpM4Fk9BH1zPuc7aXMfkD8sxWNsJTqI971PX4U0hLFsG8QGSnSkZVlfexylDKZtIfwN7L_TYuUbUXuS3udZjtjph7OSZ_Xw1pdWTwfkl0JxVJyhBilA6O9nSgg1HE8vPayhmT3PpoIfBsaRqtJ0PllU8l1VMZ9G8XMr2xDTADX5osrbriPCCrmdMBoW0nNcJImCBl7ZGe0N3_l3JxZvIF6SDTvoq3q2AJ8Lmvk-jGSfhUWuixi7kJkcgA95qg9EgzpeV5DZmsziMUfZBj5g0sm1pafbluGLyrgm0zF9CfdXufpx0BL9zG3jBunism4MN30dQ87POf4YyomK0Ol6FEjasqZZDCgnqcK1Ai5dsoWdqcKVPr1qZdenV4p-7cQdie2NoMdk4KyEyJYfgELLSno1zhz_ouDzBCVno-JnNHgdIy8Ia_OYjdRY-O_LN09zETOtUWYxuZZJlEd0ls_puBOQ5-gog97hoAU-EhfKJcuzDxBfINM7y6eEQeH_60f203S4pJ6pz_OWQ2hufqIX9bU0QuEzi9MUzm69Yn4V6lMHtKBUz60klzX1ZG5VfP9gWh2-tswLPdwDkP1uRJFt4TBaPOGHflTi6BpYoa22dGU57qbRwLdEFBLkAokeh4OD2eQXSxfO_7DFr3lRLCoK6XYsvVM3x97xUatzR-rNBfOlc6GTwe61DdA-1YoNcqg9dOvMypuZSWkOPalUyXI02UTIjS7dvjtk20C6H9R0qnMB-AD_GkRy8_qZB9W9cQ6AVNbEZx9viH-SULb6mTJVA5i0h3jpG-R6AmREDP-F_5vha-bg4DF9UxQzJ-qG-BwX5ueMRMR1_0RowME9fRYljcOY-5OTq6GA4siGEcm1Eat32e0IKst3sD7dJZpOISGKUKESQIKObmfmdpCls8Y3yeha7oDHRIOyglQmKomNoQL3HvS63-eTMA-cOMlQKZAf0CkB30_vvDFtUSfX8WG5lskNH6D_jI2qD18aTCb7d7NlWjD32OjKrllUdeXXv9WuUGuGMorBE23UK4YxbGK8JqO7FE3DN25xThxDew1_Id7_RQVCa4jOqFSI9W2Z0kmGvdJoIMoFkdMiGajwMf1R9NsUHikpixfuulEg9YkBMChRMeqSJg1RTSvkbQE1U9EwPAzCxu1CKEyzHUk7YajCUZTNpOfa4l6iMRO3MS8spX7XB8ObkGygOVzPdsSw2MW0Gcg7F0oth4mDiXHpCCcrCGCykNJaDk0f67YCJzFHAXIXRJ1N-sOLPHAlfCpF-Ap2v8MaJLyElngwSEx-uI1vO2KOutN4oK1jChSyrmVDAv3n2PDMWgWGQ2dwcMghtwVhRegMiOi7Z5PA3jMdnGZSoRoavOsWWfeW9RS0s-lvARHFp5yxci9S21BZ4c-oHiTVeTKg8ETgPBL8RVKARFqpvNPTqJL6o53qOfTisSpr3nF9N6Oajsj97gjQbxCX6E74c4CCY5qN2CYvPx-kY9-uXptAQHkvrZQTCVTEoZIDei7xCnN6aVbN5FyqkSiFYGW4NEyHOX5iUmv88R2DU0QVNZPD28o3AgsoqNaO_8IfEafXwlGRm1zudZ9crjuSnH7J4l1o640qD7KSocKdiqVe-nnLQ530jWcOY7JG0h4IW3ya6Z8ZRKnDwqYIQ1TI7DSTyz-J5_B3wNIYjRVrQ6mmnkPnvp4RogDvIC7RzjunB7LrkTgZSAp156ORnD_OtSEbT5vFUpo_nXPqCx_Ct8ybfYXXAiUze-BH7XI6d30ttV7PzssrWcLJKBr8-H6aiQ6_mL5XNFUxXNPHGK9iy23U-fFbg7ng-LOU5Z7K0S5M7ZKHwnihk30P4ubBvVTuQJi_c2FtvLYLuhZEhQa8eXyjfsDBw5vYhDZR22J5SGlDj4eIeYyYBODkjZFQ0SKemukvAxjycyivj1r144n4aI8Pj8YPjvfOYyvr4cA4zqiR5beYoU2V2RE05P7qwlXRZj2JKpI8jNzE830sB_ywtSCRwW_y0W-n5SETnnm2mR6T4RVivKEyp-wnFhCa8w0E6faWM7KkbNn_iGkuOpNv46eMWYqy5tzcLGod4X7ndEGbB7HWtXhB3VVTdu2dIJI3ZoqAUhm6aafDHOlKBAdIDsVJt4_dpYDw_YfeKUaa5m3BZ3uIyeoRUIY5epYHIsnxxzM5IR1cKOg8dy9Fm742tABZ0Ewy2dejuggXqjwT7QSjoCkcTIJDvH2ubbgGvPC47Xd9DOoMzDQVOYlDMMBmUFyPSelZiCvjU1Pfpzr-lDn9yF0Gc9lfKkJu02tPYS4QckzXSX61yFmpbGLIs4WUyIFy3Pl-n_OEkq0iSNPeDKL722d_t7myk8iexYYtGyb_1awgwNfloQ0mwzChP0T2cY7CY14XHQO1TARdACYChL5xoxoR5btSp_TasplolQVJbvjGqPgWTRdozLm15rL-Di9S6-Y19fEKSXa7HxjZuT2bRpKBIH-wF0yrjcLf1ugqAkMlHkTuTYET8L75tw-x6EciKs6GOQraZqVRY3uXoJe9oKaaaphtcXxznmkR4-Llcrb26lcmQEahYwtJ-qQan3s619c6M_DLydQ5pQ0kid4zlzraKGAs-aJuYXC53B4D9S-xPSAnNTV7mY25_jkaKT3pcU8jQH-0x-2cFdSOWiC42RTFSe8xeApQKyao3ZHqT55zKPSYL7hY1q6SRAeTjEnzSWssZRmPa3MnsLHy2jELpdxWCGpPLrk7NPj3lDkWzeNXnNwPF28fu1Ewm03Fvpm366SIGJFE4C8SHwg43BT0S4xl-3S8tyG5y2sgvaXs15qwbyutxO897u2ydBM2CXKkIfAUy7hnKjQyxtjBnT35ph1VvsHolaa--uf5zZyA2lIiP3cYLOcAdxf0bbGsu8tzV7PJnjoHPDYUjOp_lk_Vk4xsBU5ZsW2ozA3DyQXu3yKox3kBr8_kcsTVo-o27KswcB738OUtrC9RtJGaH4PPFmh2U_bDPEK38sFVLprAdIuyZK8m7mN_IJYU9_nQW4HLtgJ-CppUZrSecq1ksr1FsyLS96YCL74wg-P3-ckmrADzlJeExC2LDzqUSlMCGicBz1N3WbzfStesmV_-hB4QjmkHPJE5m_99amnigQUrpTRg76DDd-IenOZGg81eYiygruC3BOg2hecslJtM5ZQ6aopoYS8ElhcGt5NOFRCljRzEsc1lf-BOjDG2sEk8&cid=CAQSYAAvHhf_xyUR0Yx_g7oaoMy46rce8HR5f1ftI0yqsagItMz-rz_9e1tD53FN0mf0fMDRFf_6-3lHNue1tagaarDnmIlwkuFOv9s7-CLyFsmnWwNQ3QbNCJy6F-Dpf0IBKhgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.foreks.com%2F&ds=l&xdt=1&iif=1&cor=8173984081397032000&adk=3944675603&idt=95&cac=0&dtd=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

46d2f5f6d180a269e1dabbde63a10731e12bb841ec449d481bd06918d7e93741

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13238
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9A73 0
20 B 46ms
46ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8955019322171&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9A73 0
20 B 46ms
46ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8955019322171&version=m202309260101&ct=77&x=1&cor=14684776273329355000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9A73 20 KB
13 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BOokQA-Dse79Aae9QKmneMTjaRohW-atrH9yilpXmuQC0i9t7G7xtZvjRTCSswz9gl6IX1A7Ad5hUMNH6QZABKDHkjMVhZF4hKdUuCzeW-7UUAo1UfeUiF2CrT56BWnNCH-UD4bBlaY0E28-3sCG0jyXumb4g2S6FLCGrnpib-ByiQzDE&cry=1&dbm_d=AKAmf-CMu-Eky1N8UZH7Y1bAWLdzfimKkYb4yTaI3WjSzuxd1R4GI5aFB27qiF6-o_4pFgZYrhqOUBQ_Ioty6fznTJbgD9xYV7--3Acy59Sh-0zroY8H8G1bqufO1oMXG1x8dolE2TFpP1-yOQnxGuAaIhJocOm9E3ycMYeLIHDu7AiJufUT4e_mInn1PVHEKYG48LUj8PI1YbLsHXk7RF_TraJj-ZgkgOFHW8hMK5hfi-tjlM9qiupSd2FRD76_h2RcyySVjt_VfkUcl6aEooQpNg5F3RV8Du8G2EQofVjM_D_Mw2iv4Bu62eQYBgrHt9guVuwqOJyxua_dR7jaUXTIaUWFqUhtC54T-X1jh4REvd67SjqytyOY_teo1xNbqJK1lL3sYnV3kwAC787GABMIbTBgZZz9E6cR0unnSHN-hgc04UdD26n7aG1_O2iNcOAF0TCbxF4MgokhP0bMod9OLr4jEUQCjeejYlOahuozN1YLtRHD4AEnN4bBdyRHE1JId5oGPcX6OC7GN6-Q97L2Ry_8ACeMBvSj-bPnlbYoXx4qEW6jqwfuCEJryKjYckMHM8joW0UCqOx_vigxVZydJ6vLagp9DKrDy4_DjoGjr--0al3C9HXKy87bg_7gaUJPkrinLpnHL9voQaIJou92Yn1lEx9FblhvKi1miSNVNxF_gRIzHAqFHZAKo6OqPpteovxbJW9nsn6bAZh1kH3hXO5jFZg3CThUXIuAME4LrSZzFFWt0NddDZjDhLBGNLr1NeIRu2zkZSI8FudX3WuvbS3Stbliw1tfjRN1_PPucq0W0yC8G9x_J6ZD2Qf6bilcc1fheRNnHlBolYrEH1fSfe8-Qpht6a8LM3LdX3a5Fx-7elLPTTFgtVsSJObB-DMBwVZsrUo_GmQOBVLQdzsMTXGGOej2hjrtAMfY_hzRaVPl9iJXHoWvUwWYbLzOmAog6eTxQv099H-Zxm2gNrq7zoDXtWnQbTLPFf0ACS7H720c13AjMCWQREtRLhOiyqPKD8g8WwsRu90k7mcMLfHVArvCUrZdxaYLdo9TalPtwYpwF-53GQPQS_rGIzar72LLGq3utT9wHpEJFPM8IsoZx9bQdBBuLsqXjvWZdA0VK6cdraUhYq7GjAQEpTj05E0uY6Oon0LO8O2IzoznigKVrEbbOBwZRvmill29f-wK5grczw6efdTOnqq2U1Hic3lIwY84lmd8e1V-uqCatmzQSBt08jLefsxvOPUWeJKwm_y85MEwcgPhKv4Wg7QyWlbONv5EJ5rpiG9mARxDJpkF-wBNEz-2uEEDlTJkUN-NoVzxkMPNzVoX2hQ2p1rEnQbNtK4sRLvg4-6-YtnOWXoQXMrhvVG6etcjZWuAxfXCVmVeuYgjx4oCDsIvhtU68Q0oU2kjC8mreYu4W6RF4QmSazWgw_faTKEo9Gf_GCOVoKiQjwUTk8_Wuoeksdu4biktbgq2dOgdvR4gjAT7FIOmj8eC-IXx_kKo3vBvb6xdorVSAv34rn9GxVTi6GLbD3rUL-8dnnvhYlOvos0EvRvjFGNNu8utGlyzSDGRF2zVtyC6bXugaZGH9Co8ZEsk0xn3ESgXoWIcSPdxbBiX2-hvrsTfn19-jhadbwwytsEY4vjE5Xomf7bkO73pD1c_VCmKMDt1-nosKBcBkfBRZJ-TMCuXxK4WOxZo-LeXfYJ1RznO2bXwxCaZHmNWud32cPQcgqhihO-eJKLaE8fM4UCKXOxsXdPVQdjTIpMZy3KxtlF0xBbBEteEYPN821_iCz9rNwCk8rQJBiiiE4SGRK86u4LhEbP8b5GiKj1VCMHwA1sO9zyeJHrwIsCMFqNgq3H0QLpD5A6t-f_3uopSEtMAdc6h5xgj-GBazOvRCa_y0a8yyOnOtjzfc_L5l8CY_83LhvXYJcqqqPT9xgstCOQnvYaExarrqG3iAg6QEVxwH1V1bcXxxm-7FqjQiQZxWO4gkWwE9irOIpOWrfSPrQl6RTc0oy6f31kfygppHZ6xYVhixG4loG_PL2v74oX3-q-hfDb-HBXC_TGfRJzOh4ih5U4yhXe25q9pWomQ1dy28sddm5Hp_yCU4c_Xzk8MN-_WoYOlv0zhtrtlFoKaFNRzivM3pylV9v6CDC24hbMJOR5ACe4JU-bcZ8Tk23Dcp_6ARm1aoVc2JToLa46qKRDJxKDlUfOVzHYr2Kt-rvRMUCeDJq8lDlql2LBJqndynksmOTRs-aC1C_tbtyHPrZg0bvtFn8FcaonlBTgaAEQmIknjHiniGzbDU6JjCD91xwlz6ZxFdy4g_w0PwTA891mkLn06K3-2Xh--mitvhr4nNg6MSlyTeFkKTAnIZkzhIVlX4KdR2py3zglkErnwHFH-vpI6s2T9ZQ8L5LnDLNzrULnip9tbO3LD12ilz4iUxiCN9L3MPKOQZ2zCbFMCompSgcNfvAp5YwBv-Df516U7G6tdf_rBZ1uAzym11WWiHe6eqfUW800IEXdn-gSnXjsvWQsX71Mc6Y5lq3P1vyScFtJfBxuvl38v365rWppDgSYbVa1sriliAi8BIeAK7EwT3Gni7_JLUqgwWAIby42HnjBdZxu-fAPD96FJVPwUKI-VLNRjzpwXNXR5iHxb9CDaezv5oY1O0GI4_WGzsMQQQ_TnzwjgJyZXJkTTqVek9vBHzLXBteZOpVcvFXTFGKJ6U-nVlloC00eE2u7_UbHqSSSWn-pQWaIQXYDzeUccxKuF_7LSq31QjJVIo7kplrVCbf1N-3T8MUTOXxgmwz2w4q4bgfNMg5t4v5Z_aWwjPqSZS6n5HVZJ71hXlSlHEeHrGnWaCpH6NE9b8KoQ1ZwwfrXeS0X6FwKP0WOZLlxXjx9siedeMNLeh6maPbCRLc-Gtt-uEc5oAh7tw3yI6Lyg5m_DCBWUMVTOXLAy-vBSS9i6Edi0Q6wjrSbGesyc3vfb3HY0G3Ae3VnvxXvrLUKnR-uJUTkfQjmJjZpr4wlprTppguyoe_L2IVnMm7-voUfqMvGv71WQM3qkr2w5WABqYTmy5lAI9Pk23UtcQPOywvdkXQ6tpUGdcoRI_moqBiz4t6mc_gw-ZymPzttaRooREwpY8kusdTbvaPYQ09HjXSjXtReVif6eIE5gbYBZ523vmHYNVCEFinnepmq8yquY1i9MoYcLiah_LxlAaig643FqGg7oGhGgV7wlFmfsyeJhmHKHOPp1bJOUWOtifqoZjQvM9shZ3FJJ6ggdDh2TAU_7P3N3XRk2iqZdzx5GWHXlIz_cO5b0Up4fVAyJd9VwgFUpzGVw7AeGVYNP2skJBy7ydEB9xs2ipyrQgL1ZwS6y5p4zebDkIu-x107TMlaU-kqZpS9obaLGStInpmvuz4PH0rxiuI_dSMb0Vgq8lzBl6SVrcfR-XB1ukaYHPeYR-KUdSe186zJumbXTn9Zko7KSPw2O5QNGsP9HxR_Yv9AH4x5JFUw91YjdwwL9bld3hco2l3U_yr0A81uW8I62dWaxnxcSiwsvz0qi3O1oYdt3Ot9VfVerb9b4RvCH9XUZRQFgMG9ow2HKLX8NOutUo3EfrFlT_7q3bTfLQPdj8KSa2ZrtdN12WmLLvS-TRb90M_UBOHOSp-N-tVrrSSsiCu9G1J8IbBvqZDnzz06fDUY4aJFjQeos9Ift1FQPSElWVVN02oiFroc-ugs6btCvl9_ltfyKvj4cGaRhr3rvAPDlN_P5dNhL83fx3DzJA7O1cYl22ERDYKUrEKf-MR1cPeSf1idka9TJgpcSvQd3cT9wL9GMJsteOgjOtLg9ohRTea3r_0YQso5bLpUPa9SZbWlfD50SUFWIYYZ5hV54eGsBjvUpns6yXajFTBGLXIhPGdxARgFAZDL1SRdOy6xMDUnd01KfSDVUqGj8K95TpD8SH2aZ97LzjB7yXTD8se9DR0I966qjTpqKw8FouCWT02RTpmobgdqbE2rMnzA7vrdzGHyOcEENHWuf-7aenimMCHQzPfz3OtwnxBy6U0_hgzd8rz0c4YpA37pMl3tDGeWqSoAAbg6OnN8AmkSSXHSQKItTbbYFPyzPtuL4sd-xQwy9dXzQcAljLQWVtQab1DyOKxlutJhW_wIZ0PIuWc6h-r2aRJHuOao&cid=CAQSYQAvHhf_1sbcyA4O6ivAiKTHmnBMvrb_gimsZ0bWrNOIhWeuFQNG4CiIFJfEV9ek0GJ2M9n_O58GSfge6Iy60or03_XmQDkx-Zud5mAzOIxk63g5KRCFLVJZfk9BalwPggwYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.foreks.com%2F&ds=l&xdt=1&iif=1&cor=14684776273329355000&adk=1033480540&idt=67&cac=0&dtd=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2e86fe91cdbab455a50b70e274b95b629c255e7c7d53d46e765c04b04bc5f838

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13614
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 11C6 640 B
262 B 47ms
47ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKv65gIQm-jrAhjuypj0ATAB&v=APEucNWSlxjEZ7rwz907NHsCB_XjMW2uVSPSkHL_afiHSEjzja_V0JVkEcx-bFipIPR7OnPMEPRC96YmxqRnzD1nC528GFnAYAJ43kZT4bC8-a5Aez6pLy853Rx_G67QjXOsVOfbfKxmeIA7tun1gaFaNCgC2UGibf6LIT_6UaqquV1U8EgSMNOhAE75F4au8ajwMvN-fi_e

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/ Frame 4CAD 23 KB
9 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/abg_lite_fy2021.js

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 14:42:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15366
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 14:42:56 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/elements/html/ Frame 4CAD 7 KB
3 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 00:37:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66064
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 00:37:58 GMT

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 4CAD 0
0 53ms
53ms Fetch
image/gif 172.217.23.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsvEd2pc-_zNwBjYt_NtT35tpZORkNGAeJ9qmvUM3SJtACWAa5YvePYjjs2fnaEKeYHrhkIkDI-KXyhlzw1b8e77nndZZ5VqavSsw5l052motACIApJswDaQKLukcetfOt5gkIem-RykGhDKiMBypEORpruwIdSiF-3AN-NlC6YTBcAhBRyspn94FydsTXKyDJ1QTfEagaXKyV6-m-NDTb6VIRTvNMFPVs02ETlQW1N0kLc8uoI1Suh3OblWshDvVhAlE9qcE4ymtLltvkSQH0qo7ItzdlNrWLHxyWm5zIrCBthZSu-zxbJbGXkhleTGFV8cqrQqej85TrWTdePg3sJECoytuEwikn9pTFSjByQA5wapzjYRc2Um_LHZxKE3IStF4-fNo1S0oYbs7dP9_bYghitSVFyGlHQ5MTOJvzjFL-kPiyP-Em__6b9U2JU696DYpffF2rxjYgXmJr0FOPglM9T7xuyDUNVxICKsQ_BfZk1dJH5AN0v62hRsgHBiP-pAQRYrLK-vTSFsDAjxs8skTMmdFg2fyKcJCgM4fxtWcagrgbCLiBBPcfnTTatHRCowmLo2VPH2sZbmIUpL5j_ghmZmZmzpCz8wDYRUIW3eUZfC5l47MRTuM1xeeeV37sC4FHJcfiQRpUb-ynMMx3tnOceZf24GHsICNp6bJhux7CvQCqLkEmbkN_J-O0TuI9Bo0oINuFaCFEq3TQo2iZR3xaTSxp_bRZylUu304MoXfoDhtzRqT3MyEG-VY9xYm2LOaOy4dUmK5dItCLP0LelJMQrhi5RTjdKoPpd-e71ZvoVpr3fDAtb-oF22RoxRpduMfKxZNGbTOgASvJshQEHk4B-kNfT1rLkl-2gchG1v4aun3Fb2R1F1m4RpoqaP2dNw5Zt7fzxK-1gvJV6yNK4odGmrPtscVNLBJOWVil4FKiHExKdv8HW_5dQ_k6ot4WrBGWkcHhaZb8Kq8tWLWCpH3PgvUSnrDZuG28JJUEORwuhmvm1nGcXiulYE7AhCbRiwoBWryrcVksWDzqoJbSYwLaOXd-fQ7uz4ElseGaQ5gryFQFyNDESSeQcixMn8kFCgb0Hk_6qL1tP9DKi37obuRvEnUNipWAQ3jUjMgaPIxOroSMBjN9-3VRelngQikmlNA28tvKM4bZjFgBI8eob2BHwyABKTUVbWkqUl8IWbh3ZwlqChLkobD9tm9TJei50Zg5pgjPi4YMfbTvzs1HGa7IxyFzQxAaYDYyHxSCxC7SEVEC5F_g1eMfvbsZaOil4ARN-GxZgiALd-avQP7yzS9HXOZ22XZ8QHRfsRkZsetgZ9SrCY-C7FcBNopdC5-tvUXXaSYS0qrFHexoR32ZbiAvZNbyzQAA6Nhn9MNGQXwdsFzLHgmOZQCSBPzrnNFUB2MCLozuYHJntt0WTARUUcu_wngcXsgRhmpZGjzSCwasRCPxVSaMOA&sai=AMfl-YS2gQ0ITKi4WUTwEMLFIwnPaGEQ4q-EH4IJwt5cNLV-kMj76ZiDqJ5wU-DQSBbrCsE0JtaS5RfqBeaOwv-akWzmrlkaB5xGfxDooN8JCAQHuLqnUYAFxPfLi-_b9yWr4h-SJ4ia9Fy73VJM21ocDxxsuvXu8rLElV0fdcgDuu055mucUj4-4RM7f3SmXS6V1XgscdUGaLip8wq9fIlWdJ5FkchEcIsiihsOM0sUQFpmyoOc45WjuL-ATdzOAq7sXIOvfu5545IkAutiJmgQ_pHlfzdnS6OBqncujBrQb1IfWCA5GK1HNU1ukStVQArZWb1RlV5fkNkzzGuCEEJJAbpUlDFrb_zS3O3HkrB8b59uGv3k_r8SEXqSvCR4PkSKXAZtp9dC_Sw0YUeNsqGAUPq7L6zFPwkccFxuxdS0paysiqxeH-J5YJAXI-Ise3oZh8xC6pcsvlmtJkl8qz-P5YKNvXFx6oSOiu3nrzU20KPydtOZ_pNNOPUysCdRUDjI93U7jKfYZ0UWP1B5XnvmJdu9lgPs8gbSSwRkI5wud_ivmbx1Yyf7bQbeNh2Lw8bi5GrALhYzxt8bVdz-yOTzCNvOdDW2d0FaXg&sig=Cg0ArKJSzJ1zBn251_ikEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9ldG9yby5jb20&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20240103.59248&arae=0&ftch=1&adurl=

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 4CAD 41 KB
14 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 262434
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jan 2025 18:05:08 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/ Frame 4CAD 3 KB
1 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/window_focus_fy2021.js

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 12:23:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23751
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 12:23:11 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/ Frame 4CAD 20 KB
8 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f764c969a82705ba7838239087f5ff9b33e978b6bae2657e299b6b14c30ad7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:12:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31582
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8523
x-xss-protection: 0
server: cafe
etag: 16500369019378894752
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 10:12:40 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4CAD 42 B
63 B 45ms
44ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DCp2mPjk_DfYm9Ugz-avZx5jyHjY4SCXmP7RW6jiTHqfpvgDziXF990BsTjvmxIGfCgubX6EDaLsp9GwGMGWL9hlT7DdYN36yQTFp9YekE-mWE89o

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4CAD 204 KB
64 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65775
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704286440049996"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:02 GMT

GET
H2 200 17923339239959655070
s0.2mdn.net/simgad/ Frame 4CAD 79 KB
79 KB 30ms
29ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/17923339239959655070

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

404dee41a85b8b1947fb898339c079c42f3a33ec89d1879636bc2f6ddd0482af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Sat, 04 Jan 2025 21:13:32 GMT
date: Fri, 05 Jan 2024 21:13:32 GMT
x-content-type-options: nosniff
age: 251130
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 80776
x-xss-protection: 0
last-modified: Tue, 22 Aug 2023 14:24:09 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
DATA 200
OK truncated
/ Frame 2048 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 96a5e0ae1e8c0ec5ad54e89427a149f75f647bb851e9645f7438196f5cda1c6f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B149 0
20 B 50ms
43ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2443156928715&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B149 0
20 B 51ms
44ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2443156928715&version=m202309260101&ct=77&x=1&cor=7082408291830103000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B149 20 KB
13 KB 43ms
41ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Ah5mTTsBzBiz8hQqgXPVXHadSnUh6R1atnqHWsDkO5YtRc3cfrWBukJycUtFGFSPHNXf1-hJSB7eR1935ojDCeNGGqWTeRDAZph3ek0qZnI7nluVXm_K0JkVAYuFc9VgMTbUpdD8lkuAvhUM2vZ3Gp665-3RaSFBF-ksUkyz26lOs1hSg&cry=1&dbm_d=AKAmf-D7LuGIg2ogo4yPUpsQUF1HL4Ilv4wSGqz-VdEBT9HmGMNIoMWsc56-oJdi-2an4QaUddG377fIRiod81UvWXM4L2tqa_KBipxiOOouTftpuJqT4zXBr3kBhidcO7AbrQCQkhDgFAsdiu4hnnMBubpyKqdrCrnUENfDAtJJ-VeUD0K_I_-f-BfcS_c7OZRqA5xxkRI0Y4tAwfbCtQMgNXFAti5sVlFROxbQYHytosTjHlAkO00m3vd6GlbFWvKPtSMfh2W4ThaqoYb6DVL_Rtpst8BjIJMi_Zt6NRV1nB1UHs-0GlK3sOx4XQoCDlr9PEUpJP_ENgxzqirg7ouGvT77xxrRW5kjICPK1bXemWTmtT2-sf34Ml-xE_3yHiKt8UkDY4fi3WLTIVPbP86Iuv55TjgKfYDRKFfoAkbKzppRsx2_jfiEzVyhVgjS4haPPz2-ARJfZdqNr5AlsEYsu7cW8LomNzIQd4sp3K2lDed1-SukyeIIIHPo7BvG8nUPsygmEy3y3yENdo-04pT4Waq9HH4e3lJ1fxDy-hRRDvrlZ90Uqz-vJBc5vqag-FVn2vbaICOaCIFYdsp2kzp1Y9d2oxaSiwbe-TdxAXL2Jb7Py41UjPqFNSVXA38ZVhRQkqAUImbvoyzUxWl3Vuz0RHyANp5SlcXl2cj7ljoR_P3OWYhPUza96h8A3LIve_jyPe0bPVeeK4F0zWiJ-7CUBoW6lEdczWzpxXY5_SJ8DWNWahq2-x6fqqxww-BwB6RT9DKdHuA5tJfmnK5JRcfRC6ioHiqAJWzzNFhy-Q5ntNjm1naDcfNT04nvVzhygdAZgnT5siuDzQYVqbtDC9STOXpv63HutJUMH4UaF1J0GFolsXBrq1_Y3rSjT1U_5x3BTrhcEzFAPFGtuUjFX-DYmuGKr6bUUP1FbAXafSADt1rfnWCqurC9UdfLIsxDrRP5l-8FkOXghvyAqV2tuLzDHL1O8qhQXplzgu-YAkYbp2IpZnY5FPPnO2wA9kOQ_P9RPB4glTr2M3ARzW1uT3GhUU_iwdpdDONzmIYKXhiC08eUNaC4cVyYIq0SW6XJlJJ3YwXRVboAWKSzbAXV3plfqWDazAPXiUgjpRrReL1T02Q4Jnl-sX8p8mUU-wz-2iswS7jmoaDvqt8TvN5PGNT0L_B3SPgAoP1TOS0c4EN5Xwidt9FCvwpeWuby1tTb4VWYa7E69DqquMx1visjHULgnnDjoytbUukCbNcSSjNSsOodNVNdVDX4QhbNskfdTXUnFR1pfOlTVlsJt1ZvCJZccg3V4PWw-LuqSSRimkWhUWblYo0hSnIrlqulHR96_IDMAlQweo-bNH452LD0eIVxvepbshtFo4xKjx84bPixAqscB6-lFmOeP3RF_QtDrj0o8UvHoeZbpMG3GesfTDmEbQO7Xq48pKU0fl61PsZqIc3DBAt0zzQxJGoi6AeF0mB6MiV_s3Or2ymLRv4Qp0rNyHytYh31JEkXzd1Rb-GMgjvNvd698YvKN76B6UCfI-85gLCz963Y6TkLnkEC3SsDZB6bjAx0wUiBALUfVpkkJqjTlArPrZryVdYvqJCKDJGm8-UuES7BSH_G4ygiH6XXFdAg38zpMsKNN72jksLnQH85oixSOQ-azZqbDDpvy-Gz5NOfwRi1TqJ55rjwcVbwB5OeRBMvr6NqDagY8gKIIzB0olZWyHHTgEtCvyx2poQ057RWtA2ICYB6mZUCnnqqyLjuWnCYfRyBIav13EdbCeAbiA5UdC3tRt86Q2KH4J7xNpWqfyyNmaURXbafCRMz-7aX_pPOKyvDM7PIRgYx-9h-_HwkSXWaH5smQSWAn8WR4obN9h85Gb2M1O-q-NiSjSNmeUzWHstD8RSqp278YfA52EOGxu3XYarI7paTE8G684MKNmLfHD9pA7BRj7vG5dd_Ex_5t3Q1S_EOVOM2d92Ud98Y-fhZlPEahvwqdJrVBjeIaZSA1sqa4Yamouli9MpXNe42ZNW7l92OAlQt5yyb7dQgzR5EIygLTAQG8l4mYwMUs8sUenF2GOUZmH8MwwOktV_Bd4jfGpANvwqihMpzUprSNcW-m6njDq-bSzGan_GqtkhA89vqk7dfOwpUsA5lMRk5tf6ZcmoXCixLMt53ZfQWt48toEmvS1lFhYO9BYq6lc6L_5hVCV4G8MdnNnxCwGHcEVJxkT6Pc4a8o8pOGTm6bYHzTJjDad0rBvjEbLv8s7yJqhJ88HqDWMCnR_8zIDPLkDeJGVAcT33dUO53wupS3xk5XEBx70FiYS4n9Ha2CUxafaTyp2SYxJxet83c1uKwDpB6pZg8Z6K6RrP5EbVh8I0llrGNKLxZLGuPD496JhG5NZPcTMbZoTFhNa5RSi1XOWrIDh9ZOpY12zP_0EiR0Ri-XKNipOXJDwajGHrQ4OLL6OtUVpo2z_CgaG3NoE-3DG3-BGo9cx6GlGcWMtsPbvmRp-celID26iA2tPLoDnMyy5XY47ZvPLpYmT13FT9jclcn33dtNSzy3ygD-nPN_A4AV0pVyAmNK4i6e73mztd8hYugrwQPlWXdmUv7Hl6Csea1HhYthh41Pdd99LdS-KX9rSlh5EWOYTO3jukC67OMmgqBU1tDV_jwoZ1-S7K4WujkxsuHlY_GT4eKuYJtYFPCDtZIL1MSDyk9lYWwkR_xbqiH9otLV1PEG10sQs_6WVC1UiU8cY4GpX5sVFCcnkEUGCqfFoBxRo38ukUSugAuaCByFksAeSH6DN5fwGNqyWVBiZ9w_EBP3qkE7-hzoreaQOXzBDqn_2H27buogK-vnHfHKlSevcaY3kttkuBOeC6wavpqwuH9MzdOmy2sOLmh2PDmdPafLMPKeuGB2hllRTmVACtO6Ai4MgX1DQp8CiL_tPEPSBEf7m5JbPNDDAu-OWNyLVobWciQOT4KlxGa07DY-eIUK8Qshqsh0mioKxJkzh-5AaVI6DuN_1Nat_Y-DMbHs-BIdZxPCkqGR2RCvLoxSWe0FGpYfyT6oay7bGxt5GY6G2mft6X-FYcnVP2J6-kWElK3hVcWBZ7MQ0tokWUukwjWM0MvryTS_WvK37Q6g3kGmU2XM1FPeVW9Ij5RD4G26p0bFCylDCnY8cADhBtlyYDqYCOrA5GC4r7fjNrNHDUB3dvPWyKPM6IXAqaFtni6IFt_iXOaqvJFJgIi_56waKOiyZRHhIbuiZFobLg0VmE5x_5L2fsQwnhSIZml3ePMQUEyCPPl_InjMp9PPJSudIz9nGTIsKrzoHSJya1rpQ6Hp7-9_nttcqo6pUe6A-A2pUcepNKwxcNKt359TfplpgeFBV0ueciXyB3qflhqEmNLmKFmoKgL7huvSELphMc8zy0NhbtVHv46oxEhnIfX_-xYvGkI9af23itw_peAzuvncZVH7nFKZyL76ten7H4pGMoBLQ1CyJtBd3LfqIdr-jts1E8F_JT6zeIziv1eiMLHEe9bRuSnewrxwD1AnEe76M9AVe4O90Ww0h3lxBl-QwpInZDj_3GB6RbMV4fCzfkJrjkYjcqdp5A-S4TN_MbkfDvFDkVghGqFoQTfsChO8Vmo0KwovqL56r01x7CueFY2gh1KPiahspCwzNgkTF-Rk77myLNIbExXrtIm-nOJsfFzAEr0COlvprz8T0wpLHBg8-l9I6pEsN5lawmyOk4U4i91QbpdKZh_SOUBs08b15e0nEbbVbhGFRUqy6ZEu7dV3JSobq3mYVl4sswo3Cg4_HqnbP4UO_Nj1yYZYsTSoyUon8D9M4m9n0GewPTfFY9P0YBGdqetXw20mRR1FzuDVI2ey8isqDoe2pDDrRwZsZi0hk_ke6Cw1hMbvne6KPTWeltjmFLrV7kVbWO1rk-CeXxVm2FeJ29PjoXM0VlS6Rp1A02Cy57e83BDLrU3aCIr6dcrswVfii2oAbR81HQRn6U_KGsQgKruZbxKhP_K6xXKrylwm0d6Ss5CztX-wAS-sPwFE6nOGCWI_119nDErB9S38QGiAPaib48s3ipafpc6zo19vM1SJ_pYLWdQi5DdmdVzmARe2UJTnIMJJOdov_iYPupdCmTt__fTPtKQzFcHCHZcrHXSbQ58xgBI8UFIM3uPK3BYL-3CWQ0&cid=CAQSYQAvHhf_sxbIP2hcNbRsfWqOBGwOEtaEVJhNT15zXqBqYuBHdWncKeoAyZ0id75_Sv_EOSGcgtL5W5TTa4e_GRfg0YyWs0VRxR-_WqXBg3I9Q3HlqOxyiLasFhpWNKy2YEoYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.foreks.com%2F&ds=l&xdt=1&iif=1&cor=7082408291830103000&adk=4188270524&idt=63&cac=0&dtd=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1bd3b6a69b7209a0e5a098232952d82330bfda85d1f2ade0d94977f568c6df50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13634
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 367 KB
126 KB 49ms
21ms Script
text/javascript 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19730

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dac9ce6b163b009d3fae39abc37e728afa2476e5dd0b5e5ac9480a9969fbbe6f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 128925
x-xss-protection: 0
expires: Mon, 08 Jan 2024 18:59:02 GMT

GET
H2 200 NoktaPlayer.js Show response
c1.imgiz.com/player_others/html5/ 400 KB
129 KB 70ms
68ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=1/8/2024
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19730
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 1d25b0cefe19cbd5e63464228a187e334112cafd107904271f9ab5fffc52a455

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:02 GMT
content-encoding: gzip
last-modified: Thu, 28 Dec 2023 20:17:08 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Mon, 15 Jan 2024 18:59:02 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/ Frame 2048 403 KB
136 KB 122ms
120ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

75c9ea2b36d56f9232f57780e574ab51743af90f0100e67e33320e5f97a81754

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 139425
x-xss-protection: 0
server: cafe
etag: 8583175734670947297
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:02 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame AFD9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1

43 B
732 B

30ms
28ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKv65gIQm-jrAhjb8sP_ATAB&v=APEucNX1fTT2T4p2TKpQPyupCX86Isqb9QBty4EuZDSuHTznoBkuOaGZuTjOLuMjpFIVcHA3GH8eE427STerd5E3KqIQ4OQHX-2hjufjwfh_bN3uHjdTV9t22iHpUTDWwUZWEl3WLi2wq09mS2RmyUYadCMfVK3xtoBvC2eGQD7tfx8SuxqZeH0lCaVI-yMRLyE16QssSFj8
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CqPbc1YTrFkqQvx6N9R0l1C0WLVGJrbTgvRgQ5NQcTHYKZPgWOzwHzCTrAtveAmLJWkzLfTvd4yxl2czoIAKLMTvuHsEpxm4EnuXEXVCWAwz1NVHZWvPDqgzVIlb8YjkKydZWKN5J9rsJw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8426ace33d439130-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame AFD9
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZZxF9vmzGPZEtqnBO93HSAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1

43 B
737 B

20ms
20ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKv65gIQm-jrAhjb8sP_ATAB&v=APEucNX1fTT2T4p2TKpQPyupCX86Isqb9QBty4EuZDSuHTznoBkuOaGZuTjOLuMjpFIVcHA3GH8eE427STerd5E3KqIQ4OQHX-2hjufjwfh_bN3uHjdTV9t22iHpUTDWwUZWEl3WLi2wq09mS2RmyUYadCMfVK3xtoBvC2eGQD7tfx8SuxqZeH0lCaVI-yMRLyE16QssSFj8
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A8PHtF2EyXXqJCrAMMkY7yDT3R6wL8Laq6Gwp5HvkaOnmYbswdyg6Le%2FnhT9weZEIbFk%2BcAO9uHk9rrzScQKL%2Bx7%2FHVRHVz5S5pei3YUBlyIRHSXYEGbQyH48q8lGLV7EKTUCwHkrVhBYA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8426ace35d669130-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6rJD4wQi22ubeOOgn0p6w&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame AFD9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEAt0tB-mXb_DG5b-Ho_s6f4&google_cver=1

43 B
1009 B

14ms
13ms

Image
image/gif

185.89.211.116
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEAt0tB-mXb_DG5b-Ho_s6f4&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKv65gIQm-jrAhjb8sP_ATAB&v=APEucNX1fTT2T4p2TKpQPyupCX86Isqb9QBty4EuZDSuHTznoBkuOaGZuTjOLuMjpFIVcHA3GH8eE427STerd5E3KqIQ4OQHX-2hjufjwfh_bN3uHjdTV9t22iHpUTDWwUZWEl3WLi2wq09mS2RmyUYadCMfVK3xtoBvC2eGQD7tfx8SuxqZeH0lCaVI-yMRLyE16QssSFj8

Protocol

Server

185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
an-x-request-uuid: 90531a9c-8c05-48f0-9ea9-b4340582454b
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 45.141.152.76; 45.141.152.76; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEAt0tB-mXb_DG5b-Ho_s6f4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AFD9
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTU2Nzk4NjQ2NjUxNTE2NTg4

170 B
188 B

16ms
15ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTU2Nzk4NjQ2NjUxNTE2NTg4

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
an-x-request-uuid: e1091700-a2f6-4ea1-ac2e-e4aacdbe454d
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTU2Nzk4NjQ2NjUxNTE2NTg4
x-proxy-origin: 45.141.152.76; 45.141.152.76; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/ Frame 2D7F 403 KB
136 KB 168ms
168ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

74e60e9c798282bb909e94841f78d2eaff74b790f2b29dc247ca6ba702cf7c40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 139429
x-xss-protection: 0
server: cafe
etag: 7631090626170702898
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:02 GMT

GET
DATA 200
OK truncated
/ Frame 2D7F 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9baf13720db44ebb5e72cf96cc6d74afe1abdee85d66a2a65da8485b366dd046

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0C04 0
20 B 46ms
46ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5227703023212&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0C04 0
20 B 46ms
46ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5227703023212&version=m202309260101&ct=77&x=1&cor=805994000142811300

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0C04 20 KB
13 KB 49ms
49ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C_4--Y-HdNVX-95vJ_2OSuN-2G7hgJ2rh8SKn48OUBVA_o6VPp1vPdkKHXu-oPqwGDebu5VZxxImlj4kDHaSU5MjDYiLxsv-ZKgl8t-aGcZV2a8v-brFxGlNiL2LzvoT9BMIqbqSV2yLSiBeWI5ePg_DEkG9zjQZVv8IXPpWRsxZFk4J4&cry=1&dbm_d=AKAmf-Adz7QPCqQJp8f_nkTyA6Wk-iqxGBPEXXrPta2RXTQg4nsSS3g--17kmXKXIzIO26PtO4lwxCntJlsyhCqBoVxC33ThoxvkhGAqOzuIVbPe3CEkqPPKLxa2agr3O91TzHEfVtwWDhJ1JlAzdCmcqZeI6DkFKX2q7ieMrjE4l_gGTDRD5Ld2mt4gYx212y3eawj8Gg29OS9-7tIu8s1E-ytozmclw2AXrRNbdR2J9yVKe6y16CXxNMLDrOgxZ0_9GcGRVnC_I-5AuQYrvlwkNdSFOS3cPeEaD1GDkKUVnVvcUUkIEDJcm5XFVab3u2Z374lNS21xP8rni9Ts4ssUdBZwgPpINgysC99tTMDEIrbOFDhsQGAFS0Kuq7r_2gVJPBv7AfeiXGpiavhnmlrM16j7rsRaDoyXtUsyeMK6RUKZ5PvklwUwwJkJPRAXR-lnrlOlwlIORWmTfKSupm0xVAuKRf9lD2fnjUQz-LkpQKn2fsTGCwAflZicy0BeYWAykCWX5VTY4EZF3aVsJzrPO9SNHtZy72H1i_9wpxiV916gzE9Cszcy3MLXDv9EJtaxLoZoan7_Qt46JSRAt6ke12xVqJSbzDg_noM9OKEB7W8UXIu-J6oM21vxctjV0-OcIRAO2hkokqHtHBK7hLsVfc-TRkty5P2wDOsYvnBkS7uUV3fhC4NH_s4A2PTdfDfbhmQ7VEVzSf4JcvKOfTPnfwjBIWtTSX2tYRnDSOyNBw1UHXtWjxfG_33lASfNqhhd5d3Wl0Vm6ho6rp4BaHZdQpmEUrfLeovBsaOz3dGiBTW_Wd3mEOzFkNpvo9Z3-L9Psh_SwstFyoWFaqkp8m4EhR1c0rhxVuFYvZbG8k81euSfF9UxCwN-n6DU93h9PREccvyhCjCbSUaobg4N72J_UYkbXp6ZaUWhKrHXBYJb2o2KnWx0lLGOZI5A8dRfDWwvHjJBnPr10ZuzNE7GqWG11JLoKK9tOi4hVYs5eU_NIP1KDOB6Dsbxw-4jDMsbtLJM_t0mu-5NDq17O2EDCc51nCEsTzNfj4eE7_RPQByr3JgGxrj702t6ru98MXMmcIBVLb856ZPZw4kAifk0N8IspBs0xGGqG_hUBwwJFr8XStA3Yo4uaOEKm7Xsl3-SiDFFlz1rYa2Y6sIW2x6bYkVQcbPOmXegjHleVKwlkrTThDTixuJ6yGxyrUps9_2v9q512SwBWIgSzU2zBo_wL6BKHJ26OUN1J1Hzd8jbbakrqoVXwPsQHhL9TDYC0cXT_zQFbD4RkwkeIwPmZIe1zZPlFzZq3eh1v8ajwuVLLXrleoKDDRuYh3VwKhCy7iEM1LWNkANQoqBAFkIpfasA7jVYcbpdv4GtYX5Ag2RrF2XNzDIyHpEpuD68pAvC_Pujxq54keT-CwVsF-6cbWY9Wq_w9uiLrwi895e7BAHtnOZbyy89XG-I_t0NeT0UXBM2lkOuEYY7ksLsLO8wfPJgYP8AHOndQM7sq_gZbjr9vKH_jI5zUohTp9RtRaNiu8s0pfw_VuElirKTHwPulssioHRxf5QRMEHcYWCnkW51cSeiZ_0ZZnZg4oVX5-7AuHqc-zhV8F1z_VrK4gY2KEN5cfFS1OW8V017Xh_xxSjfITpUchsu68avPDy64MIi3NoXyCIdZCqGGNVO6v6amaoRZsKGR2VOyg_QyYNHAeFUWS6vb76l8OvD10Td6s4dYhUXEUBXiQ1EtF4QWvmlY0XECwGtegec9QWojTaAijC_FnRDwlkN5LoZMOnVe-bAW88DNN_CP-sszFS3BYloRmQXu85PoHBMLvUzaFRwVJ6FpygiU7IHbyYiv_T-k6k3FolHzQ54Z3GMi9CPruA3Dddl5uPJagQ7K5Wy2A2vYyJy6SBkKBFg1tYN0qCId2kNyS6frmnGbLaNBWhp9M5z5jE75JtpVs1xD_4fnUp6ci4iEffDW2EiE1SPZEhTgl1wj5fUXr-Z4qXqbxWWFCBmuK0x_PgyYMOIPM4B7s1jXzjZacLF8i6gZzUy_9IPPJsTYYTfIA3w6GuY0khwcr0jH3byINo2209qb83thJ12ZSjGHi8yym1KDybunSaG-Pd7pTKpvfmMKgJoGpyrPbSothCGGL7liHwcbCavE9AJcA9Ze0lXENOzvVahkB59PcJ2FrVOwi1T11wOGWQJ_MTfwERx5y9wTD3lRTBVxRsGxZFXNdW9jALODjkEEqVhm9ddNddt4LpguguMYfNDDERxnKc5bBrwjEKK1uxluQtUDpTQyAomfqzRYH9VI6kzZCQoro8THdeuIzPXrPKag9nKHGI1XblDrha2vc63tjDxXSvgGji1_LRHPcZ74NnCC1UN-f9nksGnUBRdLLmVpFzUsp3P1zd2daR197V7XT0bhvi4D7NEOvDax7Tt2oxtcxjUnV43e_YEXOO5xptemYq2fr2FOYEcGDvTZ_0xLDUM8gC6HoMfWGwywuxUgMHMiK9ppoU7UJIwwLxvXyvDF49T0MqhtnHK0qBVbm23GyGQi-ROCQwspK-kcvQ14NeJY9PRJCbxW4zyvtoX1lWweNOnCP9SQiSs9hx221XqMQknLqLCFcJeA0YsfDlMQ60MuDGYfmD_QEgaP8D46pBmAPPGdHZ9l62e6ToIUeJyE5GAgNIG2Xlk6pZaneVw7fE6tkJGgWctte1-1g0YMK3TAFrbGK0XKEV5p9S5ZcpxJ68fdViP9OnjRBRXZPm0cAL-GRYkKUvi9VIN7tuSuJW7UWzLF4dqmyAZzG-PPQ-WGURtZP_8MK5tgIlZeJo7sdK3QJeIyJnw5FjbCRVmR7wcUAlC9eOgFj1ANbMB6lvQh2PnUDs6IodzTvhvPJWJXfu7taHEH0eTQtnHvClHv8I7AhN4uPEuw-4by4XMfmpmpcacRhJnYEF5jeHWG4i12xKQo5EB0xAKcM1UM3NPbxjcdqfyLOjxdqmqpLTLpQ0l52OqBXJ4KZ3Arls4Z_tRfebDoz02ZvYSbAZdWL59d9KgRDs56p8qgLSmaiwSs7MnjTNcPaBYSzgLw4HbesGZG0OxEeLa9QXhWO_7b8ROtqBgU5XvPA2U1hX3jtHIa44Ajsaa2cCdwoHV7UBQ2PXoyxS2inrBnopAjCedh7PuAkU4rxpsjEK-uVOx926w22D-eZeMwx4ZSBkDZfqFhF5CqhH5wO4YplAGtQc3xrouqwrBIN2pNFt7mXZMBboNK5I0r9aIXImXvazqXMkrqSO-jzQ69eHp3VDyf5bz6kxqDzEKUluPf9MdYliwmOHeAexzyS3EtlMXtYwDJDvcTyZ51bsiyIT8wrbCZ9Dk_1rIvevE0JnC38Zta1nBArl_5S21KIrRb79xTTcocFOkdQMRROdqL2vDxCYSjuoJen2r6RRzGy_KMdDwoXmig265sTHanhSLpXx58tbkM1dLg_tHQbETtJRc-6UI8nsLlh5gF1aJ6uZs2RvP0_gra_QU14u30F9GB3wTiN10eGom1AklYSraVDOCRoVQM68QaSOi8SJhAkoM1XLPE95RR3llQuTubsaTey2VkXY0GujfqNXeiodWEYn2buwoBEkcS0pGFFIk9B68Rym8w0UkMjQ9XSj2WamYYVMTupQowNxTyVbQNVD_s3uBcHnCDlAEWgBxaPSss73EAXB_TcEidDOftWfMdCZt0osSgWJ_HE6giH_m6Z3_SzOF--YdorlO8mKQjqvwfO7o16hw1pxZd0ygEU5ls8yaOf2dAwYtd61fIF7HKumkJq9sNQjt9pgP5qvrr8qPFB1ItPepVhmz5sDtTBXWL6snG8gw0KAu8huLHN5noUjMIen9EFpptnePOvzoEhN9q3Fqk70Rp_x2V3L6EDV6Inv3W3WvfYVUFDNcyLgedicTkLUqM3ZYOy_lt2R-WXF0ULeqbErp_iF5bbGOoOyNf2CpfUDyo_yeXPX97hmZf0mrEBCXBJIPZmE_2CwMqkvcr3DFO6niT13bY4JUSjzfTD6RDGKWK9OLZCY4dBfvOjIzVBGtYvME1ZJntY-yxCiTz4hd2yKxB9_oTDmLhPhsCN485eQ5XXT2ScwsRLGU-jrQrWNw2EuMK_sJhvZYlMwDrDP4VnHtuJTq9Z2M-Udo0lJXA9d6zFVPBvnsjiT4LQ0&cid=CAQSYAAvHhf_G1AThOSRRippFukz4OV98QF_M_-x1OoP4JQ2DrWG28Fq1EkRNB-QnZCt5hDQHy-R8DG_zEvjKUNJq_1COA8ufOi5vQQPkD66X0tivVgK6Cc6HnHx6pUkmS0_vRgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.foreks.com%2F&ds=l&xdt=1&iif=1&cor=805994000142811300&adk=3037181501&idt=123&cac=0&dtd=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

052ae73d2d07d709e4619405b96787c9c793ad1d68775f30cb7a64db9a95bf7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13609
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 2DFE 0
0 46ms
44ms Fetch
image/gif 172.217.23.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsuP45h6KkI7iNXtLD-tsgx_ixjDF7_c7ED2bpfEqSaQPUhDIIby1oh8jaorW7Gi4zTD5MqwN2KQkhcGS8by3n_oT8HiDYiy4GzTom6s6uiG4X62Tis3h2A_AZLTqNl5Pevi5_-6xEZw3x2dbKEYGXElf_g9uNiys2oJpUHuXpfq60OHePwLruxFoXkrAXPVCTa4-Hlp_SFt2z6Nv3UT3CBvm1LGLxzXBQYbd1T-h2ONilYlvfGr03NLgmE-wiuI8HN2jTVG1-VkyN6kQJlWxlkp1czMEurvyLSuVTDGXcqDypenBRsRyzt3nGCkDm7RgoArjNnfy4vYu_zJHBcqeVV7QTafuLyX_zlz5i4Z8FIk3zYLMHvxyWVsSOd2n20w21dN1yqOrrLzh5LINHlr0TaqtxAAwyTWlTW7K-aAXNXE41vg0A86ynzxM3j3temH8tD2X0sckwSZBPaKyscLqYsZk5P8NjnySBixYCHp6fcC6dl4_kRY0xIHsZ2STUYORRNyUZ_TcpwmtIRnVfYLZ5uHekh7PStujiYpFFvMcdBJlgtBn8bGMxqXXKspazNwjUNKUV5iKza4o1R6hodWskI8kzJr7QypnSQOpSt4c69thkmr6khzWjQcpTKltnuHwzc7d0w0psTK84yf08C6sV_Yk55pWvqSsis0UBe3MxYiZjSGwp-bkrXV2CL5AeMQygZ4y3tPilxUbyVVAcrTrDUf6CTr65iiEJ-Z94ngXm_kJbutWCkBiDx6xuMKiqpXUBtG5gzRxtj1eBBSSMvYp7TA41gfEznUSR0AZtDvYWDK8H9sdLp752ikSErEsFRxn4E0daOFrFMSB_sPpfaErLtfXlE068E7ApdSXj1EjpoNg2EANfqqOY9IkqL60LYuSXArievIatQk87CQgAQYPyTJy72cD6WLoN3yTSZSpGeACSnPNfYLIFl1J4pEd1nD6V7Zlwo-pcpmxb5QdapHTfKxI7O8DEQAs54nHTuQj1h_zi02WHcRcF1vux1Tgm5Z-UHan6ppMxWtQjvuuQn515rt49HHch_eDw6WWmb56KvS2D0o-fjbpq4TcHv3-S1e96Jnz5YaRdQjsbDmeOQ_xYlJFoBS2_h5WvQPEuh0v3XuvvEG3qvu36Hz34xKyM6a4qnzMpvzX4oUzBMhCfPltiHWKg4PR89qeypEmGiKE1Kk4fuSb6CzdFDucb_qp4yprxvDSGI_PY7RPrxeW5bK8_fJw7phA9StiMdfD3y6uUNEoVPmk9klB8KLumoE-_E_VLR36aBarTEhPeK24C9_82faeXyBHXKZZPpM0Ycvzb9ARE3zK-k5jfUJjC4fMOJTN9_fxdK30qWPfj74Pn-gGianFyps9r5t7F_eIV4Nafv2Y9Vpuhew_SbmDF49ZGtSTQ3sLmK7ODOGZouKrC8xo57L&sai=AMfl-YSZwp46d1XxvR9gTKuRS55kZ7rCf_E6QW2PUdeo-gYP8vEH-GtnLpYIb_177qS4-lgpu8vSfvC8SKYdZVe-h7srfynz9DqSiOhluSsejPJRJQYGTXPCkWsWjsrEkBOje6McI1iCX15Psj0so7tUgFYLwaaes05SMak-KG7HNl3cvbcuEF2OzvfSqDFMzuadyDHTjCdNnu9wHgwPtNpt8ineoq-rJUVPx1Pj6ENtZ73gfEA7cqjmU7lOFNJJmwXUqsIbFbIMLqJtwec83-T1JyfU7-z88KOKcRjQJ71afdMnvVErcE1ESRxSJoKIE4n8-AoYtzNnVE2MPbr-escca7g7mSCKddiVnjsXnPIlPYNeoDlCD4shasIijcAywh-9n6SuDUxB7hFP0VTyForFio5vG7jACYNRPZbc7tHDg07o0ItAvM7B4Vfsdru9JE9rs3UpAO0FJF94PqXIl-sLhF3rLnybobfZG9r0SHdPRGnjP-RhmUVXr3PXd5uXs7m9S9jdpEBCQtrFYTudZ8uF51ESetFsEAbFm9rCwnwaHgqNKIW2Ogoyd17x27WrVeP9bgNxokcAydIAR8_DSp1evRNhGGgPUNoJoA&sig=Cg0ArKJSzHj6jpg8dRTwEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9ldG9yby5jb20&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=131&vt=11&dtpt=131&dett=2&cstd=0&cisv=r20240103.35691&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 4CAD 0
0 45ms
44ms Fetch
image/gif 172.217.23.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsvEd2pc-_zNwBjYt_NtT35tpZORkNGAeJ9qmvUM3SJtACWAa5YvePYjjs2fnaEKeYHrhkIkDI-KXyhlzw1b8e77nndZZ5VqavSsw5l052motACIApJswDaQKLukcetfOt5gkIem-RykGhDKiMBypEORpruwIdSiF-3AN-NlC6YTBcAhBRyspn94FydsTXKyDJ1QTfEagaXKyV6-m-NDTb6VIRTvNMFPVs02ETlQW1N0kLc8uoI1Suh3OblWshDvVhAlE9qcE4ymtLltvkSQH0qo7ItzdlNrWLHxyWm5zIrCBthZSu-zxbJbGXkhleTGFV8cqrQqej85TrWTdePg3sJECoytuEwikn9pTFSjByQA5wapzjYRc2Um_LHZxKE3IStF4-fNo1S0oYbs7dP9_bYghitSVFyGlHQ5MTOJvzjFL-kPiyP-Em__6b9U2JU696DYpffF2rxjYgXmJr0FOPglM9T7xuyDUNVxICKsQ_BfZk1dJH5AN0v62hRsgHBiP-pAQRYrLK-vTSFsDAjxs8skTMmdFg2fyKcJCgM4fxtWcagrgbCLiBBPcfnTTatHRCowmLo2VPH2sZbmIUpL5j_ghmZmZmzpCz8wDYRUIW3eUZfC5l47MRTuM1xeeeV37sC4FHJcfiQRpUb-ynMMx3tnOceZf24GHsICNp6bJhux7CvQCqLkEmbkN_J-O0TuI9Bo0oINuFaCFEq3TQo2iZR3xaTSxp_bRZylUu304MoXfoDhtzRqT3MyEG-VY9xYm2LOaOy4dUmK5dItCLP0LelJMQrhi5RTjdKoPpd-e71ZvoVpr3fDAtb-oF22RoxRpduMfKxZNGbTOgASvJshQEHk4B-kNfT1rLkl-2gchG1v4aun3Fb2R1F1m4RpoqaP2dNw5Zt7fzxK-1gvJV6yNK4odGmrPtscVNLBJOWVil4FKiHExKdv8HW_5dQ_k6ot4WrBGWkcHhaZb8Kq8tWLWCpH3PgvUSnrDZuG28JJUEORwuhmvm1nGcXiulYE7AhCbRiwoBWryrcVksWDzqoJbSYwLaOXd-fQ7uz4ElseGaQ5gryFQFyNDESSeQcixMn8kFCgb0Hk_6qL1tP9DKi37obuRvEnUNipWAQ3jUjMgaPIxOroSMBjN9-3VRelngQikmlNA28tvKM4bZjFgBI8eob2BHwyABKTUVbWkqUl8IWbh3ZwlqChLkobD9tm9TJei50Zg5pgjPi4YMfbTvzs1HGa7IxyFzQxAaYDYyHxSCxC7SEVEC5F_g1eMfvbsZaOil4ARN-GxZgiALd-avQP7yzS9HXOZ22XZ8QHRfsRkZsetgZ9SrCY-C7FcBNopdC5-tvUXXaSYS0qrFHexoR32ZbiAvZNbyzQAA6Nhn9MNGQXwdsFzLHgmOZQCSBPzrnNFUB2MCLozuYHJntt0WTARUUcu_wngcXsgRhmpZGjzSCwasRCPxVSaMOA&sai=AMfl-YS2gQ0ITKi4WUTwEMLFIwnPaGEQ4q-EH4IJwt5cNLV-kMj76ZiDqJ5wU-DQSBbrCsE0JtaS5RfqBeaOwv-akWzmrlkaB5xGfxDooN8JCAQHuLqnUYAFxPfLi-_b9yWr4h-SJ4ia9Fy73VJM21ocDxxsuvXu8rLElV0fdcgDuu055mucUj4-4RM7f3SmXS6V1XgscdUGaLip8wq9fIlWdJ5FkchEcIsiihsOM0sUQFpmyoOc45WjuL-ATdzOAq7sXIOvfu5545IkAutiJmgQ_pHlfzdnS6OBqncujBrQb1IfWCA5GK1HNU1ukStVQArZWb1RlV5fkNkzzGuCEEJJAbpUlDFrb_zS3O3HkrB8b59uGv3k_r8SEXqSvCR4PkSKXAZtp9dC_Sw0YUeNsqGAUPq7L6zFPwkccFxuxdS0paysiqxeH-J5YJAXI-Ise3oZh8xC6pcsvlmtJkl8qz-P5YKNvXFx6oSOiu3nrzU20KPydtOZ_pNNOPUysCdRUDjI93U7jKfYZ0UWP1B5XnvmJdu9lgPs8gbSSwRkI5wud_ivmbx1Yyf7bQbeNh2Lw8bi5GrALhYzxt8bVdz-yOTzCNvOdDW2d0FaXg&sig=Cg0ArKJSzJ1zBn251_ikEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9ldG9yby5jb20&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=73&vt=11&dtpt=72&dett=2&cstd=0&cisv=r20240103.59248&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 11C6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGi15KxBTxzTKVTLYNmnnls&google_cver=1

43 B
105 B

16ms
15ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGi15KxBTxzTKVTLYNmnnls&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKv65gIQm-jrAhjuypj0ATAB&v=APEucNWSlxjEZ7rwz907NHsCB_XjMW2uVSPSkHL_afiHSEjzja_V0JVkEcx-bFipIPR7OnPMEPRC96YmxqRnzD1nC528GFnAYAJ43kZT4bC8-a5Aez6pLy853Rx_G67QjXOsVOfbfKxmeIA7tun1gaFaNCgC2UGibf6LIT_6UaqquV1U8EgSMNOhAE75F4au8ajwMvN-fi_e
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGi15KxBTxzTKVTLYNmnnls&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 11C6 43 B
210 B 33ms
16ms Image
image/gif 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKv65gIQm-jrAhjuypj0ATAB&v=APEucNWSlxjEZ7rwz907NHsCB_XjMW2uVSPSkHL_afiHSEjzja_V0JVkEcx-bFipIPR7OnPMEPRC96YmxqRnzD1nC528GFnAYAJ43kZT4bC8-a5Aez6pLy853Rx_G67QjXOsVOfbfKxmeIA7tun1gaFaNCgC2UGibf6LIT_6UaqquV1U8EgSMNOhAE75F4au8ajwMvN-fi_e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 11C6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEFzJlDhXzVgrj-5AgsDYAyM&google_cver=1

23 B
163 B

63ms
36ms

Image
image/gif

23.32.185.35
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEFzJlDhXzVgrj-5AgsDYAyM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKv65gIQm-jrAhjuypj0ATAB&v=APEucNWSlxjEZ7rwz907NHsCB_XjMW2uVSPSkHL_afiHSEjzja_V0JVkEcx-bFipIPR7OnPMEPRC96YmxqRnzD1nC528GFnAYAJ43kZT4bC8-a5Aez6pLy853Rx_G67QjXOsVOfbfKxmeIA7tun1gaFaNCgC2UGibf6LIT_6UaqquV1U8EgSMNOhAE75F4au8ajwMvN-fi_e
Protocol: H2
Server: 23.32.185.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-185-35.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Mon, 08 Jan 2024 18:59:02 GMT
pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEFzJlDhXzVgrj-5AgsDYAyM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 11C6 23 B
163 B 83ms
37ms Image
image/gif 23.32.185.35
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKv65gIQm-jrAhjuypj0ATAB&v=APEucNWSlxjEZ7rwz907NHsCB_XjMW2uVSPSkHL_afiHSEjzja_V0JVkEcx-bFipIPR7OnPMEPRC96YmxqRnzD1nC528GFnAYAJ43kZT4bC8-a5Aez6pLy853Rx_G67QjXOsVOfbfKxmeIA7tun1gaFaNCgC2UGibf6LIT_6UaqquV1U8EgSMNOhAE75F4au8ajwMvN-fi_e
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.32.185.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-185-35.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Mon, 08 Jan 2024 18:59:02 GMT
pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 993F 41 KB
14 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AAWcFQSu2FbntuHGUsDCfiwUMU0dgCkm72Xxd5-0jL7uNnVD6r2vw4vK1yLsQkpJ0Ei1DNRH_Npy_wI2yevo64JRbMYtjLScUVwV7qNbtQhT3rhXDF9-0H-_rMek1vFK_aAZ_enl2yRSJpr_SEU1cfRnrCDBOS9rdcPpXaYYTfD2iBkeo&cry=1&dbm_d=AKAmf-AOA80lX4r-4w9WbgZ8JKHquU3HwJrZCRsoQ0N7GAaxpCAD_hrkQEs1ZF_DwK2nuyvTwKuDFNi9DVQ3db74FCtoOPem4F9v12Qc3Gz1z2YnigV6DXGDOiES-51vcKX9A5fMRKf3I0wx_wuWnSWFKNt7F80RX7TiMbIvT3rdpDr4U04WuFVsJICeutS5r9lbRzpZ2dnyfUsBgu7fz-h2slIaw5lHMl2vQUw29NasCFsR9sF-CeHNq2T3xkr49ITdIRoJBm66bwi_KTPsvI62SVY5nPa-WxzWzmPJEPdVaO1UG2q-Cy8Tzycx7f3geOegB6waVCQ495IqvOgs_Ikhi3xyrPeayd4fNXkankA77JNVs1tlTsGiXdDu3nnO3L6-uwe_CCQyXLDj8yMNL05iyS1s4qi_V5SDUmI9CKdqp4qrYSl4X_b7ebV9ddDazRn-SOBdspss4khNyOecqOlvh4HDRdhtASc8WFBLlW87WKWB2wAOCWozc-6EXU3LBtvapBk5QzsImZwUhngApqFnAN8kYKQKYHclRy55LFCt-x1ebrldSaEgg_G9Z3LmzKqTk4DUpnXCfw9TSV5tGQMq7HNmpncd096-fFMjoQC6iP3iDsgDoogv-Dr195wDcB_x2dr9ocmGZFZeMaplEwABxM36FuIaNEycq5vBetzJNNgVA8LyQ1PFGjlJofy06dOHQFo18Dkun4_s08biiHAB7l-YiiW--rv8EbJRcfwBC7vaNHwplyiSe0khgO8pIQgH36iy1AqBEUGfMrTHciI_uUEaoG-nKzO3PQRiUgI7ZO458RxdawmFNvGOAbld_Ske1yEMacer44T4Kvhhnu-6-ol0lg3dNemVdSWaToEckJnpm5oksf9O6EYMzaLnjoN9LqCih9OQDDpI0CdvwtvyShLzDdwYi7kF_WzdYpM4Fk9BH1zPuc7aXMfkD8sxWNsJTqI971PX4U0hLFsG8QGSnSkZVlfexylDKZtIfwN7L_TYuUbUXuS3udZjtjph7OSZ_Xw1pdWTwfkl0JxVJyhBilA6O9nSgg1HE8vPayhmT3PpoIfBsaRqtJ0PllU8l1VMZ9G8XMr2xDTADX5osrbriPCCrmdMBoW0nNcJImCBl7ZGe0N3_l3JxZvIF6SDTvoq3q2AJ8Lmvk-jGSfhUWuixi7kJkcgA95qg9EgzpeV5DZmsziMUfZBj5g0sm1pafbluGLyrgm0zF9CfdXufpx0BL9zG3jBunism4MN30dQ87POf4YyomK0Ol6FEjasqZZDCgnqcK1Ai5dsoWdqcKVPr1qZdenV4p-7cQdie2NoMdk4KyEyJYfgELLSno1zhz_ouDzBCVno-JnNHgdIy8Ia_OYjdRY-O_LN09zETOtUWYxuZZJlEd0ls_puBOQ5-gog97hoAU-EhfKJcuzDxBfINM7y6eEQeH_60f203S4pJ6pz_OWQ2hufqIX9bU0QuEzi9MUzm69Yn4V6lMHtKBUz60klzX1ZG5VfP9gWh2-tswLPdwDkP1uRJFt4TBaPOGHflTi6BpYoa22dGU57qbRwLdEFBLkAokeh4OD2eQXSxfO_7DFr3lRLCoK6XYsvVM3x97xUatzR-rNBfOlc6GTwe61DdA-1YoNcqg9dOvMypuZSWkOPalUyXI02UTIjS7dvjtk20C6H9R0qnMB-AD_GkRy8_qZB9W9cQ6AVNbEZx9viH-SULb6mTJVA5i0h3jpG-R6AmREDP-F_5vha-bg4DF9UxQzJ-qG-BwX5ueMRMR1_0RowME9fRYljcOY-5OTq6GA4siGEcm1Eat32e0IKst3sD7dJZpOISGKUKESQIKObmfmdpCls8Y3yeha7oDHRIOyglQmKomNoQL3HvS63-eTMA-cOMlQKZAf0CkB30_vvDFtUSfX8WG5lskNH6D_jI2qD18aTCb7d7NlWjD32OjKrllUdeXXv9WuUGuGMorBE23UK4YxbGK8JqO7FE3DN25xThxDew1_Id7_RQVCa4jOqFSI9W2Z0kmGvdJoIMoFkdMiGajwMf1R9NsUHikpixfuulEg9YkBMChRMeqSJg1RTSvkbQE1U9EwPAzCxu1CKEyzHUk7YajCUZTNpOfa4l6iMRO3MS8spX7XB8ObkGygOVzPdsSw2MW0Gcg7F0oth4mDiXHpCCcrCGCykNJaDk0f67YCJzFHAXIXRJ1N-sOLPHAlfCpF-Ap2v8MaJLyElngwSEx-uI1vO2KOutN4oK1jChSyrmVDAv3n2PDMWgWGQ2dwcMghtwVhRegMiOi7Z5PA3jMdnGZSoRoavOsWWfeW9RS0s-lvARHFp5yxci9S21BZ4c-oHiTVeTKg8ETgPBL8RVKARFqpvNPTqJL6o53qOfTisSpr3nF9N6Oajsj97gjQbxCX6E74c4CCY5qN2CYvPx-kY9-uXptAQHkvrZQTCVTEoZIDei7xCnN6aVbN5FyqkSiFYGW4NEyHOX5iUmv88R2DU0QVNZPD28o3AgsoqNaO_8IfEafXwlGRm1zudZ9crjuSnH7J4l1o640qD7KSocKdiqVe-nnLQ530jWcOY7JG0h4IW3ya6Z8ZRKnDwqYIQ1TI7DSTyz-J5_B3wNIYjRVrQ6mmnkPnvp4RogDvIC7RzjunB7LrkTgZSAp156ORnD_OtSEbT5vFUpo_nXPqCx_Ct8ybfYXXAiUze-BH7XI6d30ttV7PzssrWcLJKBr8-H6aiQ6_mL5XNFUxXNPHGK9iy23U-fFbg7ng-LOU5Z7K0S5M7ZKHwnihk30P4ubBvVTuQJi_c2FtvLYLuhZEhQa8eXyjfsDBw5vYhDZR22J5SGlDj4eIeYyYBODkjZFQ0SKemukvAxjycyivj1r144n4aI8Pj8YPjvfOYyvr4cA4zqiR5beYoU2V2RE05P7qwlXRZj2JKpI8jNzE830sB_ywtSCRwW_y0W-n5SETnnm2mR6T4RVivKEyp-wnFhCa8w0E6faWM7KkbNn_iGkuOpNv46eMWYqy5tzcLGod4X7ndEGbB7HWtXhB3VVTdu2dIJI3ZoqAUhm6aafDHOlKBAdIDsVJt4_dpYDw_YfeKUaa5m3BZ3uIyeoRUIY5epYHIsnxxzM5IR1cKOg8dy9Fm742tABZ0Ewy2dejuggXqjwT7QSjoCkcTIJDvH2ubbgGvPC47Xd9DOoMzDQVOYlDMMBmUFyPSelZiCvjU1Pfpzr-lDn9yF0Gc9lfKkJu02tPYS4QckzXSX61yFmpbGLIs4WUyIFy3Pl-n_OEkq0iSNPeDKL722d_t7myk8iexYYtGyb_1awgwNfloQ0mwzChP0T2cY7CY14XHQO1TARdACYChL5xoxoR5btSp_TasplolQVJbvjGqPgWTRdozLm15rL-Di9S6-Y19fEKSXa7HxjZuT2bRpKBIH-wF0yrjcLf1ugqAkMlHkTuTYET8L75tw-x6EciKs6GOQraZqVRY3uXoJe9oKaaaphtcXxznmkR4-Llcrb26lcmQEahYwtJ-qQan3s619c6M_DLydQ5pQ0kid4zlzraKGAs-aJuYXC53B4D9S-xPSAnNTV7mY25_jkaKT3pcU8jQH-0x-2cFdSOWiC42RTFSe8xeApQKyao3ZHqT55zKPSYL7hY1q6SRAeTjEnzSWssZRmPa3MnsLHy2jELpdxWCGpPLrk7NPj3lDkWzeNXnNwPF28fu1Ewm03Fvpm366SIGJFE4C8SHwg43BT0S4xl-3S8tyG5y2sgvaXs15qwbyutxO897u2ydBM2CXKkIfAUy7hnKjQyxtjBnT35ph1VvsHolaa--uf5zZyA2lIiP3cYLOcAdxf0bbGsu8tzV7PJnjoHPDYUjOp_lk_Vk4xsBU5ZsW2ozA3DyQXu3yKox3kBr8_kcsTVo-o27KswcB738OUtrC9RtJGaH4PPFmh2U_bDPEK38sFVLprAdIuyZK8m7mN_IJYU9_nQW4HLtgJ-CppUZrSecq1ksr1FsyLS96YCL74wg-P3-ckmrADzlJeExC2LDzqUSlMCGicBz1N3WbzfStesmV_-hB4QjmkHPJE5m_99amnigQUrpTRg76DDd-IenOZGg81eYiygruC3BOg2hecslJtM5ZQ6aopoYS8ElhcGt5NOFRCljRzEsc1lf-BOjDG2sEk8&cid=CAQSYAAvHhf_xyUR0Yx_g7oaoMy46rce8HR5f1ftI0yqsagItMz-rz_9e1tD53FN0mf0fMDRFf_6-3lHNue1tagaarDnmIlwkuFOv9s7-CLyFsmnWwNQ3QbNCJy6F-Dpf0IBKhgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.foreks.com%2F&ds=l&xdt=1&iif=1&cor=8173984081397032000&adk=3944675603&idt=95&cac=0&dtd=4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 262434
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jan 2025 18:05:08 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwNDc0MDM0MjIwOTE0MAogIHNlcnZlcl9pcDogMTQ2NTMxMDY0CiAgcHJvY2Vzc19pZDogNjIxMjgyMTkxCn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDExODY4OTQz...
ad.doubleclick.net/ddm/activity/ Frame 993F 0
595 B 45ms
44ms Image
image/png 172.217.23.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwNDc0MDM0MjIwOTE0MAogIHNlcnZlcl9pcDogMTQ2NTMxMDY0CiAgcHJvY2Vzc19pZDogNjIxMjgyMTkxCn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDExODY4OTQzCmFkdmVydGlzZXJfZG9tYWluOiAiaHR0cHM6Ly9yZWRpbnRlbGxpZ2VuY2UubmV0Igp4ZmFfYXR0cmlidXRpb25faW50ZXJhY3Rpb25fdHlwZTogVklFVwppbXByZXNzaW9uX3ByaW9yaXR5OiAwCmltcHJlc3Npb25fZXhwaXJ5X2luX2RheXM6IDMwCmV2ZW50X2ltcHJlc3Npb25faWQ6IDEzOTIxMTE5OTAzMTQwNTY1NDE4CmRlYnVnX2tleTogOTU0Mzg1NjE3NTEwMzMxNzkwMQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QUk9EVUNUX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIjIwMjQtMDEtMDgiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQ09ORklHX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxMTg2ODk0MwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9DT1JFX1BMQVRGT1JNX1NFUlZJQ0UKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBVEZPUk1fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9RVUVSWV9DT1VOVFJZCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIlVTIgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFDRU1FTlRfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMzMjE3NTg5OQogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQURWRVJUSVNFUl9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogODc4MjQzNjk2CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19MSU5FX0lURU1fSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDE2NjYwMTQyMDYzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19DUkVBVElWRV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogNDE2MjA3MDY3CiAgfQp9CmFyY2hldHlwZV9pZDogMTIKYXJjaGV0eXBlX2lkOiAxMwphcmNoZXR5cGVfaWQ6IDE0CmFyY2hldHlwZV9pZDogMTUKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL3JlZGludGVsbGlnZW5jZS5uZXQiCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9kZWJ1Z2NvbnZlcnNpb25kb21haW4xLmNvbSIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2RlYnVnY29udmVyc2lvbmRvbWFpbjIuY29tIgppbXByZXNzaW9uX2V2ZW50X3JlcG9ydGluZ193aW5kb3dfZGF5czogNApicm93c2VyX2F0dHJpYnV0aW9uX2FwaV9yZXF1ZXN0X3Byb2Nlc3NpbmdfYml0czogNzM4MTk3NTA0Cg

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0x861adbe195ab2ce40000000000000000","13":"0x44539e90e6e389440000000000000000","14":"0xc4971f004aff5730000000000000000","15":"0xce03adf85e040b010000000000000000"},"debug_key":"9543856175103317901","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"21":[],"8":["11868943"]},"priority":"0","source_event_id":"13921119903140565418"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 9A73 41 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BOokQA-Dse79Aae9QKmneMTjaRohW-atrH9yilpXmuQC0i9t7G7xtZvjRTCSswz9gl6IX1A7Ad5hUMNH6QZABKDHkjMVhZF4hKdUuCzeW-7UUAo1UfeUiF2CrT56BWnNCH-UD4bBlaY0E28-3sCG0jyXumb4g2S6FLCGrnpib-ByiQzDE&cry=1&dbm_d=AKAmf-CMu-Eky1N8UZH7Y1bAWLdzfimKkYb4yTaI3WjSzuxd1R4GI5aFB27qiF6-o_4pFgZYrhqOUBQ_Ioty6fznTJbgD9xYV7--3Acy59Sh-0zroY8H8G1bqufO1oMXG1x8dolE2TFpP1-yOQnxGuAaIhJocOm9E3ycMYeLIHDu7AiJufUT4e_mInn1PVHEKYG48LUj8PI1YbLsHXk7RF_TraJj-ZgkgOFHW8hMK5hfi-tjlM9qiupSd2FRD76_h2RcyySVjt_VfkUcl6aEooQpNg5F3RV8Du8G2EQofVjM_D_Mw2iv4Bu62eQYBgrHt9guVuwqOJyxua_dR7jaUXTIaUWFqUhtC54T-X1jh4REvd67SjqytyOY_teo1xNbqJK1lL3sYnV3kwAC787GABMIbTBgZZz9E6cR0unnSHN-hgc04UdD26n7aG1_O2iNcOAF0TCbxF4MgokhP0bMod9OLr4jEUQCjeejYlOahuozN1YLtRHD4AEnN4bBdyRHE1JId5oGPcX6OC7GN6-Q97L2Ry_8ACeMBvSj-bPnlbYoXx4qEW6jqwfuCEJryKjYckMHM8joW0UCqOx_vigxVZydJ6vLagp9DKrDy4_DjoGjr--0al3C9HXKy87bg_7gaUJPkrinLpnHL9voQaIJou92Yn1lEx9FblhvKi1miSNVNxF_gRIzHAqFHZAKo6OqPpteovxbJW9nsn6bAZh1kH3hXO5jFZg3CThUXIuAME4LrSZzFFWt0NddDZjDhLBGNLr1NeIRu2zkZSI8FudX3WuvbS3Stbliw1tfjRN1_PPucq0W0yC8G9x_J6ZD2Qf6bilcc1fheRNnHlBolYrEH1fSfe8-Qpht6a8LM3LdX3a5Fx-7elLPTTFgtVsSJObB-DMBwVZsrUo_GmQOBVLQdzsMTXGGOej2hjrtAMfY_hzRaVPl9iJXHoWvUwWYbLzOmAog6eTxQv099H-Zxm2gNrq7zoDXtWnQbTLPFf0ACS7H720c13AjMCWQREtRLhOiyqPKD8g8WwsRu90k7mcMLfHVArvCUrZdxaYLdo9TalPtwYpwF-53GQPQS_rGIzar72LLGq3utT9wHpEJFPM8IsoZx9bQdBBuLsqXjvWZdA0VK6cdraUhYq7GjAQEpTj05E0uY6Oon0LO8O2IzoznigKVrEbbOBwZRvmill29f-wK5grczw6efdTOnqq2U1Hic3lIwY84lmd8e1V-uqCatmzQSBt08jLefsxvOPUWeJKwm_y85MEwcgPhKv4Wg7QyWlbONv5EJ5rpiG9mARxDJpkF-wBNEz-2uEEDlTJkUN-NoVzxkMPNzVoX2hQ2p1rEnQbNtK4sRLvg4-6-YtnOWXoQXMrhvVG6etcjZWuAxfXCVmVeuYgjx4oCDsIvhtU68Q0oU2kjC8mreYu4W6RF4QmSazWgw_faTKEo9Gf_GCOVoKiQjwUTk8_Wuoeksdu4biktbgq2dOgdvR4gjAT7FIOmj8eC-IXx_kKo3vBvb6xdorVSAv34rn9GxVTi6GLbD3rUL-8dnnvhYlOvos0EvRvjFGNNu8utGlyzSDGRF2zVtyC6bXugaZGH9Co8ZEsk0xn3ESgXoWIcSPdxbBiX2-hvrsTfn19-jhadbwwytsEY4vjE5Xomf7bkO73pD1c_VCmKMDt1-nosKBcBkfBRZJ-TMCuXxK4WOxZo-LeXfYJ1RznO2bXwxCaZHmNWud32cPQcgqhihO-eJKLaE8fM4UCKXOxsXdPVQdjTIpMZy3KxtlF0xBbBEteEYPN821_iCz9rNwCk8rQJBiiiE4SGRK86u4LhEbP8b5GiKj1VCMHwA1sO9zyeJHrwIsCMFqNgq3H0QLpD5A6t-f_3uopSEtMAdc6h5xgj-GBazOvRCa_y0a8yyOnOtjzfc_L5l8CY_83LhvXYJcqqqPT9xgstCOQnvYaExarrqG3iAg6QEVxwH1V1bcXxxm-7FqjQiQZxWO4gkWwE9irOIpOWrfSPrQl6RTc0oy6f31kfygppHZ6xYVhixG4loG_PL2v74oX3-q-hfDb-HBXC_TGfRJzOh4ih5U4yhXe25q9pWomQ1dy28sddm5Hp_yCU4c_Xzk8MN-_WoYOlv0zhtrtlFoKaFNRzivM3pylV9v6CDC24hbMJOR5ACe4JU-bcZ8Tk23Dcp_6ARm1aoVc2JToLa46qKRDJxKDlUfOVzHYr2Kt-rvRMUCeDJq8lDlql2LBJqndynksmOTRs-aC1C_tbtyHPrZg0bvtFn8FcaonlBTgaAEQmIknjHiniGzbDU6JjCD91xwlz6ZxFdy4g_w0PwTA891mkLn06K3-2Xh--mitvhr4nNg6MSlyTeFkKTAnIZkzhIVlX4KdR2py3zglkErnwHFH-vpI6s2T9ZQ8L5LnDLNzrULnip9tbO3LD12ilz4iUxiCN9L3MPKOQZ2zCbFMCompSgcNfvAp5YwBv-Df516U7G6tdf_rBZ1uAzym11WWiHe6eqfUW800IEXdn-gSnXjsvWQsX71Mc6Y5lq3P1vyScFtJfBxuvl38v365rWppDgSYbVa1sriliAi8BIeAK7EwT3Gni7_JLUqgwWAIby42HnjBdZxu-fAPD96FJVPwUKI-VLNRjzpwXNXR5iHxb9CDaezv5oY1O0GI4_WGzsMQQQ_TnzwjgJyZXJkTTqVek9vBHzLXBteZOpVcvFXTFGKJ6U-nVlloC00eE2u7_UbHqSSSWn-pQWaIQXYDzeUccxKuF_7LSq31QjJVIo7kplrVCbf1N-3T8MUTOXxgmwz2w4q4bgfNMg5t4v5Z_aWwjPqSZS6n5HVZJ71hXlSlHEeHrGnWaCpH6NE9b8KoQ1ZwwfrXeS0X6FwKP0WOZLlxXjx9siedeMNLeh6maPbCRLc-Gtt-uEc5oAh7tw3yI6Lyg5m_DCBWUMVTOXLAy-vBSS9i6Edi0Q6wjrSbGesyc3vfb3HY0G3Ae3VnvxXvrLUKnR-uJUTkfQjmJjZpr4wlprTppguyoe_L2IVnMm7-voUfqMvGv71WQM3qkr2w5WABqYTmy5lAI9Pk23UtcQPOywvdkXQ6tpUGdcoRI_moqBiz4t6mc_gw-ZymPzttaRooREwpY8kusdTbvaPYQ09HjXSjXtReVif6eIE5gbYBZ523vmHYNVCEFinnepmq8yquY1i9MoYcLiah_LxlAaig643FqGg7oGhGgV7wlFmfsyeJhmHKHOPp1bJOUWOtifqoZjQvM9shZ3FJJ6ggdDh2TAU_7P3N3XRk2iqZdzx5GWHXlIz_cO5b0Up4fVAyJd9VwgFUpzGVw7AeGVYNP2skJBy7ydEB9xs2ipyrQgL1ZwS6y5p4zebDkIu-x107TMlaU-kqZpS9obaLGStInpmvuz4PH0rxiuI_dSMb0Vgq8lzBl6SVrcfR-XB1ukaYHPeYR-KUdSe186zJumbXTn9Zko7KSPw2O5QNGsP9HxR_Yv9AH4x5JFUw91YjdwwL9bld3hco2l3U_yr0A81uW8I62dWaxnxcSiwsvz0qi3O1oYdt3Ot9VfVerb9b4RvCH9XUZRQFgMG9ow2HKLX8NOutUo3EfrFlT_7q3bTfLQPdj8KSa2ZrtdN12WmLLvS-TRb90M_UBOHOSp-N-tVrrSSsiCu9G1J8IbBvqZDnzz06fDUY4aJFjQeos9Ift1FQPSElWVVN02oiFroc-ugs6btCvl9_ltfyKvj4cGaRhr3rvAPDlN_P5dNhL83fx3DzJA7O1cYl22ERDYKUrEKf-MR1cPeSf1idka9TJgpcSvQd3cT9wL9GMJsteOgjOtLg9ohRTea3r_0YQso5bLpUPa9SZbWlfD50SUFWIYYZ5hV54eGsBjvUpns6yXajFTBGLXIhPGdxARgFAZDL1SRdOy6xMDUnd01KfSDVUqGj8K95TpD8SH2aZ97LzjB7yXTD8se9DR0I966qjTpqKw8FouCWT02RTpmobgdqbE2rMnzA7vrdzGHyOcEENHWuf-7aenimMCHQzPfz3OtwnxBy6U0_hgzd8rz0c4YpA37pMl3tDGeWqSoAAbg6OnN8AmkSSXHSQKItTbbYFPyzPtuL4sd-xQwy9dXzQcAljLQWVtQab1DyOKxlutJhW_wIZ0PIuWc6h-r2aRJHuOao&cid=CAQSYQAvHhf_1sbcyA4O6ivAiKTHmnBMvrb_gimsZ0bWrNOIhWeuFQNG4CiIFJfEV9ek0GJ2M9n_O58GSfge6Iy60or03_XmQDkx-Zud5mAzOIxk63g5KRCFLVJZfk9BalwPggwYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.foreks.com%2F&ds=l&xdt=1&iif=1&cor=14684776273329355000&adk=1033480540&idt=67&cac=0&dtd=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 262434
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jan 2025 18:05:08 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwNDc0MDM0MjIxMzY0MwogIHNlcnZlcl9pcDogMTM5ODAxNzQxCiAgcHJvY2Vzc19pZDogMTA0MDkzMDYyNQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0...
ad.doubleclick.net/ddm/activity/ Frame 9A73 0
507 B 46ms
46ms Image
image/png 172.217.23.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwNDc0MDM0MjIxMzY0MwogIHNlcnZlcl9pcDogMTM5ODAxNzQxCiAgcHJvY2Vzc19pZDogMTA0MDkzMDYyNQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0MwphZHZlcnRpc2VyX2RvbWFpbjogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiAxNzcyMjA2MDIzNjc5ODg0NzQ3NQpkZWJ1Z19rZXk6IDE1MTYwMjE0MDIxNTcwNDkxNjIzCmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiMjAyNC0wMS0wOCIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDExODY4OTQzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0NPUkVfUExBVEZPUk1fU0VSVklDRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFURk9STV9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1FVRVJZX0NPVU5UUlkKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiVVMiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQUNFTUVOVF9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMzMyMTc0ODQwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19BRFZFUlRJU0VSX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA4NzgyNDM2OTYKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMTY2NjAxNDIwNjMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0NSRUFUSVZFX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA0MTYyMDg2MzgKICB9Cn0KYXJjaGV0eXBlX2lkOiAxMgphcmNoZXR5cGVfaWQ6IDEzCmFyY2hldHlwZV9pZDogMTQKYXJjaGV0eXBlX2lkOiAxNQphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2RlYnVnY29udmVyc2lvbmRvbWFpbjEuY29tIgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vZGVidWdjb252ZXJzaW9uZG9tYWluMi5jb20iCmltcHJlc3Npb25fZXZlbnRfcmVwb3J0aW5nX3dpbmRvd19kYXlzOiA0CmJyb3dzZXJfYXR0cmlidXRpb25fYXBpX3JlcXVlc3RfcHJvY2Vzc2luZ19iaXRzOiA3MzgxOTc1MDQK

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0x861adbe195ab2ce40000000000000000","13":"0x44539e90e6e389440000000000000000","14":"0xc4971f004aff5730000000000000000","15":"0x2480a7eb3ffff3fd0000000000000000"},"debug_key":"15160214021570491623","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"21":[],"8":["11868943"]},"priority":"0","source_event_id":"17722060236798847475"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame B149 41 KB
14 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Ah5mTTsBzBiz8hQqgXPVXHadSnUh6R1atnqHWsDkO5YtRc3cfrWBukJycUtFGFSPHNXf1-hJSB7eR1935ojDCeNGGqWTeRDAZph3ek0qZnI7nluVXm_K0JkVAYuFc9VgMTbUpdD8lkuAvhUM2vZ3Gp665-3RaSFBF-ksUkyz26lOs1hSg&cry=1&dbm_d=AKAmf-D7LuGIg2ogo4yPUpsQUF1HL4Ilv4wSGqz-VdEBT9HmGMNIoMWsc56-oJdi-2an4QaUddG377fIRiod81UvWXM4L2tqa_KBipxiOOouTftpuJqT4zXBr3kBhidcO7AbrQCQkhDgFAsdiu4hnnMBubpyKqdrCrnUENfDAtJJ-VeUD0K_I_-f-BfcS_c7OZRqA5xxkRI0Y4tAwfbCtQMgNXFAti5sVlFROxbQYHytosTjHlAkO00m3vd6GlbFWvKPtSMfh2W4ThaqoYb6DVL_Rtpst8BjIJMi_Zt6NRV1nB1UHs-0GlK3sOx4XQoCDlr9PEUpJP_ENgxzqirg7ouGvT77xxrRW5kjICPK1bXemWTmtT2-sf34Ml-xE_3yHiKt8UkDY4fi3WLTIVPbP86Iuv55TjgKfYDRKFfoAkbKzppRsx2_jfiEzVyhVgjS4haPPz2-ARJfZdqNr5AlsEYsu7cW8LomNzIQd4sp3K2lDed1-SukyeIIIHPo7BvG8nUPsygmEy3y3yENdo-04pT4Waq9HH4e3lJ1fxDy-hRRDvrlZ90Uqz-vJBc5vqag-FVn2vbaICOaCIFYdsp2kzp1Y9d2oxaSiwbe-TdxAXL2Jb7Py41UjPqFNSVXA38ZVhRQkqAUImbvoyzUxWl3Vuz0RHyANp5SlcXl2cj7ljoR_P3OWYhPUza96h8A3LIve_jyPe0bPVeeK4F0zWiJ-7CUBoW6lEdczWzpxXY5_SJ8DWNWahq2-x6fqqxww-BwB6RT9DKdHuA5tJfmnK5JRcfRC6ioHiqAJWzzNFhy-Q5ntNjm1naDcfNT04nvVzhygdAZgnT5siuDzQYVqbtDC9STOXpv63HutJUMH4UaF1J0GFolsXBrq1_Y3rSjT1U_5x3BTrhcEzFAPFGtuUjFX-DYmuGKr6bUUP1FbAXafSADt1rfnWCqurC9UdfLIsxDrRP5l-8FkOXghvyAqV2tuLzDHL1O8qhQXplzgu-YAkYbp2IpZnY5FPPnO2wA9kOQ_P9RPB4glTr2M3ARzW1uT3GhUU_iwdpdDONzmIYKXhiC08eUNaC4cVyYIq0SW6XJlJJ3YwXRVboAWKSzbAXV3plfqWDazAPXiUgjpRrReL1T02Q4Jnl-sX8p8mUU-wz-2iswS7jmoaDvqt8TvN5PGNT0L_B3SPgAoP1TOS0c4EN5Xwidt9FCvwpeWuby1tTb4VWYa7E69DqquMx1visjHULgnnDjoytbUukCbNcSSjNSsOodNVNdVDX4QhbNskfdTXUnFR1pfOlTVlsJt1ZvCJZccg3V4PWw-LuqSSRimkWhUWblYo0hSnIrlqulHR96_IDMAlQweo-bNH452LD0eIVxvepbshtFo4xKjx84bPixAqscB6-lFmOeP3RF_QtDrj0o8UvHoeZbpMG3GesfTDmEbQO7Xq48pKU0fl61PsZqIc3DBAt0zzQxJGoi6AeF0mB6MiV_s3Or2ymLRv4Qp0rNyHytYh31JEkXzd1Rb-GMgjvNvd698YvKN76B6UCfI-85gLCz963Y6TkLnkEC3SsDZB6bjAx0wUiBALUfVpkkJqjTlArPrZryVdYvqJCKDJGm8-UuES7BSH_G4ygiH6XXFdAg38zpMsKNN72jksLnQH85oixSOQ-azZqbDDpvy-Gz5NOfwRi1TqJ55rjwcVbwB5OeRBMvr6NqDagY8gKIIzB0olZWyHHTgEtCvyx2poQ057RWtA2ICYB6mZUCnnqqyLjuWnCYfRyBIav13EdbCeAbiA5UdC3tRt86Q2KH4J7xNpWqfyyNmaURXbafCRMz-7aX_pPOKyvDM7PIRgYx-9h-_HwkSXWaH5smQSWAn8WR4obN9h85Gb2M1O-q-NiSjSNmeUzWHstD8RSqp278YfA52EOGxu3XYarI7paTE8G684MKNmLfHD9pA7BRj7vG5dd_Ex_5t3Q1S_EOVOM2d92Ud98Y-fhZlPEahvwqdJrVBjeIaZSA1sqa4Yamouli9MpXNe42ZNW7l92OAlQt5yyb7dQgzR5EIygLTAQG8l4mYwMUs8sUenF2GOUZmH8MwwOktV_Bd4jfGpANvwqihMpzUprSNcW-m6njDq-bSzGan_GqtkhA89vqk7dfOwpUsA5lMRk5tf6ZcmoXCixLMt53ZfQWt48toEmvS1lFhYO9BYq6lc6L_5hVCV4G8MdnNnxCwGHcEVJxkT6Pc4a8o8pOGTm6bYHzTJjDad0rBvjEbLv8s7yJqhJ88HqDWMCnR_8zIDPLkDeJGVAcT33dUO53wupS3xk5XEBx70FiYS4n9Ha2CUxafaTyp2SYxJxet83c1uKwDpB6pZg8Z6K6RrP5EbVh8I0llrGNKLxZLGuPD496JhG5NZPcTMbZoTFhNa5RSi1XOWrIDh9ZOpY12zP_0EiR0Ri-XKNipOXJDwajGHrQ4OLL6OtUVpo2z_CgaG3NoE-3DG3-BGo9cx6GlGcWMtsPbvmRp-celID26iA2tPLoDnMyy5XY47ZvPLpYmT13FT9jclcn33dtNSzy3ygD-nPN_A4AV0pVyAmNK4i6e73mztd8hYugrwQPlWXdmUv7Hl6Csea1HhYthh41Pdd99LdS-KX9rSlh5EWOYTO3jukC67OMmgqBU1tDV_jwoZ1-S7K4WujkxsuHlY_GT4eKuYJtYFPCDtZIL1MSDyk9lYWwkR_xbqiH9otLV1PEG10sQs_6WVC1UiU8cY4GpX5sVFCcnkEUGCqfFoBxRo38ukUSugAuaCByFksAeSH6DN5fwGNqyWVBiZ9w_EBP3qkE7-hzoreaQOXzBDqn_2H27buogK-vnHfHKlSevcaY3kttkuBOeC6wavpqwuH9MzdOmy2sOLmh2PDmdPafLMPKeuGB2hllRTmVACtO6Ai4MgX1DQp8CiL_tPEPSBEf7m5JbPNDDAu-OWNyLVobWciQOT4KlxGa07DY-eIUK8Qshqsh0mioKxJkzh-5AaVI6DuN_1Nat_Y-DMbHs-BIdZxPCkqGR2RCvLoxSWe0FGpYfyT6oay7bGxt5GY6G2mft6X-FYcnVP2J6-kWElK3hVcWBZ7MQ0tokWUukwjWM0MvryTS_WvK37Q6g3kGmU2XM1FPeVW9Ij5RD4G26p0bFCylDCnY8cADhBtlyYDqYCOrA5GC4r7fjNrNHDUB3dvPWyKPM6IXAqaFtni6IFt_iXOaqvJFJgIi_56waKOiyZRHhIbuiZFobLg0VmE5x_5L2fsQwnhSIZml3ePMQUEyCPPl_InjMp9PPJSudIz9nGTIsKrzoHSJya1rpQ6Hp7-9_nttcqo6pUe6A-A2pUcepNKwxcNKt359TfplpgeFBV0ueciXyB3qflhqEmNLmKFmoKgL7huvSELphMc8zy0NhbtVHv46oxEhnIfX_-xYvGkI9af23itw_peAzuvncZVH7nFKZyL76ten7H4pGMoBLQ1CyJtBd3LfqIdr-jts1E8F_JT6zeIziv1eiMLHEe9bRuSnewrxwD1AnEe76M9AVe4O90Ww0h3lxBl-QwpInZDj_3GB6RbMV4fCzfkJrjkYjcqdp5A-S4TN_MbkfDvFDkVghGqFoQTfsChO8Vmo0KwovqL56r01x7CueFY2gh1KPiahspCwzNgkTF-Rk77myLNIbExXrtIm-nOJsfFzAEr0COlvprz8T0wpLHBg8-l9I6pEsN5lawmyOk4U4i91QbpdKZh_SOUBs08b15e0nEbbVbhGFRUqy6ZEu7dV3JSobq3mYVl4sswo3Cg4_HqnbP4UO_Nj1yYZYsTSoyUon8D9M4m9n0GewPTfFY9P0YBGdqetXw20mRR1FzuDVI2ey8isqDoe2pDDrRwZsZi0hk_ke6Cw1hMbvne6KPTWeltjmFLrV7kVbWO1rk-CeXxVm2FeJ29PjoXM0VlS6Rp1A02Cy57e83BDLrU3aCIr6dcrswVfii2oAbR81HQRn6U_KGsQgKruZbxKhP_K6xXKrylwm0d6Ss5CztX-wAS-sPwFE6nOGCWI_119nDErB9S38QGiAPaib48s3ipafpc6zo19vM1SJ_pYLWdQi5DdmdVzmARe2UJTnIMJJOdov_iYPupdCmTt__fTPtKQzFcHCHZcrHXSbQ58xgBI8UFIM3uPK3BYL-3CWQ0&cid=CAQSYQAvHhf_sxbIP2hcNbRsfWqOBGwOEtaEVJhNT15zXqBqYuBHdWncKeoAyZ0id75_Sv_EOSGcgtL5W5TTa4e_GRfg0YyWs0VRxR-_WqXBg3I9Q3HlqOxyiLasFhpWNKy2YEoYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.foreks.com%2F&ds=l&xdt=1&iif=1&cor=7082408291830103000&adk=4188270524&idt=63&cac=0&dtd=4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 262434
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jan 2025 18:05:08 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwNDc0MDM0MjIzOTA0NgogIHNlcnZlcl9pcDogMTM5Nzk4NjIxCiAgcHJvY2Vzc19pZDogNTcxMDQxNTExCn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDExODY4OTQz...
ad.doubleclick.net/ddm/activity/ Frame B149 0
505 B 46ms
45ms Image
image/png 172.217.23.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwNDc0MDM0MjIzOTA0NgogIHNlcnZlcl9pcDogMTM5Nzk4NjIxCiAgcHJvY2Vzc19pZDogNTcxMDQxNTExCn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDExODY4OTQzCmFkdmVydGlzZXJfZG9tYWluOiAiaHR0cHM6Ly9yZWRpbnRlbGxpZ2VuY2UubmV0Igp4ZmFfYXR0cmlidXRpb25faW50ZXJhY3Rpb25fdHlwZTogVklFVwppbXByZXNzaW9uX3ByaW9yaXR5OiAwCmltcHJlc3Npb25fZXhwaXJ5X2luX2RheXM6IDMwCmV2ZW50X2ltcHJlc3Npb25faWQ6IDEwNDEzMjEzODA2MTI5MDY2MjI2CmRlYnVnX2tleTogNDgzMDQ3NDE3NjkyODAxNjE0MgppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QUk9EVUNUX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIjIwMjQtMDEtMDgiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQ09ORklHX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxMTg2ODk0MwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9DT1JFX1BMQVRGT1JNX1NFUlZJQ0UKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBVEZPUk1fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9RVUVSWV9DT1VOVFJZCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIlVTIgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFDRU1FTlRfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMzMjE3NDg0MAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQURWRVJUSVNFUl9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogODc4MjQzNjk2CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19MSU5FX0lURU1fSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDE2NjYwMTQyMDYzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19DUkVBVElWRV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogNDE2MjA4NjM4CiAgfQp9CmFyY2hldHlwZV9pZDogMTIKYXJjaGV0eXBlX2lkOiAxMwphcmNoZXR5cGVfaWQ6IDE0CmFyY2hldHlwZV9pZDogMTUKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL3JlZGludGVsbGlnZW5jZS5uZXQiCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9kZWJ1Z2NvbnZlcnNpb25kb21haW4xLmNvbSIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2RlYnVnY29udmVyc2lvbmRvbWFpbjIuY29tIgppbXByZXNzaW9uX2V2ZW50X3JlcG9ydGluZ193aW5kb3dfZGF5czogNApicm93c2VyX2F0dHJpYnV0aW9uX2FwaV9yZXF1ZXN0X3Byb2Nlc3NpbmdfYml0czogNzM4MTk3NTA0Cg

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0x861adbe195ab2ce40000000000000000","13":"0x44539e90e6e389440000000000000000","14":"0xc4971f004aff5730000000000000000","15":"0x2480a7eb3ffff3fd0000000000000000"},"debug_key":"4830474176928016142","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"21":[],"8":["11868943"]},"priority":"0","source_event_id":"10413213806129066226"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 2DFE 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 021adbd6ead5fe4d28c4ce39ce88107135cb2ff63f38f0e01f3f86251fc40da3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame F9D7 38 KB
13 KB 8ms
8ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 551624
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 02 Jan 2024 09:45:18 GMT
expires: Wed, 01 Jan 2025 09:45:18 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK iju9wczm8trb Show response
hal9000.redintelligence.net/zone/ Frame 993F 12 KB
4 KB 48ms
13ms Script
text/html 78.46.111.106
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/iju9wczm8trb?subid=&gdpr=&gdpr_consent=&rnd=1704740341495513&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCxP669UWcZZmfHvv_1PIP6Yi2sAKm5b2gaa2VnKfJD_AuEAEgwLKCa2CV4pCCoAfIAQmpAoDLVB9FabI-qAMByAObBKoEmgJP0C3LpfUJMNWJgu7rKy-0XJLdP2R3l1q3Qfjf208J1fuPLEzNPIA8ISqlCs0ozKVtmoRck0CV07buVmpD1PJ_f-H5VByNzLz11g4cAAocO9ZfSlhYKOoqGWVnBXc37VGqXvYmzs_L6A9uEYjW-Bo0rXgl6aKyjGaCyYrGJef07Lmce598qDfIRuNs7K0Gqf90HV9KthaprvbQ2df1qLrZdQrGq78IdKUki1MwqXF7WPWMYC0zBJ55H-oy2ZAvVqTHVHLnJLubhE-1_n6RVA0oqv6v9Kv8NjShz6RViWTEv7X0aJZHOtqlKYS1WdTkAsKbgrLkxRe_TnIJDvjrAYQJ6Jt--Y-1bi4Kt54tercRsnKs9z7rLQT8BDnABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHTICqgI6AoBASL39wTpY7M3y07zOgwOACgOYCwHICwGADAGiDAgqBgoEu7uxAqoNAkRF4g0TCIr88tO8zoMDFfs_VQgdaYQNJrATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSYAAvHhf_xyUR0Yx_g7oaoMy46rce8HR5f1ftI0yqsagItMz-rz_9e1tD53FN0mf0fMDRFf_6-3lHNue1tagaarDnmIlwkuFOv9s7-CLyFsmnWwNQ3QbNCJy6F-Dpf0IBKhgB%26sig%3DAOD64_3Gia6VDXQkQgAVZ4mK4lxRN54TYg%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-BDmBryLq8JkjDWTjQFCJ9jP8upn2_lLEgfMi3OeS2g4qYFJeNCAvl3gzqCPMRpfK9eDCLvyMDGlURuLllmTSyMU6Q3poD04rprp_GJA5RzSYPjzE4R9uebzLO49KkL0QAVAq5rIrV_p80ep6TEoyqpHHh2Avrnn4pZ_i_50M2x6YJrp3I%26cry%3D1%26dbm_d%3DAKAmf-DHIUu5ZCbf-7SBqOjKiYLMZqjzAbRwEfmpgu-2dO_A13c7Nic6PiGHwl46gF0pW9A3OJnzngO9XTtZu7ANtwLQD5WgQ8FrBaNgUXxnGDEcZbq1inLVhVzcZcjUM370ty-3sqgJHVL6OvOcyAOlrkYqlBLNzMFi6hMg6M3ok_A-uPPkg7nHKrCnmq_uYpEyQU8Ah2T8G0bbscl2jOnPvYHoiFHrLaDousDV_7vqYbwr99xlGsrMSsfBoFljfE9eDopOLX0OtJoP4BMKMr-yYo4kdlWLw_Kf0M9RQjEJLjMVpXlsFGXxtS6DFIzrlgo-PxBcO_48OybX1xv02_AXGoN_avFlurBs8s5mCwj8Kz8Kq4K5gw_75BtuJH_yFIQxxwK6ekGxKRgEYXJuA1HvGBQtnWhP0R3Hm7vuiABtdT27evogP0WiY7Sr2mFP7myzfCwSD2ikKHEC5v-zRgimM4NzPIW1o9dQdK2CDnngDncddJLiQITQSs8Zp1QTN6c-zrPnf4A00njjNjYtUqoJgIDNjgIJnV_zoqwP7O2xHkDGT2HZNn4%26adurl%3D
Requested by: Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.111.106 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.106.111.46.78.clients.your-server.de
Software: Apache /
Resource Hash: c1aa15db788be06cbfeb0f5d202cd182daddd236c39e2ac5988a8edd517450a6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 08 Jan 2024 18:59:02 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4251
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame 9A73 12 KB
4 KB 48ms
13ms Script
text/html 78.46.111.106
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1704740341501570&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCfQgx9UWcZcLOHuXK1PIPpKO3yAKm5b2gaYWVnKfJD_AuEAEgwLKCa2CV4pCCoAfIAQmpAoDLVB9FabI-qAMByAObBKoElgJP0DGAq0mfz0BzMJBdZXiC8TRfWJ0o6f2uVU3Ouo7A0XkhuctCvYIR-Gmy4QA3L7ut1VR2fQv_i_OdHqwMi3SMpivyqqSfcDXQcQvV-Pc0RH3XHXC3KfR4_E2C59Bmtx51EKzqIGBb1tSK4EkXUhgaSpz8RuJfkKIpnsTKRLN3rBmA1xsqnBfz17-URhc2u1V9mZXbHAzglyUQwCW4XkBv4QzD9fo8fNRkdvoNDwGdPvfCyi4IHnd4bZwZJmArslU84Wz830HaPVVkcCd0namxMnJxxD9khsHeXUkfb2GHxqNG_ureezniBB_4nugZFH9Nrlgpkl5iAOLUPJFhsW9UryM_8CwaI69XMNmgB8gwJP-389-y-cAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOlio8_LTvM6DA4AKA5gLAcgLAYAMAaIMDCoKCgisurECu7uxAqoNAkRF4g0TCPSm89O8zoMDFWUlVQgdpNENKbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSYQAvHhf_1sbcyA4O6ivAiKTHmnBMvrb_gimsZ0bWrNOIhWeuFQNG4CiIFJfEV9ek0GJ2M9n_O58GSfge6Iy60or03_XmQDkx-Zud5mAzOIxk63g5KRCFLVJZfk9BalwPggwYAQ%26sig%3DAOD64_2nVpw1Zw1zuW6fy_B9n1lGqlvAsw%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-C6v-kG3LH80ojA415fXEhe6U0dvfnuM07IkhMvj6ongeJ8DfOfrLFkE1LcYEgrLK9zyOkVzr_EFjxcg6fyQ4FCw8oCKLVXE9H3ufnzsTEoMX_HoPMlNkHE0twlFvmKDqY4A2-xFOdaPpDFMYkGo0_x34V4Qmi0TRw9CUNG8L6no_CydGs%26cry%3D1%26dbm_d%3DAKAmf-Czx6Kv26XDH-eHMvsqCMHq_VP9ZkFTshHzNRVnoQbsI3O6ZoUuJlf-qUP9fo8rRAZ6ly5ZD7EUIeE71nnLcsPsY0WKHGBnug5yNcCi5uoSsXmEr20Ia4s0MUAN-Mq2k9f--KLtxyazMvXyWw_7SRw7VklsJFFAeuaW7vKE1qfPaTJJTOq9C9gvqjKuSr4cE_gxm_KR74AGJoyGxO6IR-aZRi4VoNIyOrbZ73bV711pFc5xVeUNHhAv9SoiPbJLyT1QrKzxJjVvAC9aT06x4m5NE2HUFv0t4J1ZAVr325o2tF249zOmhUgtZB3l1iO24RHKwAeyfBX08ne2863QlMaEP9pa7jniFWGQdBYx37wc3e8vRD6wIeWI4G01-YX6OQfaYVtEd-uXJVIgb3aY_Zq09ivGcr_n2FZyRxFlwHKCJSJwpIi-kKh6fewpyDsHD3OdDZsHgV839LQAKt3eWAFCXYNgW754clmsscyROV5joxO2NifDYRg1UnwT1lPOAQskde12fccMxrlsC8PyRMTIk-4oaQWooVpIWThlQxjOGLIrLKo%26adurl%3D
Requested by: Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.111.106 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.106.111.46.78.clients.your-server.de
Software: Apache /
Resource Hash: ed479689f9b96722b871c79a07145dd26a73834b9851ddd929b79e8ce12251d7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 08 Jan 2024 18:59:02 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4253
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame B149 12 KB
4 KB 45ms
12ms Script
text/html 78.46.111.106
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1704740341501730&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCpHL19UWcZeLPHr6O1PIPp9aTiAym5b2gaYWVnKfJD_AuEAEgwLKCa2CV4pCCoAfIAQmpAsitmDqOYrI-qAMByAObBKoElgJP0PSgjNFtu1QYLNGBgaf-DThveSF1qJ_lVAz3q9qjafGNV9LSYkle9wJkNB9NzZI8SipGLmLcr3WVoveHM8tVBheO6it4y57IGiSf5bCXYyhti2_Le9i7NGtmkI2GJNafT4VGFV8VfrnSmcYmZIXZr_u3_fxXrEfmyhC5-IbWMleoWc34lbgCrJfb0G7KspoJE4d-M7RyDsC9-asyITwGfBTzdb-nmv2YAqli3VZjDedv3cK9qU-xTM1lqyD7_aZlWf_ECzamtZ8UK8UCrmywMC-EdEuA8q2feE55rgK4iakbBqLoDxM7sb9xbGQ-mVuL_m1APG4z0r4FpL3zmrRwj4kNOf-WB5b5OIUba3EXm1Phwe90gMAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljnvfLTvM6DA4AKA5gLAcgLAYAMAaIMCCoGCgS7u7ECqg0CREXiDRMI-uzy07zOgwMVPgdVCB0n6wTBsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSYQAvHhf_sxbIP2hcNbRsfWqOBGwOEtaEVJhNT15zXqBqYuBHdWncKeoAyZ0id75_Sv_EOSGcgtL5W5TTa4e_GRfg0YyWs0VRxR-_WqXBg3I9Q3HlqOxyiLasFhpWNKy2YEoYAQ%26sig%3DAOD64_2umme7eFLJ_cN7Jep7aHRWuatnRA%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-DOm-035dNZewGbRBriYGF_mGgqYABkirg502b0qaaA-isgv2FDJ1YFCZhAnQvzM0j_KVUX5Hbq_i4V9Ub7mPHjySjWHqyij-GLMQHP-uzHMzvogQJCfJW0th-x0-SeCHakVYrSZPlgDkisXtgvbcS00WX7QCga2_eiYtTph0gZMvw83kE%26cry%3D1%26dbm_d%3DAKAmf-Dk-OZLkFRhGraif8xC8iT1NeBfaLS77HF9V58K2FT9pDsZ4xzdZkTmhhGU2ULfzXwSi61LS0vnkC-GD0ZafMY8IjHXRFiMoOFASRCTgLApiMk2XoBSNh1ZG98hwHio-NiPYf_qZCCUy7ubZ9-hTxotA6iUOK82snDm02RiljccIvs8U8Liyl5E9yfNX7dRzfV5JEYT5BPym6XhTWyuwbZud4Vcdso8EL-vpHDzwCSSGeobDrh2WLRcnXH5cwj19WIyIRptQk2T3SxSDF99rvkHr_Ouxxb3_HClJzCyv9s8rYPyF7BKRxNJp7BUlu6GWdcZdv-Q5C9evxwGXRGNmyvxxatmh9FHJPytNah6hBYONESmD-46UrABToT0Ldav8RKdUANK1Y-m9RWklqz6O3zEvdm9CadfymjlIbbYGMzxp4AygoMiNsRcrUaxfZGu4xeUzmmxkhqeriK19GGUsaeggfAMM24cpbWr5DeVklzn-94TBBulcjmISqOBeYaEytXBmWi_ni985FkmzAaUurEBU_bW45F82k7PIeK1Pkt7YJK9yno%26adurl%3D
Requested by: Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.111.106 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.106.111.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 2893a7e611342776beef4df487c025cb7c3e0a57e3744f9471b6fc673e267f03

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 08 Jan 2024 18:59:02 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4252
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 4CAD 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b897e32342ccc2f773d70899797e11efaea58c76b5c42a1b98896eea9f3b29b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 4B39 38 KB
13 KB 6ms
6ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 551624
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 02 Jan 2024 09:45:18 GMT
expires: Wed, 01 Jan 2025 09:45:18 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 64f06d40e4b0a5353b1171f6
ng2.virgul.com/tck/imp/ 0
213 B 62ms
56ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/64f06d40e4b0a5353b1171f6?g=1&t=gb&r=158529@site_geneli@foreks:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1&info=&mt=1704740340252&userId=vnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: https://www.foreks.com
date: Mon, 08 Jan 2024 18:59:02 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame CAED 0
16 B 313ms
313ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755403&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A520%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.foreks.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342090&bpp=2&bdt=315&idt=259&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&nras=1&correlator=6425755598420&frm=24&ife=3&pv=2&ga_vid=1915995461.1704740342&ga_sid=1704740342&ga_hid=263902789&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079265%2C31080114%2C31080224&oid=2&pvsid=3522548824508111&tmod=1972445267&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.tsu29v97msii&fsb=1&dtd=266

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 0C04 41 KB
14 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C_4--Y-HdNVX-95vJ_2OSuN-2G7hgJ2rh8SKn48OUBVA_o6VPp1vPdkKHXu-oPqwGDebu5VZxxImlj4kDHaSU5MjDYiLxsv-ZKgl8t-aGcZV2a8v-brFxGlNiL2LzvoT9BMIqbqSV2yLSiBeWI5ePg_DEkG9zjQZVv8IXPpWRsxZFk4J4&cry=1&dbm_d=AKAmf-Adz7QPCqQJp8f_nkTyA6Wk-iqxGBPEXXrPta2RXTQg4nsSS3g--17kmXKXIzIO26PtO4lwxCntJlsyhCqBoVxC33ThoxvkhGAqOzuIVbPe3CEkqPPKLxa2agr3O91TzHEfVtwWDhJ1JlAzdCmcqZeI6DkFKX2q7ieMrjE4l_gGTDRD5Ld2mt4gYx212y3eawj8Gg29OS9-7tIu8s1E-ytozmclw2AXrRNbdR2J9yVKe6y16CXxNMLDrOgxZ0_9GcGRVnC_I-5AuQYrvlwkNdSFOS3cPeEaD1GDkKUVnVvcUUkIEDJcm5XFVab3u2Z374lNS21xP8rni9Ts4ssUdBZwgPpINgysC99tTMDEIrbOFDhsQGAFS0Kuq7r_2gVJPBv7AfeiXGpiavhnmlrM16j7rsRaDoyXtUsyeMK6RUKZ5PvklwUwwJkJPRAXR-lnrlOlwlIORWmTfKSupm0xVAuKRf9lD2fnjUQz-LkpQKn2fsTGCwAflZicy0BeYWAykCWX5VTY4EZF3aVsJzrPO9SNHtZy72H1i_9wpxiV916gzE9Cszcy3MLXDv9EJtaxLoZoan7_Qt46JSRAt6ke12xVqJSbzDg_noM9OKEB7W8UXIu-J6oM21vxctjV0-OcIRAO2hkokqHtHBK7hLsVfc-TRkty5P2wDOsYvnBkS7uUV3fhC4NH_s4A2PTdfDfbhmQ7VEVzSf4JcvKOfTPnfwjBIWtTSX2tYRnDSOyNBw1UHXtWjxfG_33lASfNqhhd5d3Wl0Vm6ho6rp4BaHZdQpmEUrfLeovBsaOz3dGiBTW_Wd3mEOzFkNpvo9Z3-L9Psh_SwstFyoWFaqkp8m4EhR1c0rhxVuFYvZbG8k81euSfF9UxCwN-n6DU93h9PREccvyhCjCbSUaobg4N72J_UYkbXp6ZaUWhKrHXBYJb2o2KnWx0lLGOZI5A8dRfDWwvHjJBnPr10ZuzNE7GqWG11JLoKK9tOi4hVYs5eU_NIP1KDOB6Dsbxw-4jDMsbtLJM_t0mu-5NDq17O2EDCc51nCEsTzNfj4eE7_RPQByr3JgGxrj702t6ru98MXMmcIBVLb856ZPZw4kAifk0N8IspBs0xGGqG_hUBwwJFr8XStA3Yo4uaOEKm7Xsl3-SiDFFlz1rYa2Y6sIW2x6bYkVQcbPOmXegjHleVKwlkrTThDTixuJ6yGxyrUps9_2v9q512SwBWIgSzU2zBo_wL6BKHJ26OUN1J1Hzd8jbbakrqoVXwPsQHhL9TDYC0cXT_zQFbD4RkwkeIwPmZIe1zZPlFzZq3eh1v8ajwuVLLXrleoKDDRuYh3VwKhCy7iEM1LWNkANQoqBAFkIpfasA7jVYcbpdv4GtYX5Ag2RrF2XNzDIyHpEpuD68pAvC_Pujxq54keT-CwVsF-6cbWY9Wq_w9uiLrwi895e7BAHtnOZbyy89XG-I_t0NeT0UXBM2lkOuEYY7ksLsLO8wfPJgYP8AHOndQM7sq_gZbjr9vKH_jI5zUohTp9RtRaNiu8s0pfw_VuElirKTHwPulssioHRxf5QRMEHcYWCnkW51cSeiZ_0ZZnZg4oVX5-7AuHqc-zhV8F1z_VrK4gY2KEN5cfFS1OW8V017Xh_xxSjfITpUchsu68avPDy64MIi3NoXyCIdZCqGGNVO6v6amaoRZsKGR2VOyg_QyYNHAeFUWS6vb76l8OvD10Td6s4dYhUXEUBXiQ1EtF4QWvmlY0XECwGtegec9QWojTaAijC_FnRDwlkN5LoZMOnVe-bAW88DNN_CP-sszFS3BYloRmQXu85PoHBMLvUzaFRwVJ6FpygiU7IHbyYiv_T-k6k3FolHzQ54Z3GMi9CPruA3Dddl5uPJagQ7K5Wy2A2vYyJy6SBkKBFg1tYN0qCId2kNyS6frmnGbLaNBWhp9M5z5jE75JtpVs1xD_4fnUp6ci4iEffDW2EiE1SPZEhTgl1wj5fUXr-Z4qXqbxWWFCBmuK0x_PgyYMOIPM4B7s1jXzjZacLF8i6gZzUy_9IPPJsTYYTfIA3w6GuY0khwcr0jH3byINo2209qb83thJ12ZSjGHi8yym1KDybunSaG-Pd7pTKpvfmMKgJoGpyrPbSothCGGL7liHwcbCavE9AJcA9Ze0lXENOzvVahkB59PcJ2FrVOwi1T11wOGWQJ_MTfwERx5y9wTD3lRTBVxRsGxZFXNdW9jALODjkEEqVhm9ddNddt4LpguguMYfNDDERxnKc5bBrwjEKK1uxluQtUDpTQyAomfqzRYH9VI6kzZCQoro8THdeuIzPXrPKag9nKHGI1XblDrha2vc63tjDxXSvgGji1_LRHPcZ74NnCC1UN-f9nksGnUBRdLLmVpFzUsp3P1zd2daR197V7XT0bhvi4D7NEOvDax7Tt2oxtcxjUnV43e_YEXOO5xptemYq2fr2FOYEcGDvTZ_0xLDUM8gC6HoMfWGwywuxUgMHMiK9ppoU7UJIwwLxvXyvDF49T0MqhtnHK0qBVbm23GyGQi-ROCQwspK-kcvQ14NeJY9PRJCbxW4zyvtoX1lWweNOnCP9SQiSs9hx221XqMQknLqLCFcJeA0YsfDlMQ60MuDGYfmD_QEgaP8D46pBmAPPGdHZ9l62e6ToIUeJyE5GAgNIG2Xlk6pZaneVw7fE6tkJGgWctte1-1g0YMK3TAFrbGK0XKEV5p9S5ZcpxJ68fdViP9OnjRBRXZPm0cAL-GRYkKUvi9VIN7tuSuJW7UWzLF4dqmyAZzG-PPQ-WGURtZP_8MK5tgIlZeJo7sdK3QJeIyJnw5FjbCRVmR7wcUAlC9eOgFj1ANbMB6lvQh2PnUDs6IodzTvhvPJWJXfu7taHEH0eTQtnHvClHv8I7AhN4uPEuw-4by4XMfmpmpcacRhJnYEF5jeHWG4i12xKQo5EB0xAKcM1UM3NPbxjcdqfyLOjxdqmqpLTLpQ0l52OqBXJ4KZ3Arls4Z_tRfebDoz02ZvYSbAZdWL59d9KgRDs56p8qgLSmaiwSs7MnjTNcPaBYSzgLw4HbesGZG0OxEeLa9QXhWO_7b8ROtqBgU5XvPA2U1hX3jtHIa44Ajsaa2cCdwoHV7UBQ2PXoyxS2inrBnopAjCedh7PuAkU4rxpsjEK-uVOx926w22D-eZeMwx4ZSBkDZfqFhF5CqhH5wO4YplAGtQc3xrouqwrBIN2pNFt7mXZMBboNK5I0r9aIXImXvazqXMkrqSO-jzQ69eHp3VDyf5bz6kxqDzEKUluPf9MdYliwmOHeAexzyS3EtlMXtYwDJDvcTyZ51bsiyIT8wrbCZ9Dk_1rIvevE0JnC38Zta1nBArl_5S21KIrRb79xTTcocFOkdQMRROdqL2vDxCYSjuoJen2r6RRzGy_KMdDwoXmig265sTHanhSLpXx58tbkM1dLg_tHQbETtJRc-6UI8nsLlh5gF1aJ6uZs2RvP0_gra_QU14u30F9GB3wTiN10eGom1AklYSraVDOCRoVQM68QaSOi8SJhAkoM1XLPE95RR3llQuTubsaTey2VkXY0GujfqNXeiodWEYn2buwoBEkcS0pGFFIk9B68Rym8w0UkMjQ9XSj2WamYYVMTupQowNxTyVbQNVD_s3uBcHnCDlAEWgBxaPSss73EAXB_TcEidDOftWfMdCZt0osSgWJ_HE6giH_m6Z3_SzOF--YdorlO8mKQjqvwfO7o16hw1pxZd0ygEU5ls8yaOf2dAwYtd61fIF7HKumkJq9sNQjt9pgP5qvrr8qPFB1ItPepVhmz5sDtTBXWL6snG8gw0KAu8huLHN5noUjMIen9EFpptnePOvzoEhN9q3Fqk70Rp_x2V3L6EDV6Inv3W3WvfYVUFDNcyLgedicTkLUqM3ZYOy_lt2R-WXF0ULeqbErp_iF5bbGOoOyNf2CpfUDyo_yeXPX97hmZf0mrEBCXBJIPZmE_2CwMqkvcr3DFO6niT13bY4JUSjzfTD6RDGKWK9OLZCY4dBfvOjIzVBGtYvME1ZJntY-yxCiTz4hd2yKxB9_oTDmLhPhsCN485eQ5XXT2ScwsRLGU-jrQrWNw2EuMK_sJhvZYlMwDrDP4VnHtuJTq9Z2M-Udo0lJXA9d6zFVPBvnsjiT4LQ0&cid=CAQSYAAvHhf_G1AThOSRRippFukz4OV98QF_M_-x1OoP4JQ2DrWG28Fq1EkRNB-QnZCt5hDQHy-R8DG_zEvjKUNJq_1COA8ufOi5vQQPkD66X0tivVgK6Cc6HnHx6pUkmS0_vRgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.foreks.com%2F&ds=l&xdt=1&iif=1&cor=805994000142811300&adk=3037181501&idt=123&cac=0&dtd=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 262434
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jan 2025 18:05:08 GMT

GET
H3 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwNDc0MDM0MjI4NzcxMAogIHNlcnZlcl9pcDogMTQ2NTI0NTkwCiAgcHJvY2Vzc19pZDogMzgyNjA5Nzg4OQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0...
ad.doubleclick.net/ddm/activity/ Frame 0C04 0
22 B 45ms
45ms Image
image/png 172.217.23.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwNDc0MDM0MjI4NzcxMAogIHNlcnZlcl9pcDogMTQ2NTI0NTkwCiAgcHJvY2Vzc19pZDogMzgyNjA5Nzg4OQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0MwphZHZlcnRpc2VyX2RvbWFpbjogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiA2NjgzNDY4Nzg2MzU5MTc0ODk1CmRlYnVnX2tleTogNzA1NDU5NzE2MTAxODI1NzQyMQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QUk9EVUNUX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIjIwMjQtMDEtMDgiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQ09ORklHX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxMTg2ODk0MwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9DT1JFX1BMQVRGT1JNX1NFUlZJQ0UKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBVEZPUk1fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9RVUVSWV9DT1VOVFJZCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIlVTIgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFDRU1FTlRfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMzMjE3NTg5OQogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQURWRVJUSVNFUl9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogODc4MjQzNjk2CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19MSU5FX0lURU1fSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDE2NjYwMTQyMDYzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19DUkVBVElWRV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogNDE2MjA3MDY3CiAgfQp9CmFyY2hldHlwZV9pZDogMTIKYXJjaGV0eXBlX2lkOiAxMwphcmNoZXR5cGVfaWQ6IDE0CmFyY2hldHlwZV9pZDogMTUKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL3JlZGludGVsbGlnZW5jZS5uZXQiCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9kZWJ1Z2NvbnZlcnNpb25kb21haW4xLmNvbSIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2RlYnVnY29udmVyc2lvbmRvbWFpbjIuY29tIgppbXByZXNzaW9uX2V2ZW50X3JlcG9ydGluZ193aW5kb3dfZGF5czogNApicm93c2VyX2F0dHJpYnV0aW9uX2FwaV9yZXF1ZXN0X3Byb2Nlc3NpbmdfYml0czogNzM4MTk3NTA0Cg

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0x861adbe195ab2ce40000000000000000","13":"0x44539e90e6e389440000000000000000","14":"0xc4971f004aff5730000000000000000","15":"0xce03adf85e040b010000000000000000"},"debug_key":"7054597161018257421","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"21":[],"8":["11868943"]},"priority":"0","source_event_id":"6683468786359174895"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 2513 38 KB
13 KB 8ms
8ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 551624
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 02 Jan 2024 09:45:18 GMT
expires: Wed, 01 Jan 2025 09:45:18 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame B3BC 38 KB
13 KB 9ms
8ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 551624
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 02 Jan 2024 09:45:18 GMT
expires: Wed, 01 Jan 2025 09:45:18 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 5977 38 KB
13 KB 10ms
9ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 551624
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 02 Jan 2024 09:45:18 GMT
expires: Wed, 01 Jan 2025 09:45:18 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D6D1 0
16 B 193ms
190ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755405&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A520%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.foreks.com%2F&ea=0&pra=5&wgl=1&easpi=1&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~3~4~6&aslcwct=150&asacwct=25&aslmct=0.7&asamct=0.7&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342168&bpp=2&bdt=372&idt=200&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&nras=1&correlator=3215437451061&frm=24&ife=3&pv=2&ga_vid=650811357.1704740342&ga_sid=1704740342&ga_hid=479107884&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C44808398%2C31079758%2C44807406%2C95320377%2C95320870%2C95320890&oid=2&pvsid=3437858270982662&tmod=2064810646&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.b6ipj8v67xda&fsb=1&dtd=204

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 48B7 716 B
376 B 491ms
491ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=3173046726&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342092&bpp=1&bdt=317&idt=282&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=6425755598420&frm=24&ife=3&pv=1&ga_vid=1915995461.1704740342&ga_sid=1704740342&ga_hid=263902789&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079265%2C31080114%2C31080224&oid=2&pvsid=3522548824508111&tmod=1972445267&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.hgk43vmz1zne&fsb=1&dtd=286

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0061f3c24b6113cf75ff0a0a0da4b7dc0e146b34382f46de06d93480566de72f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 355
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:02 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK iju9wczm8trb Show response
hal9000.redintelligence.net/zone/ Frame 0C04 12 KB
4 KB 33ms
12ms Script
text/html 78.46.111.106
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/iju9wczm8trb?subid=&gdpr=&gdpr_consent=&rnd=1704740341499165&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC2RJa9UWcZd27HonT1PIPrtiuIKblvaBprZWcp8kP8C4QASDAsoJrYJXikIKgB8gBCakCyK2YOo5isj6oAwHIA5sEqgSaAk_Ql1TyryI8VXkPnQLy_SZtv7kv7Z_Xz15y8cFtEk4rU18z8BBNDEmJplYKG4_93teemXoZP3dOB-CtOL22d21BJFhSNFaX9ZG4mTEnG1-aKKJbLJtMaMz3PIrht_V5SPEbbOqPRCOQ7wLZe9GrbByJkrrwQyTXTFB0mSvPo5fXSw-aL425NNWQO-UnnjOJROO4LDbx1uwkA4zPPFGo-nit_dYqqZ-BJ9tJSjvvngJDqTtooD9tEj3-ZIApQbNvNgw4X2vG5k0kIgPafi8LzyobezMqsU8wcv9lCLXB69T1_-CXnD5oMHqyyQZ4y75GYmzgg50hUw26NwDpeKQIuWds4F3Go3L6l9D5GZotOpDHqGCaZMJt4B9yBcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOli52_LTvM6DA4AKA5gLAcgLAYAMAaIMCCoGCgS7u7ECqg0CREXiDRMIoY7z07zOgwMViSlVCB0urAsEsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSYAAvHhf_G1AThOSRRippFukz4OV98QF_M_-x1OoP4JQ2DrWG28Fq1EkRNB-QnZCt5hDQHy-R8DG_zEvjKUNJq_1COA8ufOi5vQQPkD66X0tivVgK6Cc6HnHx6pUkmS0_vRgB%26sig%3DAOD64_3Vs317CGcaBXfURhrWZ36z-ePb-w%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-CoPZS6-y4FVAPkCPC07cEG_WB-6do1ydbfMMD3gN1kQCTjI8DOoqQfzX2DegyJs96Ucq9oUyp6NygBHS3yFUBpn5QXEGR4h0IbsQRhuHRUJgbCX9Bf2MkUKsMHXT687pizij9PhBGtCko3d6mPoJ5elw8CWpp0nru90M3li0m5iRCgFBM%26cry%3D1%26dbm_d%3DAKAmf-BYteweSu02JijDQOKw7y8E9bufpGkl2OxCzmSGd2CxT-sGRbXr7CsAF4eQV0-jI7XRCHizpXviahoUiIDChrTaCitqnljsTU9zb6koSwvgtdBmFwQ_oKSEdJqdNdVEBkbk7Ao-XMVahG39gDfmdIsiNJVXpTPRSmm7-MCZuybi_G2G2u6MDxEyIsKYK99vFbfBVmxU8Oq8CuF41gAr_q9m-0-6sDsTQi_GUQaJLjAHWDFBQ-VCXPfWSdAqNvRoaLd84nHyROCx9S-KbHdCqhlbPul2FtqbZygKBZu89qhUCtbUcKvee21hAk8IT_6kOlk_IAGaBCQzG5zCYuKgE5o7xWZEU48xM2GBJmLJbrq8E4uOnyU8_TmO4cJIqHnok212eF50zhrUAgRksVbfL9yFu1UdGRp393ai-CHFLKx0rJsblMb6ySlm4F83DxnEsF9XVItIC1DfGefsrE3a9XhEM8GnE_Yh_K5ZBMcqCuu4pTBaU5Zm9e4hxP5zry5FfPWsaK1aIuQr3Mqm0JcYVuCIlvd8x145u6H2Og2KEuk8GEuhfVA%26adurl%3D
Requested by: Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.111.106 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.106.111.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 78e7c05d7af83fd831e116e0df20794ee337b1b27fc76a25b626e078e7827fa8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 08 Jan 2024 18:59:02 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4256
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6E44 40 KB
17 KB 488ms
487ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=3173046724&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342170&bpp=1&bdt=374&idt=246&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3215437451061&frm=24&ife=3&pv=1&ga_vid=650811357.1704740342&ga_sid=1704740342&ga_hid=479107884&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C44808398%2C31079758%2C44807406%2C95320377%2C95320870%2C95320890&oid=2&pvsid=3437858270982662&tmod=2064810646&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.8z9oe33zf6zv&fsb=1&dtd=248

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

be8d30e8e16b816c8c46da4f0d206ef5d99762fc701d69457b1c2a1dea7f4b94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 17095
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:02 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

request.php Show response
hal900026.redintelligence.net/ Frame B149
Redirect Chain

https://hal900026.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=368a912990&subid=&uid=42cc7c79091c7051&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900026.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=368a912990&subid=&uid=42cc7c79091c7051&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

2 KB
1 KB

99ms
78ms

Script
application/x-javascript

138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900026.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=368a912990&subid=&uid=42cc7c79091c7051&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCpHL19UWcZeLPHr6O1PIPp9aTiAym5b2gaYWVnKfJD_AuEAEgwLKCa2CV4pCCoAfIAQmpAsitmDqOYrI-qAMByAObBKoElgJP0PSgjNFtu1QYLNGBgaf-DThveSF1qJ_lVAz3q9qjafGNV9LSYkle9wJkNB9NzZI8SipGLmLcr3WVoveHM8tVBheO6it4y57IGiSf5bCXYyhti2_Le9i7NGtmkI2GJNafT4VGFV8VfrnSmcYmZIXZr_u3_fxXrEfmyhC5-IbWMleoWc34lbgCrJfb0G7KspoJE4d-M7RyDsC9-asyITwGfBTzdb-nmv2YAqli3VZjDedv3cK9qU-xTM1lqyD7_aZlWf_ECzamtZ8UK8UCrmywMC-EdEuA8q2feE55rgK4iakbBqLoDxM7sb9xbGQ-mVuL_m1APG4z0r4FpL3zmrRwj4kNOf-WB5b5OIUba3EXm1Phwe90gMAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljnvfLTvM6DA4AKA5gLAcgLAYAMAaIMCCoGCgS7u7ECqg0CREXiDRMI-uzy07zOgwMVPgdVCB0n6wTBsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSYQAvHhf_sxbIP2hcNbRsfWqOBGwOEtaEVJhNT15zXqBqYuBHdWncKeoAyZ0id75_Sv_EOSGcgtL5W5TTa4e_GRfg0YyWs0VRxR-_WqXBg3I9Q3HlqOxyiLasFhpWNKy2YEoYAQ%26sig%3DAOD64_2umme7eFLJ_cN7Jep7aHRWuatnRA%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-DOm-035dNZewGbRBriYGF_mGgqYABkirg502b0qaaA-isgv2FDJ1YFCZhAnQvzM0j_KVUX5Hbq_i4V9Ub7mPHjySjWHqyij-GLMQHP-uzHMzvogQJCfJW0th-x0-SeCHakVYrSZPlgDkisXtgvbcS00WX7QCga2_eiYtTph0gZMvw83kE%26cry%3D1%26dbm_d%3DAKAmf-Dk-OZLkFRhGraif8xC8iT1NeBfaLS77HF9V58K2FT9pDsZ4xzdZkTmhhGU2ULfzXwSi61LS0vnkC-GD0ZafMY8IjHXRFiMoOFASRCTgLApiMk2XoBSNh1ZG98hwHio-NiPYf_qZCCUy7ubZ9-hTxotA6iUOK82snDm02RiljccIvs8U8Liyl5E9yfNX7dRzfV5JEYT5BPym6XhTWyuwbZud4Vcdso8EL-vpHDzwCSSGeobDrh2WLRcnXH5cwj19WIyIRptQk2T3SxSDF99rvkHr_Ouxxb3_HClJzCyv9s8rYPyF7BKRxNJp7BUlu6GWdcZdv-Q5C9evxwGXRGNmyvxxatmh9FHJPytNah6hBYONESmD-46UrABToT0Ldav8RKdUANK1Y-m9RWklqz6O3zEvdm9CadfymjlIbbYGMzxp4AygoMiNsRcrUaxfZGu4xeUzmmxkhqeriK19GGUsaeggfAMM24cpbWr5DeVklzn-94TBBulcjmISqOBeYaEytXBmWi_ni985FkmzAaUurEBU_bW45F82k7PIeK1Pkt7YJK9yno%26adurl%3D&documentReferer=https%3A%2F%2Fwww.foreks.com%2F&ancestorOrigins=https%3A%2F%2Fwww.foreks.com&random=6649573938491&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 2b7cf2fc231658e13a2f6d56e9aaa401ebfd0c2340a563ca8838b1383f4583e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 08 Jan 2024 18:59:02 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 29482200157764204444550012563026
Connection: close
Content-Length: 894
Expires: Mon, 08 Jan 2024 18:59:02 +0100

Redirect headers

Pragma: no-cache
Date: Mon, 08 Jan 2024 18:59:02 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=368a912990&subid=&uid=42cc7c79091c7051&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCpHL19UWcZeLPHr6O1PIPp9aTiAym5b2gaYWVnKfJD_AuEAEgwLKCa2CV4pCCoAfIAQmpAsitmDqOYrI-qAMByAObBKoElgJP0PSgjNFtu1QYLNGBgaf-DThveSF1qJ_lVAz3q9qjafGNV9LSYkle9wJkNB9NzZI8SipGLmLcr3WVoveHM8tVBheO6it4y57IGiSf5bCXYyhti2_Le9i7NGtmkI2GJNafT4VGFV8VfrnSmcYmZIXZr_u3_fxXrEfmyhC5-IbWMleoWc34lbgCrJfb0G7KspoJE4d-M7RyDsC9-asyITwGfBTzdb-nmv2YAqli3VZjDedv3cK9qU-xTM1lqyD7_aZlWf_ECzamtZ8UK8UCrmywMC-EdEuA8q2feE55rgK4iakbBqLoDxM7sb9xbGQ-mVuL_m1APG4z0r4FpL3zmrRwj4kNOf-WB5b5OIUba3EXm1Phwe90gMAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljnvfLTvM6DA4AKA5gLAcgLAYAMAaIMCCoGCgS7u7ECqg0CREXiDRMI-uzy07zOgwMVPgdVCB0n6wTBsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSYQAvHhf_sxbIP2hcNbRsfWqOBGwOEtaEVJhNT15zXqBqYuBHdWncKeoAyZ0id75_Sv_EOSGcgtL5W5TTa4e_GRfg0YyWs0VRxR-_WqXBg3I9Q3HlqOxyiLasFhpWNKy2YEoYAQ%26sig%3DAOD64_2umme7eFLJ_cN7Jep7aHRWuatnRA%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-DOm-035dNZewGbRBriYGF_mGgqYABkirg502b0qaaA-isgv2FDJ1YFCZhAnQvzM0j_KVUX5Hbq_i4V9Ub7mPHjySjWHqyij-GLMQHP-uzHMzvogQJCfJW0th-x0-SeCHakVYrSZPlgDkisXtgvbcS00WX7QCga2_eiYtTph0gZMvw83kE%26cry%3D1%26dbm_d%3DAKAmf-Dk-OZLkFRhGraif8xC8iT1NeBfaLS77HF9V58K2FT9pDsZ4xzdZkTmhhGU2ULfzXwSi61LS0vnkC-GD0ZafMY8IjHXRFiMoOFASRCTgLApiMk2XoBSNh1ZG98hwHio-NiPYf_qZCCUy7ubZ9-hTxotA6iUOK82snDm02RiljccIvs8U8Liyl5E9yfNX7dRzfV5JEYT5BPym6XhTWyuwbZud4Vcdso8EL-vpHDzwCSSGeobDrh2WLRcnXH5cwj19WIyIRptQk2T3SxSDF99rvkHr_Ouxxb3_HClJzCyv9s8rYPyF7BKRxNJp7BUlu6GWdcZdv-Q5C9evxwGXRGNmyvxxatmh9FHJPytNah6hBYONESmD-46UrABToT0Ldav8RKdUANK1Y-m9RWklqz6O3zEvdm9CadfymjlIbbYGMzxp4AygoMiNsRcrUaxfZGu4xeUzmmxkhqeriK19GGUsaeggfAMM24cpbWr5DeVklzn-94TBBulcjmISqOBeYaEytXBmWi_ni985FkmzAaUurEBU_bW45F82k7PIeK1Pkt7YJK9yno%26adurl%3D&documentReferer=https%3A%2F%2Fwww.foreks.com%2F&ancestorOrigins=https%3A%2F%2Fwww.foreks.com&random=6649573938491&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Mon, 08 Jan 2024 18:59:02 +0100

GET
H/1.1

200
OK

request.php Show response
hal900017.redintelligence.net/ Frame 993F
Redirect Chain

https://hal900017.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=6eae03fdb0&subid=&uid=5b648cd7f77c133f&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900017.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=6eae03fdb0&subid=&uid=5b648cd7f77c133f&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

2 KB
1 KB

127ms
107ms

Script
application/x-javascript

159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900017.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=6eae03fdb0&subid=&uid=5b648cd7f77c133f&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCxP669UWcZZmfHvv_1PIP6Yi2sAKm5b2gaa2VnKfJD_AuEAEgwLKCa2CV4pCCoAfIAQmpAoDLVB9FabI-qAMByAObBKoEmgJP0C3LpfUJMNWJgu7rKy-0XJLdP2R3l1q3Qfjf208J1fuPLEzNPIA8ISqlCs0ozKVtmoRck0CV07buVmpD1PJ_f-H5VByNzLz11g4cAAocO9ZfSlhYKOoqGWVnBXc37VGqXvYmzs_L6A9uEYjW-Bo0rXgl6aKyjGaCyYrGJef07Lmce598qDfIRuNs7K0Gqf90HV9KthaprvbQ2df1qLrZdQrGq78IdKUki1MwqXF7WPWMYC0zBJ55H-oy2ZAvVqTHVHLnJLubhE-1_n6RVA0oqv6v9Kv8NjShz6RViWTEv7X0aJZHOtqlKYS1WdTkAsKbgrLkxRe_TnIJDvjrAYQJ6Jt--Y-1bi4Kt54tercRsnKs9z7rLQT8BDnABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHTICqgI6AoBASL39wTpY7M3y07zOgwOACgOYCwHICwGADAGiDAgqBgoEu7uxAqoNAkRF4g0TCIr88tO8zoMDFfs_VQgdaYQNJrATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSYAAvHhf_xyUR0Yx_g7oaoMy46rce8HR5f1ftI0yqsagItMz-rz_9e1tD53FN0mf0fMDRFf_6-3lHNue1tagaarDnmIlwkuFOv9s7-CLyFsmnWwNQ3QbNCJy6F-Dpf0IBKhgB%26sig%3DAOD64_3Gia6VDXQkQgAVZ4mK4lxRN54TYg%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-BDmBryLq8JkjDWTjQFCJ9jP8upn2_lLEgfMi3OeS2g4qYFJeNCAvl3gzqCPMRpfK9eDCLvyMDGlURuLllmTSyMU6Q3poD04rprp_GJA5RzSYPjzE4R9uebzLO49KkL0QAVAq5rIrV_p80ep6TEoyqpHHh2Avrnn4pZ_i_50M2x6YJrp3I%26cry%3D1%26dbm_d%3DAKAmf-DHIUu5ZCbf-7SBqOjKiYLMZqjzAbRwEfmpgu-2dO_A13c7Nic6PiGHwl46gF0pW9A3OJnzngO9XTtZu7ANtwLQD5WgQ8FrBaNgUXxnGDEcZbq1inLVhVzcZcjUM370ty-3sqgJHVL6OvOcyAOlrkYqlBLNzMFi6hMg6M3ok_A-uPPkg7nHKrCnmq_uYpEyQU8Ah2T8G0bbscl2jOnPvYHoiFHrLaDousDV_7vqYbwr99xlGsrMSsfBoFljfE9eDopOLX0OtJoP4BMKMr-yYo4kdlWLw_Kf0M9RQjEJLjMVpXlsFGXxtS6DFIzrlgo-PxBcO_48OybX1xv02_AXGoN_avFlurBs8s5mCwj8Kz8Kq4K5gw_75BtuJH_yFIQxxwK6ekGxKRgEYXJuA1HvGBQtnWhP0R3Hm7vuiABtdT27evogP0WiY7Sr2mFP7myzfCwSD2ikKHEC5v-zRgimM4NzPIW1o9dQdK2CDnngDncddJLiQITQSs8Zp1QTN6c-zrPnf4A00njjNjYtUqoJgIDNjgIJnV_zoqwP7O2xHkDGT2HZNn4%26adurl%3D&documentReferer=https%3A%2F%2Fwww.foreks.com%2F&ancestorOrigins=https%3A%2F%2Fwww.foreks.com&random=3901071166356&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 159.69.70.9 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: f2adf903c24c03641dd5ed0f2c5b16ecb50f9176bcdcda2cf806b99efb551fdc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 08 Jan 2024 18:59:02 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 59314500177308104444554012563017
Connection: close
Content-Length: 891
Expires: Mon, 08 Jan 2024 18:59:02 +0100

Redirect headers

Pragma: no-cache
Date: Mon, 08 Jan 2024 18:59:02 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=6eae03fdb0&subid=&uid=5b648cd7f77c133f&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCxP669UWcZZmfHvv_1PIP6Yi2sAKm5b2gaa2VnKfJD_AuEAEgwLKCa2CV4pCCoAfIAQmpAoDLVB9FabI-qAMByAObBKoEmgJP0C3LpfUJMNWJgu7rKy-0XJLdP2R3l1q3Qfjf208J1fuPLEzNPIA8ISqlCs0ozKVtmoRck0CV07buVmpD1PJ_f-H5VByNzLz11g4cAAocO9ZfSlhYKOoqGWVnBXc37VGqXvYmzs_L6A9uEYjW-Bo0rXgl6aKyjGaCyYrGJef07Lmce598qDfIRuNs7K0Gqf90HV9KthaprvbQ2df1qLrZdQrGq78IdKUki1MwqXF7WPWMYC0zBJ55H-oy2ZAvVqTHVHLnJLubhE-1_n6RVA0oqv6v9Kv8NjShz6RViWTEv7X0aJZHOtqlKYS1WdTkAsKbgrLkxRe_TnIJDvjrAYQJ6Jt--Y-1bi4Kt54tercRsnKs9z7rLQT8BDnABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHTICqgI6AoBASL39wTpY7M3y07zOgwOACgOYCwHICwGADAGiDAgqBgoEu7uxAqoNAkRF4g0TCIr88tO8zoMDFfs_VQgdaYQNJrATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSYAAvHhf_xyUR0Yx_g7oaoMy46rce8HR5f1ftI0yqsagItMz-rz_9e1tD53FN0mf0fMDRFf_6-3lHNue1tagaarDnmIlwkuFOv9s7-CLyFsmnWwNQ3QbNCJy6F-Dpf0IBKhgB%26sig%3DAOD64_3Gia6VDXQkQgAVZ4mK4lxRN54TYg%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-BDmBryLq8JkjDWTjQFCJ9jP8upn2_lLEgfMi3OeS2g4qYFJeNCAvl3gzqCPMRpfK9eDCLvyMDGlURuLllmTSyMU6Q3poD04rprp_GJA5RzSYPjzE4R9uebzLO49KkL0QAVAq5rIrV_p80ep6TEoyqpHHh2Avrnn4pZ_i_50M2x6YJrp3I%26cry%3D1%26dbm_d%3DAKAmf-DHIUu5ZCbf-7SBqOjKiYLMZqjzAbRwEfmpgu-2dO_A13c7Nic6PiGHwl46gF0pW9A3OJnzngO9XTtZu7ANtwLQD5WgQ8FrBaNgUXxnGDEcZbq1inLVhVzcZcjUM370ty-3sqgJHVL6OvOcyAOlrkYqlBLNzMFi6hMg6M3ok_A-uPPkg7nHKrCnmq_uYpEyQU8Ah2T8G0bbscl2jOnPvYHoiFHrLaDousDV_7vqYbwr99xlGsrMSsfBoFljfE9eDopOLX0OtJoP4BMKMr-yYo4kdlWLw_Kf0M9RQjEJLjMVpXlsFGXxtS6DFIzrlgo-PxBcO_48OybX1xv02_AXGoN_avFlurBs8s5mCwj8Kz8Kq4K5gw_75BtuJH_yFIQxxwK6ekGxKRgEYXJuA1HvGBQtnWhP0R3Hm7vuiABtdT27evogP0WiY7Sr2mFP7myzfCwSD2ikKHEC5v-zRgimM4NzPIW1o9dQdK2CDnngDncddJLiQITQSs8Zp1QTN6c-zrPnf4A00njjNjYtUqoJgIDNjgIJnV_zoqwP7O2xHkDGT2HZNn4%26adurl%3D&documentReferer=https%3A%2F%2Fwww.foreks.com%2F&ancestorOrigins=https%3A%2F%2Fwww.foreks.com&random=3901071166356&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Mon, 08 Jan 2024 18:59:02 +0100

GET
H/1.1

200
OK

request.php Show response
hal90009.redintelligence.net/ Frame 9A73
Redirect Chain

https://hal90009.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=6eae03fdb0&subid=&uid=c53ef8eef8fefa5f&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90009.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=6eae03fdb0&subid=&uid=c53ef8eef8fefa5f&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

2 KB
1 KB

116ms
95ms

Script
application/x-javascript

138.201.63.149
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90009.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=6eae03fdb0&subid=&uid=c53ef8eef8fefa5f&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCfQgx9UWcZcLOHuXK1PIPpKO3yAKm5b2gaYWVnKfJD_AuEAEgwLKCa2CV4pCCoAfIAQmpAoDLVB9FabI-qAMByAObBKoElgJP0DGAq0mfz0BzMJBdZXiC8TRfWJ0o6f2uVU3Ouo7A0XkhuctCvYIR-Gmy4QA3L7ut1VR2fQv_i_OdHqwMi3SMpivyqqSfcDXQcQvV-Pc0RH3XHXC3KfR4_E2C59Bmtx51EKzqIGBb1tSK4EkXUhgaSpz8RuJfkKIpnsTKRLN3rBmA1xsqnBfz17-URhc2u1V9mZXbHAzglyUQwCW4XkBv4QzD9fo8fNRkdvoNDwGdPvfCyi4IHnd4bZwZJmArslU84Wz830HaPVVkcCd0namxMnJxxD9khsHeXUkfb2GHxqNG_ureezniBB_4nugZFH9Nrlgpkl5iAOLUPJFhsW9UryM_8CwaI69XMNmgB8gwJP-389-y-cAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOlio8_LTvM6DA4AKA5gLAcgLAYAMAaIMDCoKCgisurECu7uxAqoNAkRF4g0TCPSm89O8zoMDFWUlVQgdpNENKbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSYQAvHhf_1sbcyA4O6ivAiKTHmnBMvrb_gimsZ0bWrNOIhWeuFQNG4CiIFJfEV9ek0GJ2M9n_O58GSfge6Iy60or03_XmQDkx-Zud5mAzOIxk63g5KRCFLVJZfk9BalwPggwYAQ%26sig%3DAOD64_2nVpw1Zw1zuW6fy_B9n1lGqlvAsw%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-C6v-kG3LH80ojA415fXEhe6U0dvfnuM07IkhMvj6ongeJ8DfOfrLFkE1LcYEgrLK9zyOkVzr_EFjxcg6fyQ4FCw8oCKLVXE9H3ufnzsTEoMX_HoPMlNkHE0twlFvmKDqY4A2-xFOdaPpDFMYkGo0_x34V4Qmi0TRw9CUNG8L6no_CydGs%26cry%3D1%26dbm_d%3DAKAmf-Czx6Kv26XDH-eHMvsqCMHq_VP9ZkFTshHzNRVnoQbsI3O6ZoUuJlf-qUP9fo8rRAZ6ly5ZD7EUIeE71nnLcsPsY0WKHGBnug5yNcCi5uoSsXmEr20Ia4s0MUAN-Mq2k9f--KLtxyazMvXyWw_7SRw7VklsJFFAeuaW7vKE1qfPaTJJTOq9C9gvqjKuSr4cE_gxm_KR74AGJoyGxO6IR-aZRi4VoNIyOrbZ73bV711pFc5xVeUNHhAv9SoiPbJLyT1QrKzxJjVvAC9aT06x4m5NE2HUFv0t4J1ZAVr325o2tF249zOmhUgtZB3l1iO24RHKwAeyfBX08ne2863QlMaEP9pa7jniFWGQdBYx37wc3e8vRD6wIeWI4G01-YX6OQfaYVtEd-uXJVIgb3aY_Zq09ivGcr_n2FZyRxFlwHKCJSJwpIi-kKh6fewpyDsHD3OdDZsHgV839LQAKt3eWAFCXYNgW754clmsscyROV5joxO2NifDYRg1UnwT1lPOAQskde12fccMxrlsC8PyRMTIk-4oaQWooVpIWThlQxjOGLIrLKo%26adurl%3D&documentReferer=https%3A%2F%2Fwww.foreks.com%2F&ancestorOrigins=https%3A%2F%2Fwww.foreks.com&random=4295766068203&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 138.201.63.149 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.149.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 8dbe4c0dca753de6f362fb3970a6bbbf08aa9bf876e6879586b4d36c39da6976

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 08 Jan 2024 18:59:02 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 10366500200286304444550012563009
Connection: close
Content-Length: 892
Expires: Mon, 08 Jan 2024 18:59:02 +0100

Redirect headers

Pragma: no-cache
Date: Mon, 08 Jan 2024 18:59:02 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=6eae03fdb0&subid=&uid=c53ef8eef8fefa5f&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCfQgx9UWcZcLOHuXK1PIPpKO3yAKm5b2gaYWVnKfJD_AuEAEgwLKCa2CV4pCCoAfIAQmpAoDLVB9FabI-qAMByAObBKoElgJP0DGAq0mfz0BzMJBdZXiC8TRfWJ0o6f2uVU3Ouo7A0XkhuctCvYIR-Gmy4QA3L7ut1VR2fQv_i_OdHqwMi3SMpivyqqSfcDXQcQvV-Pc0RH3XHXC3KfR4_E2C59Bmtx51EKzqIGBb1tSK4EkXUhgaSpz8RuJfkKIpnsTKRLN3rBmA1xsqnBfz17-URhc2u1V9mZXbHAzglyUQwCW4XkBv4QzD9fo8fNRkdvoNDwGdPvfCyi4IHnd4bZwZJmArslU84Wz830HaPVVkcCd0namxMnJxxD9khsHeXUkfb2GHxqNG_ureezniBB_4nugZFH9Nrlgpkl5iAOLUPJFhsW9UryM_8CwaI69XMNmgB8gwJP-389-y-cAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOlio8_LTvM6DA4AKA5gLAcgLAYAMAaIMDCoKCgisurECu7uxAqoNAkRF4g0TCPSm89O8zoMDFWUlVQgdpNENKbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSYQAvHhf_1sbcyA4O6ivAiKTHmnBMvrb_gimsZ0bWrNOIhWeuFQNG4CiIFJfEV9ek0GJ2M9n_O58GSfge6Iy60or03_XmQDkx-Zud5mAzOIxk63g5KRCFLVJZfk9BalwPggwYAQ%26sig%3DAOD64_2nVpw1Zw1zuW6fy_B9n1lGqlvAsw%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-C6v-kG3LH80ojA415fXEhe6U0dvfnuM07IkhMvj6ongeJ8DfOfrLFkE1LcYEgrLK9zyOkVzr_EFjxcg6fyQ4FCw8oCKLVXE9H3ufnzsTEoMX_HoPMlNkHE0twlFvmKDqY4A2-xFOdaPpDFMYkGo0_x34V4Qmi0TRw9CUNG8L6no_CydGs%26cry%3D1%26dbm_d%3DAKAmf-Czx6Kv26XDH-eHMvsqCMHq_VP9ZkFTshHzNRVnoQbsI3O6ZoUuJlf-qUP9fo8rRAZ6ly5ZD7EUIeE71nnLcsPsY0WKHGBnug5yNcCi5uoSsXmEr20Ia4s0MUAN-Mq2k9f--KLtxyazMvXyWw_7SRw7VklsJFFAeuaW7vKE1qfPaTJJTOq9C9gvqjKuSr4cE_gxm_KR74AGJoyGxO6IR-aZRi4VoNIyOrbZ73bV711pFc5xVeUNHhAv9SoiPbJLyT1QrKzxJjVvAC9aT06x4m5NE2HUFv0t4J1ZAVr325o2tF249zOmhUgtZB3l1iO24RHKwAeyfBX08ne2863QlMaEP9pa7jniFWGQdBYx37wc3e8vRD6wIeWI4G01-YX6OQfaYVtEd-uXJVIgb3aY_Zq09ivGcr_n2FZyRxFlwHKCJSJwpIi-kKh6fewpyDsHD3OdDZsHgV839LQAKt3eWAFCXYNgW754clmsscyROV5joxO2NifDYRg1UnwT1lPOAQskde12fccMxrlsC8PyRMTIk-4oaQWooVpIWThlQxjOGLIrLKo%26adurl%3D&documentReferer=https%3A%2F%2Fwww.foreks.com%2F&ancestorOrigins=https%3A%2F%2Fwww.foreks.com&random=4295766068203&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Mon, 08 Jan 2024 18:59:02 +0100

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame F9D7 39 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 14:08:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17418
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 14:08:44 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 4B39 39 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 14:08:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17418
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 14:08:44 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3485 0
16 B 91ms
91ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755402&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.foreks.com%2F&ea=0&pra=5&wgl=1&easpi=1&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342186&bpp=1&bdt=404&idt=270&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&nras=1&correlator=5076464377854&frm=24&ife=3&pv=2&ga_vid=789429540.1704740342&ga_sid=1704740342&ga_hid=233204692&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1792579836&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C31079714%2C95320869%2C95320888&oid=2&pvsid=3672836851977151&tmod=33738597&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.z3qr3584rqi4&fsb=1&dtd=277

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

request.php Show response
hal900020.redintelligence.net/ Frame 0C04
Redirect Chain

https://hal900020.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=526f2fc715&subid=&uid=a832b02684b93862&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900020.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=526f2fc715&subid=&uid=a832b02684b93862&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

2 KB
1 KB

109ms
89ms

Script
application/x-javascript

178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900020.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=526f2fc715&subid=&uid=a832b02684b93862&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC2RJa9UWcZd27HonT1PIPrtiuIKblvaBprZWcp8kP8C4QASDAsoJrYJXikIKgB8gBCakCyK2YOo5isj6oAwHIA5sEqgSaAk_Ql1TyryI8VXkPnQLy_SZtv7kv7Z_Xz15y8cFtEk4rU18z8BBNDEmJplYKG4_93teemXoZP3dOB-CtOL22d21BJFhSNFaX9ZG4mTEnG1-aKKJbLJtMaMz3PIrht_V5SPEbbOqPRCOQ7wLZe9GrbByJkrrwQyTXTFB0mSvPo5fXSw-aL425NNWQO-UnnjOJROO4LDbx1uwkA4zPPFGo-nit_dYqqZ-BJ9tJSjvvngJDqTtooD9tEj3-ZIApQbNvNgw4X2vG5k0kIgPafi8LzyobezMqsU8wcv9lCLXB69T1_-CXnD5oMHqyyQZ4y75GYmzgg50hUw26NwDpeKQIuWds4F3Go3L6l9D5GZotOpDHqGCaZMJt4B9yBcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOli52_LTvM6DA4AKA5gLAcgLAYAMAaIMCCoGCgS7u7ECqg0CREXiDRMIoY7z07zOgwMViSlVCB0urAsEsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSYAAvHhf_G1AThOSRRippFukz4OV98QF_M_-x1OoP4JQ2DrWG28Fq1EkRNB-QnZCt5hDQHy-R8DG_zEvjKUNJq_1COA8ufOi5vQQPkD66X0tivVgK6Cc6HnHx6pUkmS0_vRgB%26sig%3DAOD64_3Vs317CGcaBXfURhrWZ36z-ePb-w%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-CoPZS6-y4FVAPkCPC07cEG_WB-6do1ydbfMMD3gN1kQCTjI8DOoqQfzX2DegyJs96Ucq9oUyp6NygBHS3yFUBpn5QXEGR4h0IbsQRhuHRUJgbCX9Bf2MkUKsMHXT687pizij9PhBGtCko3d6mPoJ5elw8CWpp0nru90M3li0m5iRCgFBM%26cry%3D1%26dbm_d%3DAKAmf-BYteweSu02JijDQOKw7y8E9bufpGkl2OxCzmSGd2CxT-sGRbXr7CsAF4eQV0-jI7XRCHizpXviahoUiIDChrTaCitqnljsTU9zb6koSwvgtdBmFwQ_oKSEdJqdNdVEBkbk7Ao-XMVahG39gDfmdIsiNJVXpTPRSmm7-MCZuybi_G2G2u6MDxEyIsKYK99vFbfBVmxU8Oq8CuF41gAr_q9m-0-6sDsTQi_GUQaJLjAHWDFBQ-VCXPfWSdAqNvRoaLd84nHyROCx9S-KbHdCqhlbPul2FtqbZygKBZu89qhUCtbUcKvee21hAk8IT_6kOlk_IAGaBCQzG5zCYuKgE5o7xWZEU48xM2GBJmLJbrq8E4uOnyU8_TmO4cJIqHnok212eF50zhrUAgRksVbfL9yFu1UdGRp393ai-CHFLKx0rJsblMb6ySlm4F83DxnEsF9XVItIC1DfGefsrE3a9XhEM8GnE_Yh_K5ZBMcqCuu4pTBaU5Zm9e4hxP5zry5FfPWsaK1aIuQr3Mqm0JcYVuCIlvd8x145u6H2Og2KEuk8GEuhfVA%26adurl%3D&documentReferer=https%3A%2F%2Fwww.foreks.com%2F&ancestorOrigins=https%3A%2F%2Fwww.foreks.com&random=1682985320122&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: 903523de347c4419f45121ac0047bc5b30d9c17c600302c8169a131423f23a84

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 08 Jan 2024 18:59:02 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 21411900191433104444554012563020
Connection: close
Content-Length: 893
Expires: Mon, 08 Jan 2024 18:59:02 +0100

Redirect headers

Pragma: no-cache
Date: Mon, 08 Jan 2024 18:59:02 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=526f2fc715&subid=&uid=a832b02684b93862&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC2RJa9UWcZd27HonT1PIPrtiuIKblvaBprZWcp8kP8C4QASDAsoJrYJXikIKgB8gBCakCyK2YOo5isj6oAwHIA5sEqgSaAk_Ql1TyryI8VXkPnQLy_SZtv7kv7Z_Xz15y8cFtEk4rU18z8BBNDEmJplYKG4_93teemXoZP3dOB-CtOL22d21BJFhSNFaX9ZG4mTEnG1-aKKJbLJtMaMz3PIrht_V5SPEbbOqPRCOQ7wLZe9GrbByJkrrwQyTXTFB0mSvPo5fXSw-aL425NNWQO-UnnjOJROO4LDbx1uwkA4zPPFGo-nit_dYqqZ-BJ9tJSjvvngJDqTtooD9tEj3-ZIApQbNvNgw4X2vG5k0kIgPafi8LzyobezMqsU8wcv9lCLXB69T1_-CXnD5oMHqyyQZ4y75GYmzgg50hUw26NwDpeKQIuWds4F3Go3L6l9D5GZotOpDHqGCaZMJt4B9yBcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOli52_LTvM6DA4AKA5gLAcgLAYAMAaIMCCoGCgS7u7ECqg0CREXiDRMIoY7z07zOgwMViSlVCB0urAsEsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSYAAvHhf_G1AThOSRRippFukz4OV98QF_M_-x1OoP4JQ2DrWG28Fq1EkRNB-QnZCt5hDQHy-R8DG_zEvjKUNJq_1COA8ufOi5vQQPkD66X0tivVgK6Cc6HnHx6pUkmS0_vRgB%26sig%3DAOD64_3Vs317CGcaBXfURhrWZ36z-ePb-w%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-CoPZS6-y4FVAPkCPC07cEG_WB-6do1ydbfMMD3gN1kQCTjI8DOoqQfzX2DegyJs96Ucq9oUyp6NygBHS3yFUBpn5QXEGR4h0IbsQRhuHRUJgbCX9Bf2MkUKsMHXT687pizij9PhBGtCko3d6mPoJ5elw8CWpp0nru90M3li0m5iRCgFBM%26cry%3D1%26dbm_d%3DAKAmf-BYteweSu02JijDQOKw7y8E9bufpGkl2OxCzmSGd2CxT-sGRbXr7CsAF4eQV0-jI7XRCHizpXviahoUiIDChrTaCitqnljsTU9zb6koSwvgtdBmFwQ_oKSEdJqdNdVEBkbk7Ao-XMVahG39gDfmdIsiNJVXpTPRSmm7-MCZuybi_G2G2u6MDxEyIsKYK99vFbfBVmxU8Oq8CuF41gAr_q9m-0-6sDsTQi_GUQaJLjAHWDFBQ-VCXPfWSdAqNvRoaLd84nHyROCx9S-KbHdCqhlbPul2FtqbZygKBZu89qhUCtbUcKvee21hAk8IT_6kOlk_IAGaBCQzG5zCYuKgE5o7xWZEU48xM2GBJmLJbrq8E4uOnyU8_TmO4cJIqHnok212eF50zhrUAgRksVbfL9yFu1UdGRp393ai-CHFLKx0rJsblMb6ySlm4F83DxnEsF9XVItIC1DfGefsrE3a9XhEM8GnE_Yh_K5ZBMcqCuu4pTBaU5Zm9e4hxP5zry5FfPWsaK1aIuQr3Mqm0JcYVuCIlvd8x145u6H2Og2KEuk8GEuhfVA%26adurl%3D&documentReferer=https%3A%2F%2Fwww.foreks.com%2F&ancestorOrigins=https%3A%2F%2Fwww.foreks.com&random=1682985320122&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Mon, 08 Jan 2024 18:59:02 +0100

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 025E 38 KB
13 KB 7ms
7ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 551624
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 02 Jan 2024 09:45:18 GMT
expires: Wed, 01 Jan 2025 09:45:18 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2F10 716 B
377 B 189ms
186ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=3173046725&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fwww.foreks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342187&bpp=1&bdt=405&idt=282&shv=r20240104&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=5076464377854&frm=24&ife=3&pv=1&ga_vid=789429540.1704740342&ga_sid=1704740342&ga_hid=233204692&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1792579836&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C31079714%2C95320869%2C95320888&oid=2&pvsid=3672836851977151&tmod=33738597&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.dysgtt8kuxhs&fsb=1&dtd=283

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53f2fb03b94c607e371e845b3dee3c4c6dd6114b6b17aecbaa3ba3dd80899b1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 356
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:02 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 2513 39 KB
15 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 14:08:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17418
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 14:08:44 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame B3BC 39 KB
15 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 14:08:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17418
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 14:08:44 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 5977 39 KB
15 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 14:08:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17418
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 14:08:44 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 09A8 0
16 B 198ms
197ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=2751417941&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A520%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.foreks.com%2F&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~3~4~6&aslcwct=150&asacwct=25&aslmct=0.8&asamct=0.8&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342237&bpp=1&bdt=372&idt=238&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&nras=1&correlator=1007674390704&frm=24&ife=3&pv=2&ga_vid=1806834556.1704740342&ga_sid=1704740342&ga_hid=1962961701&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31080261%2C31080264%2C31080266%2C44809004%2C95320889&oid=2&pvsid=231521980711126&tmod=125727893&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.6l1e0a6pd2pj&fsb=1&dtd=246

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 68BE 39 KB
16 KB 407ms
407ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186313&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342238&bpp=1&bdt=374&idt=265&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1007674390704&frm=24&ife=3&pv=1&ga_vid=1806834556.1704740342&ga_sid=1704740342&ga_hid=1962961701&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31080261%2C31080264%2C31080266%2C44809004%2C95320889&oid=2&pvsid=231521980711126&tmod=125727893&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.dlgvh1v9xcpg&fsb=1&dtd=267

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ae376c48a2ac49aa66965f30fdef60142e699956f5b35a0ff3c06607d5e6dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 16431
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:02 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 json Show response
gum.criteo.com/sid/ Frame 4D35 433 B
555 B 231ms
231ms Fetch
application/json 178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=publishertagids&domain=foreks.com&sn=ChromeSyncframe&so=0&topUrl=www.foreks.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0

Requested by

Host: gum.criteo.com
URL: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.foreks.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

291765207f51424a314bc9e933d988dc3140f28ebc7d631bcb8128c992e54633

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.foreks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:01 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1395723
expires: 0

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 025E 39 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 14:08:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17418
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 14:08:44 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 23F1 0
16 B 369ms
369ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=2751417942&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A520%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.foreks.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~3~4~6&aslcwct=150&asacwct=25&aslmct=0.8&asamct=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342258&bpp=1&bdt=383&idt=357&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&nras=1&correlator=1204347526637&frm=24&ife=3&pv=2&ga_vid=2011963657.1704740343&ga_sid=1704740343&ga_hid=1059013559&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31080113%2C44795922%2C95320893&oid=2&pvsid=3985455299172220&tmod=877393974&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.vgrdks3gq9w4&fsb=1&dtd=364

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5E39 716 B
381 B 505ms
505ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186312&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342259&bpp=1&bdt=384&idt=373&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1204347526637&frm=24&ife=3&pv=1&ga_vid=2011963657.1704740343&ga_sid=1704740343&ga_hid=1059013559&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31080113%2C44795922%2C95320893&oid=2&pvsid=3985455299172220&tmod=877393974&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.ljzj0m5eu10t&fsb=1&dtd=375

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dc07103206f712d3a73a03aa9e43108119fbddff18a7e655dc632eb529c6110d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 360
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:03 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

activityi;dc_pre=CNqJxdS8zoMDFenLOwIdsAgJDg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7506580587442.957 Show response
5994599.fls.doubleclick.net/ Frame E65B
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7506580587442.957?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CNqJxdS8zoMDFenLOwIdsAgJDg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7506580587442.957?

391 B
287 B

49ms
49ms

Document
text/html

216.58.206.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CNqJxdS8zoMDFenLOwIdsAgJDg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7506580587442.957?

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr35s10-in-f6.1e100.net

Software

cafe /

Resource Hash

257300c48d532a7b1ca6bd338cc1a1182baa4937185e08bc7c147240fb13ca2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 218
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:02 GMT
expires: Mon, 08 Jan 2024 18:59:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:02 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CNqJxdS8zoMDFenLOwIdsAgJDg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7506580587442.957?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900026.redintelligence.net/ Frame C759 7 KB
3 KB 32ms
11ms Document
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900026.redintelligence.net/request_content.php?s=29482200157764204444550012563026&a=ab6abc64
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=368a912990&subid=&uid=42cc7c79091c7051&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCpHL19UWcZeLPHr6O1PIPp9aTiAym5b2gaYWVnKfJD_AuEAEgwLKCa2CV4pCCoAfIAQmpAsitmDqOYrI-qAMByAObBKoElgJP0PSgjNFtu1QYLNGBgaf-DThveSF1qJ_lVAz3q9qjafGNV9LSYkle9wJkNB9NzZI8SipGLmLcr3WVoveHM8tVBheO6it4y57IGiSf5bCXYyhti2_Le9i7NGtmkI2GJNafT4VGFV8VfrnSmcYmZIXZr_u3_fxXrEfmyhC5-IbWMleoWc34lbgCrJfb0G7KspoJE4d-M7RyDsC9-asyITwGfBTzdb-nmv2YAqli3VZjDedv3cK9qU-xTM1lqyD7_aZlWf_ECzamtZ8UK8UCrmywMC-EdEuA8q2feE55rgK4iakbBqLoDxM7sb9xbGQ-mVuL_m1APG4z0r4FpL3zmrRwj4kNOf-WB5b5OIUba3EXm1Phwe90gMAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljnvfLTvM6DA4AKA5gLAcgLAYAMAaIMCCoGCgS7u7ECqg0CREXiDRMI-uzy07zOgwMVPgdVCB0n6wTBsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSYQAvHhf_sxbIP2hcNbRsfWqOBGwOEtaEVJhNT15zXqBqYuBHdWncKeoAyZ0id75_Sv_EOSGcgtL5W5TTa4e_GRfg0YyWs0VRxR-_WqXBg3I9Q3HlqOxyiLasFhpWNKy2YEoYAQ%26sig%3DAOD64_2umme7eFLJ_cN7Jep7aHRWuatnRA%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-DOm-035dNZewGbRBriYGF_mGgqYABkirg502b0qaaA-isgv2FDJ1YFCZhAnQvzM0j_KVUX5Hbq_i4V9Ub7mPHjySjWHqyij-GLMQHP-uzHMzvogQJCfJW0th-x0-SeCHakVYrSZPlgDkisXtgvbcS00WX7QCga2_eiYtTph0gZMvw83kE%26cry%3D1%26dbm_d%3DAKAmf-Dk-OZLkFRhGraif8xC8iT1NeBfaLS77HF9V58K2FT9pDsZ4xzdZkTmhhGU2ULfzXwSi61LS0vnkC-GD0ZafMY8IjHXRFiMoOFASRCTgLApiMk2XoBSNh1ZG98hwHio-NiPYf_qZCCUy7ubZ9-hTxotA6iUOK82snDm02RiljccIvs8U8Liyl5E9yfNX7dRzfV5JEYT5BPym6XhTWyuwbZud4Vcdso8EL-vpHDzwCSSGeobDrh2WLRcnXH5cwj19WIyIRptQk2T3SxSDF99rvkHr_Ouxxb3_HClJzCyv9s8rYPyF7BKRxNJp7BUlu6GWdcZdv-Q5C9evxwGXRGNmyvxxatmh9FHJPytNah6hBYONESmD-46UrABToT0Ldav8RKdUANK1Y-m9RWklqz6O3zEvdm9CadfymjlIbbYGMzxp4AygoMiNsRcrUaxfZGu4xeUzmmxkhqeriK19GGUsaeggfAMM24cpbWr5DeVklzn-94TBBulcjmISqOBeYaEytXBmWi_ni985FkmzAaUurEBU_bW45F82k7PIeK1Pkt7YJK9yno%26adurl%3D&documentReferer=https%3A%2F%2Fwww.foreks.com%2F&ancestorOrigins=https%3A%2F%2Fwww.foreks.com&random=6649573938491&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 45e33062c49467a06af0ae500d896f800c24213a99a69755d3fd34b1f0a8ccaf

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2297
Content-Type: text/html; charset=utf-8
Date: Mon, 08 Jan 2024 18:59:02 GMT
Expires: Mon, 08 Jan 2024 18:59:02 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame B149 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 641a10f20b1c619a0c8a9fd6d83321299923e2736324385a731806f25aa0fd4d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

activityi;dc_pre=CImNxdS8zoMDFaPLOwIdJMwFYg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9722439991646.037 Show response
5994599.fls.doubleclick.net/ Frame BEC9
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9722439991646.037?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CImNxdS8zoMDFaPLOwIdJMwFYg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9722439991646.037?

391 B
326 B

49ms
48ms

Document
text/html

216.58.206.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CImNxdS8zoMDFaPLOwIdJMwFYg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9722439991646.037?

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr35s10-in-f6.1e100.net

Software

cafe /

Resource Hash

f19307580753af0b607fa397f6357df75d467c396b11d139afa027a00a22922c

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 217
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:02 GMT
expires: Mon, 08 Jan 2024 18:59:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:02 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CImNxdS8zoMDFaPLOwIdJMwFYg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9722439991646.037?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal90009.redintelligence.net/ Frame 4B44 4 KB
2 KB 32ms
11ms Document
text/html 138.201.63.149
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90009.redintelligence.net/request_content.php?s=10366500200286304444550012563009&a=8bc3b95b
Requested by: Host: hal90009.redintelligence.net
URL: https://hal90009.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=6eae03fdb0&subid=&uid=c53ef8eef8fefa5f&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCfQgx9UWcZcLOHuXK1PIPpKO3yAKm5b2gaYWVnKfJD_AuEAEgwLKCa2CV4pCCoAfIAQmpAoDLVB9FabI-qAMByAObBKoElgJP0DGAq0mfz0BzMJBdZXiC8TRfWJ0o6f2uVU3Ouo7A0XkhuctCvYIR-Gmy4QA3L7ut1VR2fQv_i_OdHqwMi3SMpivyqqSfcDXQcQvV-Pc0RH3XHXC3KfR4_E2C59Bmtx51EKzqIGBb1tSK4EkXUhgaSpz8RuJfkKIpnsTKRLN3rBmA1xsqnBfz17-URhc2u1V9mZXbHAzglyUQwCW4XkBv4QzD9fo8fNRkdvoNDwGdPvfCyi4IHnd4bZwZJmArslU84Wz830HaPVVkcCd0namxMnJxxD9khsHeXUkfb2GHxqNG_ureezniBB_4nugZFH9Nrlgpkl5iAOLUPJFhsW9UryM_8CwaI69XMNmgB8gwJP-389-y-cAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOlio8_LTvM6DA4AKA5gLAcgLAYAMAaIMDCoKCgisurECu7uxAqoNAkRF4g0TCPSm89O8zoMDFWUlVQgdpNENKbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSYQAvHhf_1sbcyA4O6ivAiKTHmnBMvrb_gimsZ0bWrNOIhWeuFQNG4CiIFJfEV9ek0GJ2M9n_O58GSfge6Iy60or03_XmQDkx-Zud5mAzOIxk63g5KRCFLVJZfk9BalwPggwYAQ%26sig%3DAOD64_2nVpw1Zw1zuW6fy_B9n1lGqlvAsw%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-C6v-kG3LH80ojA415fXEhe6U0dvfnuM07IkhMvj6ongeJ8DfOfrLFkE1LcYEgrLK9zyOkVzr_EFjxcg6fyQ4FCw8oCKLVXE9H3ufnzsTEoMX_HoPMlNkHE0twlFvmKDqY4A2-xFOdaPpDFMYkGo0_x34V4Qmi0TRw9CUNG8L6no_CydGs%26cry%3D1%26dbm_d%3DAKAmf-Czx6Kv26XDH-eHMvsqCMHq_VP9ZkFTshHzNRVnoQbsI3O6ZoUuJlf-qUP9fo8rRAZ6ly5ZD7EUIeE71nnLcsPsY0WKHGBnug5yNcCi5uoSsXmEr20Ia4s0MUAN-Mq2k9f--KLtxyazMvXyWw_7SRw7VklsJFFAeuaW7vKE1qfPaTJJTOq9C9gvqjKuSr4cE_gxm_KR74AGJoyGxO6IR-aZRi4VoNIyOrbZ73bV711pFc5xVeUNHhAv9SoiPbJLyT1QrKzxJjVvAC9aT06x4m5NE2HUFv0t4J1ZAVr325o2tF249zOmhUgtZB3l1iO24RHKwAeyfBX08ne2863QlMaEP9pa7jniFWGQdBYx37wc3e8vRD6wIeWI4G01-YX6OQfaYVtEd-uXJVIgb3aY_Zq09ivGcr_n2FZyRxFlwHKCJSJwpIi-kKh6fewpyDsHD3OdDZsHgV839LQAKt3eWAFCXYNgW754clmsscyROV5joxO2NifDYRg1UnwT1lPOAQskde12fccMxrlsC8PyRMTIk-4oaQWooVpIWThlQxjOGLIrLKo%26adurl%3D&documentReferer=https%3A%2F%2Fwww.foreks.com%2F&ancestorOrigins=https%3A%2F%2Fwww.foreks.com&random=4295766068203&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.149 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.149.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: fb1099bf4716b40a45e019a68f4e78308d0f85b1284e4343921ee3b1370a6742

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1496
Content-Type: text/html; charset=utf-8
Date: Mon, 08 Jan 2024 18:59:02 GMT
Expires: Mon, 08 Jan 2024 18:59:02 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H2

200

activityi;dc_pre=CPWQxdS8zoMDFRvpOwId91gKOQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=467024222124.1527 Show response
5994599.fls.doubleclick.net/ Frame E9C1
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=467024222124.1527?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CPWQxdS8zoMDFRvpOwId91gKOQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=467024222124.1527?

391 B
283 B

169ms
163ms

Document
text/html

216.58.206.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CPWQxdS8zoMDFRvpOwId91gKOQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=467024222124.1527?

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr35s10-in-f6.1e100.net

Software

cafe /

Resource Hash

387ebdf51a3a4b8cddd5159194a393b2c3b45ba58c053f71c5f5c324885d448f

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 217
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:02 GMT
expires: Mon, 08 Jan 2024 18:59:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:02 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CPWQxdS8zoMDFRvpOwId91gKOQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=467024222124.1527?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900020.redintelligence.net/ Frame BF19 4 KB
2 KB 36ms
11ms Document
text/html 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900020.redintelligence.net/request_content.php?s=21411900191433104444554012563020&a=2dfea6d2
Requested by: Host: hal900020.redintelligence.net
URL: https://hal900020.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=526f2fc715&subid=&uid=a832b02684b93862&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC2RJa9UWcZd27HonT1PIPrtiuIKblvaBprZWcp8kP8C4QASDAsoJrYJXikIKgB8gBCakCyK2YOo5isj6oAwHIA5sEqgSaAk_Ql1TyryI8VXkPnQLy_SZtv7kv7Z_Xz15y8cFtEk4rU18z8BBNDEmJplYKG4_93teemXoZP3dOB-CtOL22d21BJFhSNFaX9ZG4mTEnG1-aKKJbLJtMaMz3PIrht_V5SPEbbOqPRCOQ7wLZe9GrbByJkrrwQyTXTFB0mSvPo5fXSw-aL425NNWQO-UnnjOJROO4LDbx1uwkA4zPPFGo-nit_dYqqZ-BJ9tJSjvvngJDqTtooD9tEj3-ZIApQbNvNgw4X2vG5k0kIgPafi8LzyobezMqsU8wcv9lCLXB69T1_-CXnD5oMHqyyQZ4y75GYmzgg50hUw26NwDpeKQIuWds4F3Go3L6l9D5GZotOpDHqGCaZMJt4B9yBcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOli52_LTvM6DA4AKA5gLAcgLAYAMAaIMCCoGCgS7u7ECqg0CREXiDRMIoY7z07zOgwMViSlVCB0urAsEsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSYAAvHhf_G1AThOSRRippFukz4OV98QF_M_-x1OoP4JQ2DrWG28Fq1EkRNB-QnZCt5hDQHy-R8DG_zEvjKUNJq_1COA8ufOi5vQQPkD66X0tivVgK6Cc6HnHx6pUkmS0_vRgB%26sig%3DAOD64_3Vs317CGcaBXfURhrWZ36z-ePb-w%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-CoPZS6-y4FVAPkCPC07cEG_WB-6do1ydbfMMD3gN1kQCTjI8DOoqQfzX2DegyJs96Ucq9oUyp6NygBHS3yFUBpn5QXEGR4h0IbsQRhuHRUJgbCX9Bf2MkUKsMHXT687pizij9PhBGtCko3d6mPoJ5elw8CWpp0nru90M3li0m5iRCgFBM%26cry%3D1%26dbm_d%3DAKAmf-BYteweSu02JijDQOKw7y8E9bufpGkl2OxCzmSGd2CxT-sGRbXr7CsAF4eQV0-jI7XRCHizpXviahoUiIDChrTaCitqnljsTU9zb6koSwvgtdBmFwQ_oKSEdJqdNdVEBkbk7Ao-XMVahG39gDfmdIsiNJVXpTPRSmm7-MCZuybi_G2G2u6MDxEyIsKYK99vFbfBVmxU8Oq8CuF41gAr_q9m-0-6sDsTQi_GUQaJLjAHWDFBQ-VCXPfWSdAqNvRoaLd84nHyROCx9S-KbHdCqhlbPul2FtqbZygKBZu89qhUCtbUcKvee21hAk8IT_6kOlk_IAGaBCQzG5zCYuKgE5o7xWZEU48xM2GBJmLJbrq8E4uOnyU8_TmO4cJIqHnok212eF50zhrUAgRksVbfL9yFu1UdGRp393ai-CHFLKx0rJsblMb6ySlm4F83DxnEsF9XVItIC1DfGefsrE3a9XhEM8GnE_Yh_K5ZBMcqCuu4pTBaU5Zm9e4hxP5zry5FfPWsaK1aIuQr3Mqm0JcYVuCIlvd8x145u6H2Og2KEuk8GEuhfVA%26adurl%3D&documentReferer=https%3A%2F%2Fwww.foreks.com%2F&ancestorOrigins=https%3A%2F%2Fwww.foreks.com&random=1682985320122&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: 1fe589baeb612614c7035a14e1c4b552f509be3a55c3994f7f0f29c121a39b9a

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1501
Content-Type: text/html; charset=utf-8
Date: Mon, 08 Jan 2024 18:59:02 GMT
Expires: Mon, 08 Jan 2024 18:59:02 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H2

200

activityi;dc_pre=CLuTxdS8zoMDFbnJOwIdO_sLvg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5186091468.6385765 Show response
5994599.fls.doubleclick.net/ Frame 39FA
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5186091468.6385765?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CLuTxdS8zoMDFbnJOwIdO_sLvg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5186091468.6385765?

392 B
284 B

50ms
45ms

Document
text/html

216.58.206.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CLuTxdS8zoMDFbnJOwIdO_sLvg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5186091468.6385765?

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr35s10-in-f6.1e100.net

Software

cafe /

Resource Hash

aba72ba4ee31626cd249cb76e4ff9a6ab23b8e9f5828a741324c8c9a7a8623ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 218
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:02 GMT
expires: Mon, 08 Jan 2024 18:59:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:02 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CLuTxdS8zoMDFbnJOwIdO_sLvg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5186091468.6385765?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900017.redintelligence.net/ Frame 0234 4 KB
2 KB 35ms
12ms Document
text/html 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900017.redintelligence.net/request_content.php?s=59314500177308104444554012563017&a=ed1d1483
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=6eae03fdb0&subid=&uid=5b648cd7f77c133f&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCxP669UWcZZmfHvv_1PIP6Yi2sAKm5b2gaa2VnKfJD_AuEAEgwLKCa2CV4pCCoAfIAQmpAoDLVB9FabI-qAMByAObBKoEmgJP0C3LpfUJMNWJgu7rKy-0XJLdP2R3l1q3Qfjf208J1fuPLEzNPIA8ISqlCs0ozKVtmoRck0CV07buVmpD1PJ_f-H5VByNzLz11g4cAAocO9ZfSlhYKOoqGWVnBXc37VGqXvYmzs_L6A9uEYjW-Bo0rXgl6aKyjGaCyYrGJef07Lmce598qDfIRuNs7K0Gqf90HV9KthaprvbQ2df1qLrZdQrGq78IdKUki1MwqXF7WPWMYC0zBJ55H-oy2ZAvVqTHVHLnJLubhE-1_n6RVA0oqv6v9Kv8NjShz6RViWTEv7X0aJZHOtqlKYS1WdTkAsKbgrLkxRe_TnIJDvjrAYQJ6Jt--Y-1bi4Kt54tercRsnKs9z7rLQT8BDnABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHTICqgI6AoBASL39wTpY7M3y07zOgwOACgOYCwHICwGADAGiDAgqBgoEu7uxAqoNAkRF4g0TCIr88tO8zoMDFfs_VQgdaYQNJrATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSYAAvHhf_xyUR0Yx_g7oaoMy46rce8HR5f1ftI0yqsagItMz-rz_9e1tD53FN0mf0fMDRFf_6-3lHNue1tagaarDnmIlwkuFOv9s7-CLyFsmnWwNQ3QbNCJy6F-Dpf0IBKhgB%26sig%3DAOD64_3Gia6VDXQkQgAVZ4mK4lxRN54TYg%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-BDmBryLq8JkjDWTjQFCJ9jP8upn2_lLEgfMi3OeS2g4qYFJeNCAvl3gzqCPMRpfK9eDCLvyMDGlURuLllmTSyMU6Q3poD04rprp_GJA5RzSYPjzE4R9uebzLO49KkL0QAVAq5rIrV_p80ep6TEoyqpHHh2Avrnn4pZ_i_50M2x6YJrp3I%26cry%3D1%26dbm_d%3DAKAmf-DHIUu5ZCbf-7SBqOjKiYLMZqjzAbRwEfmpgu-2dO_A13c7Nic6PiGHwl46gF0pW9A3OJnzngO9XTtZu7ANtwLQD5WgQ8FrBaNgUXxnGDEcZbq1inLVhVzcZcjUM370ty-3sqgJHVL6OvOcyAOlrkYqlBLNzMFi6hMg6M3ok_A-uPPkg7nHKrCnmq_uYpEyQU8Ah2T8G0bbscl2jOnPvYHoiFHrLaDousDV_7vqYbwr99xlGsrMSsfBoFljfE9eDopOLX0OtJoP4BMKMr-yYo4kdlWLw_Kf0M9RQjEJLjMVpXlsFGXxtS6DFIzrlgo-PxBcO_48OybX1xv02_AXGoN_avFlurBs8s5mCwj8Kz8Kq4K5gw_75BtuJH_yFIQxxwK6ekGxKRgEYXJuA1HvGBQtnWhP0R3Hm7vuiABtdT27evogP0WiY7Sr2mFP7myzfCwSD2ikKHEC5v-zRgimM4NzPIW1o9dQdK2CDnngDncddJLiQITQSs8Zp1QTN6c-zrPnf4A00njjNjYtUqoJgIDNjgIJnV_zoqwP7O2xHkDGT2HZNn4%26adurl%3D&documentReferer=https%3A%2F%2Fwww.foreks.com%2F&ancestorOrigins=https%3A%2F%2Fwww.foreks.com&random=3901071166356&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: aa07463b6ad60931ac72e15e7386fefa00b234d6cac8a69bdcc5a83ff3d32ab6

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1502
Content-Type: text/html; charset=utf-8
Date: Mon, 08 Jan 2024 18:59:02 GMT
Expires: Mon, 08 Jan 2024 18:59:02 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame C759 89 KB
32 KB 33ms
8ms Script
text/javascript 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js

Requested by

Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=29482200157764204444550012563026&a=ab6abc64

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 13:41:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 537459
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32245
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jan 2025 13:41:23 GMT

GET
H/1.1 200
OK S-728x90.gif
cdn.contentspread.net/24i/content/soberfb/DE/ Frame C759 24 KB
24 KB 49ms
13ms Image
image/gif 51.75.147.170
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/content/soberfb/DE/S-728x90.gif
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=29482200157764204444550012563026&a=ab6abc64
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 51.75.147.170 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3133977.ip-51-75-147.eu
Software: nginx /
Resource Hash: 7c67dc1e9ecce0d3757d97792fd606effaa6fe799ebe7423aff81e26e07900a1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 08 Jan 2024 18:59:02 GMT
Last-Modified: Mon, 23 Jul 2018 15:19:29 GMT
Server: nginx
ETag: "5b55f201-5f90"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 24464

GET
DATA 200
OK truncated
/ Frame 9A73 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 51491faea25ddae85bd910f8c356077cc63e3ec5ad3f395bb0c2102d891fa5e7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 0C04 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5c2e9ecf95b1a1670328b5170d07ab42d3acae690402316e20d1f6680c9e425e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 993F 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c78d10b2fba352f7f3ee9703c76e20f4af0f6256b0f3837bed567eb673f8e4e5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame C611 0
0 61ms
47ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss2RD9KJPBiNpqyJJRYnHr6HPtERF4iVOQg_LpwNCru0OI6wj_AH3RRda2bpqjglOpHawVVEnXIHiXBaqTTAWc3ndn89MvdURZRf6nAezwngVv-_0VJuwHnOh58cNnCRhCk1lfSOglJaT5zd5PrmZwoDj-tozBX6KnxiyAxZ9sKMpAYDl4GhmM8N3xLxAKg0LxLX2DP8pFQdN3Hi6MzKuKXoGwUX013G6DCTOyPd1_oJ0FQ7biAGiq_oV0q9JMBG5Z67no9oHqFhtx_1qKpJxCgh5Nj0KNu-fE54CT0KChPs4-dAUBDdCKdVlYalgxJyOj_vE1r-RaHsnMu8uME8eNW4a-pGYpDzBXunYos2tJdzAFgFn-i44xBIwt7ysqGdQ&sai=AMfl-YTTzilQzt3QY1iFyod1iWDkhzwbk3M7uH0Ln7QpD85zcvPujP0IPwpTC1IGw0_xYm09nyslKSyI5kCXwkmf665STZ0Mzi0Y0EKtq9mFUGKr0MBAbHke44q_x1bUrjkfmc-gSw_9XSVgTo9D1X2hf8N79xGzZbO92TtMjTr-f118wi4&sig=Cg0ArKJSzNMKQ33kB2_tEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 08 Jan 2024 18:59:02 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame C611 16 KB
12 KB 55ms
55ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240104&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a21a1b8cd1305f786c76f4a19f318a8ddf0daec65b9020c25a096a6a3f8df15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12231
x-xss-protection: 0

POST
H/1.1 204
No Content collect Show response
v.clarity.ms/ 0
294 B 97ms
97ms XHR
text/plain 20.114.189.135
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://v.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.114.189.135 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.foreks.com
Date: Mon, 08 Jan 2024 18:59:02 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H/1.1 200
OK S-728x90.gif
cdn.contentspread.net/24i/content/soberfb/DE/ Frame 4B44 24 KB
24 KB 48ms
20ms Image
image/gif 51.75.147.170
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/content/soberfb/DE/S-728x90.gif
Requested by: Host: hal90009.redintelligence.net
URL: https://hal90009.redintelligence.net/request_content.php?s=10366500200286304444550012563009&a=8bc3b95b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 51.75.147.170 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3133977.ip-51-75-147.eu
Software: nginx /
Resource Hash: 7c67dc1e9ecce0d3757d97792fd606effaa6fe799ebe7423aff81e26e07900a1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90009.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 08 Jan 2024 18:59:02 GMT
Last-Modified: Mon, 23 Jul 2018 15:19:29 GMT
Server: nginx
ETag: "5b55f201-5f90"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 24464

GET
H/1.1 200
OK S-300x250.gif
cdn.contentspread.net/24i/content/soberfb/DE/ Frame BF19 70 KB
71 KB 46ms
15ms Image
image/gif 51.75.147.170
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/content/soberfb/DE/S-300x250.gif
Requested by: Host: hal900020.redintelligence.net
URL: https://hal900020.redintelligence.net/request_content.php?s=21411900191433104444554012563020&a=2dfea6d2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 51.75.147.170 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3133977.ip-51-75-147.eu
Software: nginx /
Resource Hash: 8aa79a5d6fdffd63c26f013cd8f1bcb12ed624ef714702b5850cc30b673e6a37

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900020.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 08 Jan 2024 18:59:02 GMT
Last-Modified: Mon, 23 Jul 2018 15:19:52 GMT
Server: nginx
ETag: "5b55f218-119bc"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 72124

GET
H/1.1 200
OK S-300x250.gif
cdn.contentspread.net/24i/content/soberfb/DE/ Frame 0234 70 KB
71 KB 51ms
14ms Image
image/gif 51.75.147.170
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/content/soberfb/DE/S-300x250.gif
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=59314500177308104444554012563017&a=ed1d1483
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 51.75.147.170 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3133977.ip-51-75-147.eu
Software: nginx /
Resource Hash: 8aa79a5d6fdffd63c26f013cd8f1bcb12ed624ef714702b5850cc30b673e6a37

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 08 Jan 2024 18:59:02 GMT
Last-Modified: Mon, 23 Jul 2018 15:19:52 GMT
Server: nginx
ETag: "5b55f218-119bc"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 72124

GET
H2 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ 33 B
274 B 31ms
9ms Fetch
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

d558014eadf8cc2e103907d66f622bcf05f88bba2a65ba8d343db89ce75a0b9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: https://www.foreks.com
date: Mon, 08 Jan 2024 18:59:01 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type: application/json;charset=UTF-8

GET
H2 200 bridge3.609.1_en.html Show response
imasdk.googleapis.com/js/core/ Frame 53F6 751 KB
240 KB 6ms
6ms Document
text/html 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.609.1_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a897aa772be6fd024baa995acead8df3e5de4cba9e4aef00307c1a60edaeac94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 14758
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 245986
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 14:53:04 GMT
expires: Tue, 07 Jan 2025 14:53:04 GMT
last-modified: Mon, 18 Dec 2023 19:42:36 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 client.js Show response
s0.2mdn.net/instream/video/ 44 KB
16 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 18:59:02 GMT

POST
H2 200 count
logger.virgul.com/ 0
116 B 558ms
62ms Ping
image/jpeg 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=infoLoad&g=m&r=npm_foreks:::&o=0-100&iv=&wVID=&info=&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=1/8/2024
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 08 Jan 2024 18:59:03 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 1B18 40 KB
14 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6300f448d738e70ac11f0140df0b3ce91a2de9e0da7fdf09d32d28031600ba51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:36:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1355
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13893
x-xss-protection: 0
last-modified: Wed, 09 Aug 2023 15:57:08 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 08 Jan 2024 19:36:27 GMT

GET
H2 200 logo-dark.svg
foreks.com/img/brand/ 3 KB
2 KB 37ms
34ms Image
image/svg+xml 18.239.94.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/brand/logo-dark.svg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.94.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-94-82.ams1.r.cloudfront.net
Software: /
Resource Hash: 55568d78493cb7e0ee57d25db4418b7d0514549f94dc27314e7626f886b68f8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:02 GMT
content-encoding: gzip
via: 1.1 316c3f6f9514dc45c45cd1b2385757cc.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: AMS1-P3
etag: W/"c82-18ca4cfb930"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: 7DyuhXiF-4EsFFitI7aiZkIb6b0MvwYCA43kBU00TbfVBmxtF3Vxag==

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4B39 0
20 B 45ms
44ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BFh769UWcZY2CH7bY1PIPgc6MsAMAAAAAOAHgBAI&bg=!4uGl4a7NAAY3kmNgF5I7ADQBe5WfOJuXExJLmlDP1Zr663BqqKHJWzSmkz8mf3brGAAY_qq5xXbNpb3HSMLwpW7F-VEVAgAAANFSAAAAAWgBB5kDBFVxeMAiTMThiPeGbk-UWUa1XFoYF7oKM7k6-KI_2TjMJJbH6ZWYYAmjOmS44EYvX6HGeIbMBfLK-_dOFnl2iVCBmtLbLZ0PWlfiPH6esOkm5ssZ6fJFSacuzDQewb9l5YSt_ZAj7OdnyR_aPYJUaaceWZXCVShWvNtEEE6UlwmF_8YS5Thi2sBqiA2gHjSJlOjoF25jkyIQFgzWrIEuto1dYPd8lBfU9Sk_NhqTuYIdjFXODXbMaCt4q2xg_XqfNB7Yxkbx1U0dd6yAL7KbmZ1Lz0W6Uw9fnnSWCIgS9fYRY3-dM6bzG1d_mjK5fiYcdVoi_4IfU2gKBd71D0YahAXE9m3iOyPXPDMFCkT4n8JaVcFeqO5D5Y2R2dIRf1duudFaGENoT_9ehjdKB4-YfNavaSYwIqMgSQEB0JhYhl9b-ZcKKEWean_dyBgVLPbINuh6M-Gs77sksuBYUPlQZkgaP6VMb0-LmTYcAwEeWXoDkhbhHyYcPun2Escy1QCKshCNYaWPwicamNil1FlkV0JAQM-J5GGsnXYksdfvT0EfX7NY8yJ6Skhx5TgWzUW6dbwSSgac0U4W0Uz8D3f5gYezx3aJYUa9hTeGwlIkKBvmqfJJ_DpnJXXFoyKO6MkFy3LwRbiWvNQ5qR7c2ObDASiU2mxG57myZvg3TgtIj1Fej4gCL3F9aW7IQ6b3nCQOCcT6t-Lc4KimnxQVow3YRDvQrNU9BuQCG82lZ423jh6Umz4CKgdttoD64H5IBHP8lWl7tNVf-aX1RTEa-5uR-W-5ReJ-3_FJAGX3Gdkd5ItZp8hgPybD04RS-sLaa7Ojn_DCNNnsANt09sjMP4et-V1fbAQsOhkvadF6wB9NiP8VceviUeT-tpFGu5HhIxzBsSrj4F9uaBxS_6u2oNa3gGuPVDpujR4OyKpk9jERrkRmCRHi1rNyMjotleoZFJjvjIdvgPh553sGMwkcf79oquaS-9vZ_8mStAkA6IeJLA4ESeR4P_ycoUKUCRYh3uzy36nLYkk

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal90009.redintelligence.net/ Frame 4B44 0
150 B 32ms
11ms Script
text/html 138.201.63.149
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90009.redintelligence.net/viewability?s=10366500200286304444550012563009&a=d8da3f61&vb=m
Requested by: Host: hal90009.redintelligence.net
URL: https://hal90009.redintelligence.net/request_content.php?s=10366500200286304444550012563009&a=8bc3b95b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.149 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.149.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90009.redintelligence.net/request_content.php?s=10366500200286304444550012563009&a=8bc3b95b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 08 Jan 2024 18:59:02 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 4B44 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F9D7 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B4fe49UWcZbfEHpnG1PIPrN-ewAgAAAAAOAHgBAI&bg=!IiGlIW7NAAY3kmNgF5I7ADQBe5WfOP7GWS6Iflj9CkV4nG41Ohim57l4wH_5LePNJCVH2ZQyC8EOu4C7loFunJ5kY1KyAgAAAO5SAAAAA2gBBwoAC68S--9vg--raSmAmQMJMVXOTsUKvYKCKoinSRwYZYFRIJNoObHLlWKbF_NqIwPwi7qFt61CECRxYW5eESb_iM-0jwJ5KarO_nc4RLfsBXx3LdQ7XZJ-w2LvXKUzfYZRRJm8FjWEYOuRbrGKbQhukCgedtuKuPtgma74woI5w-xeyBNFpt5bq1OV0ArCeOttAXViz2IyIPkyZ9cjPtaN52ELB8bOM3d07kbo7oTNhBtVLkH4NXPxFBvlUQ5MDd0b4v0LbN6DMmjFaCxHG2aYVzlQCm00WCO78dtlGPXS0JfEVwxcSR4qJBqbQk2t_fd8TGKK0XdjBjxvB4nHLMhbZ2ZdzzVMJO5UM0ErEx-4MGs1BmcRqXC6ZvISZyETiX49CPKVDnJZqim8juQrVO-zV30X9vG2IhYPKgHCI0gTTjo7mVU291LLpx_V381DDoHciqUtLBiqcg3O4C4XBb3EcF5dVIhfWN7TEsc627Jza4nkJnlvliS0DFz4qT29tByTEPFrquwZQNJV16AzFfK5_q1jDQMl-abL7hcNTdaOfq_RSsflpG9TJSmvOfym8WyCQxwU8MgxLPCje7eff6aHQEjx6dpoAqjaRrt0XXtuAA6s1wzn-9pbIeDt2BLo5u8VnExbR0CeJ5eN5OeqLgol0Ep5-EQ5IJNPT9bAVRpIh9m3k96WGUk4v5QbB6zJF3PHwY9vJ_fOeBbgicB5QV_75p8N9h6nWW6msIIrqENtTvcqM5PB_pmhqJkTOOrZbU6wB0hJryiGXwlL06xhasKKkYm7QI71dFuJjlkAGLI2A0yU1q58xF8GfCsd3SwktxKg45usd0P-et9ODu4qLjXyxrKK1VPnC-RfICtqpO6frf_exgzDydnY4HCcDTyENJT4eRIdg457O5kzfb3GUt9vBJlWPwgp04fKeupBPRPyLHwvAD8Mex1VpBmV9-yVwGkGyZSOwrK_btzFojcLsQw-8kY4oBGthhcNGf_drCa0iKi9YmjAZP2SxcZAY0xk7tqnEMcOE6e35tR34cIfb1TeSBNdmoUUFgZx

Requested by

Host: www.foreks.com
URL: https://www.foreks.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900020.redintelligence.net/ Frame BF19 0
150 B 32ms
12ms Script
text/html 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900020.redintelligence.net/viewability?s=21411900191433104444554012563020&a=6e889b4e&vb=m
Requested by: Host: hal900020.redintelligence.net
URL: https://hal900020.redintelligence.net/request_content.php?s=21411900191433104444554012563020&a=2dfea6d2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900020.redintelligence.net/request_content.php?s=21411900191433104444554012563020&a=2dfea6d2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 08 Jan 2024 18:59:02 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame BF19 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK viewability Show response
hal900017.redintelligence.net/ Frame 0234 0
150 B 33ms
12ms Script
text/html 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900017.redintelligence.net/viewability?s=59314500177308104444554012563017&a=d5e45eab&vb=m
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=59314500177308104444554012563017&a=ed1d1483
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/request_content.php?s=59314500177308104444554012563017&a=ed1d1483
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 08 Jan 2024 18:59:02 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 0234 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame C611 17 KB
6 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 08 Jan 2024 18:59:02 GMT

GET
H/1.1 200
OK viewability Show response
hal900026.redintelligence.net/ Frame C759 0
150 B 32ms
12ms Script
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900026.redintelligence.net/viewability?s=29482200157764204444550012563026&a=934a2e84&vb=m
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=29482200157764204444550012563026&a=ab6abc64
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/request_content.php?s=29482200157764204444550012563026&a=ab6abc64
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 08 Jan 2024 18:59:02 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame C759 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 dc_pre=CImNxdS8zoMDFaPLOwIdJMwFYg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9722439991646.037
adservice.google.com/ddm/fls/z/ Frame BEC9 42 B
107 B 67ms
47ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CImNxdS8zoMDFaPLOwIdJMwFYg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9722439991646.037

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CImNxdS8zoMDFaPLOwIdJMwFYg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9722439991646.037?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CNqJxdS8zoMDFenLOwIdsAgJDg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7506580587442.957
adservice.google.com/ddm/fls/z/ Frame E65B 42 B
107 B 65ms
46ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CNqJxdS8zoMDFenLOwIdsAgJDg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7506580587442.957

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CNqJxdS8zoMDFenLOwIdsAgJDg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7506580587442.957?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CLuTxdS8zoMDFbnJOwIdO_sLvg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5186091468.6385765
adservice.google.com/ddm/fls/z/ Frame 39FA 42 B
401 B 64ms
45ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CLuTxdS8zoMDFbnJOwIdO_sLvg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5186091468.6385765

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CLuTxdS8zoMDFbnJOwIdO_sLvg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5186091468.6385765?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2513 0
20 B 44ms
43ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BHf669kWcZfThDPjF7_UPj4egqAIAAAAAOAHgBAI&bg=!Z2SlZCvNAAY3kmNgF5I7ADQBe5WfOOPH72X1VSPZzAyW61eP4vK5yh4NSPCHMm8APBd2RciHf1tJ1wvKT79njC59M-0oAgAAARJSAAAAAmgBB5kC-E5JNfVbctoSBb-wvdukC-q-fctEfD3WlyxlTNS1ET7v6z84OHESrbEp6q0H6Z3NnDhI4kGO6qXLpDl8XhsWtmqTcx8DV7VO1X4DxLa8jl0ZtIbnG88TNpqKB_cLMYXTu561R9-h1c-HClV7oBIKuVZNK12fkn2q8cIgQV9krJjhyXk3o4cjahH_J1Y_qx8EUx86oNhNqXTQsSP3kaYuJP0uVaF2FOuwflHGymmSlsoU-Nq_QXmPgMbdcp1IE_0SPNFhlR4J0lD61HTcj1R3VocU74pKEHmHrsuCSYG7LlVvC3iRVPqsavlrRIyruPUqlsYimkLxgX8vUtpOT2S4G63yenRHD1ntoClRGxfdVLsBvDMLvJ0s0zWOWEGDFs0MeK-eeSTULQSeOW-CEMRJyMjyZYUyGTy-B3T-h1gyKwTQZIgxjckUCdHC1f6KqtM4BDryOLd-eRYIP-qrRWEKYveb2dCT0LGP3RMhehUdCoVo9n1G2Mb3KGVFceiWoLYyu93VwW9aG43dERUrMrW5fVqC33g0cXcasYkkuJWhOV1QDwT283UOzf8X9A1Mzd5T4td9G4QF2hkz7Q2h0lmYr5o7Aat8mzdgcpxdfg3pHQYxIAkWKZti6Nu_5-k-K8i0YQhVmC2pKEeBIlbP_BaVV7gSJTmQiDLC1yzOmxBk7_ZCKg3Zu2GsvzxZ6kzmGv0CZl49jqPHawh0Yvx_WFEYkfL_LixqDfZny07h6GavuziLbg6BqX8vVI10IUT16wc-B7-BD4ssd5jhYpUx_SEqZ_tJYvN9dgdLmDtBq8xv9bvuI6nP7H-EUSqllc4xnhcMw6f0IVI55pKngi_DA1746ZslKgCdb96pNnDj2P5tCEPoGNBlXQo9nAovOP-NIrctPhPqj0gUglQS6BJhU-igBIq9oSz9tMR5D4yfv0SolTBcMJzDtnWe1Na1bpW0NKBghrw2KwtteG8nn0CePce8TQguD6b1KS5TjtyYwLKWV7L1HCqkjzPH7w8

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B3BC 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BbC5f9kWcZYuFDY3p1PIPwa6t8AMAAAAAOAHgBAI&bg=!ERKlEl3NAAY3kmNgF5I7ADQBe5WfOJtlqryX0gfrivWpmLzfdRQbkhOUSQeSByOfTf0DhgtHNjGHMrx1u78gY2KDmOO8AgAAASpSAAAAAWgBB5kDC2vUJGrD07WgOmyZq2Vd_cLbA2tD58dZ9r1mWObqdcAaIpwsCRtYkwZ6ekuhYnBF2HXrQA4zIJGgFa3qZ-i3jVB4s3MzbSfDvh5GvxQjUsM-rPfvur3dbLdfQLzgAtgUxSslhkDt6jD_uo6uUyXSUPr2egXFf4titLZpHEyGf4w0d1QYKaBuDgM4XCHfOYXYbieVg9IIXV5lAYGLWkH59Zs8kQl1pJKc_ehmDfsvYACNGHXuMAXEsHHdI2DUwamPeR9cs4-Nk8FUozVGX67OjRlBY2uPdZF-AiZ6VlwgCSO4kziETeRn8jdMyQVr0QecX7LTKsFrzC0-bN1_YfGPU8bY1DM4uDjeOvYKabne5U0geie6AOG3DPnO1we-tYGB1imoPbFI25RZxlpFyXF6QeNyThguaTL1g4vtWYelUq_uPXaVG0CncnCDaWxKW2i4aIIeWp8AMPBE45xPPlDxJcmQA5NAQM2HtTynuF0e8f_Jqnc5CKG2nhJ_PD40VCQct2R8EVuU9RTv6otlvP5qkSvCSHoo9kh1jLO_UIiRRhnviyG44ZuZANUJ2mtNaImMvzVtZSkgMzbR7GVf9twvMs0I52Y7DoT8HDNBJ4DQlsitbTMoFnac7w2T-w5ECa3pvKsnVjQoShxFpx8f1uLldYBc3yoCZjLwg5Q9wC2JpACnU8yEC2OB4_i3WfU-sQR5YQEyV7Fa5xJ8MLWsJ-BzMP0c0DvXCWnG2TJV_zePhkQSK8Rpd61vb75aLVf0Fm4W_Nr7XPSZ4_kk2Ddbtd3KlwJ0JvI3Z-Dyl48UXC67HPr1QN6OHs_1aFrfUjYGUu4GM7Wrr9gw0rSmHIMQJXqTqY4P0mQSvR7-8qxaFBrl19J0V5tt_idAhbwKoo3N_cBBA7aPL0tx7M_MeIednT9dY4zTgWQ3pkjFjXeEuxkNyXifnWT6xQrH2E70vIwlgm2Z2QhwB_hbAjGCxQpfJ4e24tEf13XZSR9r4jQypWRtuMbJnazZnDtVAG1_mCqMhOQQJaAeQdc-JH6n7eTz

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240104/r20110914/client/ Frame 6E44 3 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240104/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=3173046724&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342170&bpp=1&bdt=374&idt=246&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3215437451061&frm=24&ife=3&pv=1&ga_vid=650811357.1704740342&ga_sid=1704740342&ga_hid=479107884&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C44808398%2C31079758%2C44807406%2C95320377%2C95320870%2C95320890&oid=2&pvsid=3437858270982662&tmod=2064810646&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.8z9oe33zf6zv&fsb=1&dtd=248

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 07 Jan 2024 20:46:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 79957
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 21 Jan 2024 20:46:25 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240104/r20110914/client/ Frame 6E44 20 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240104/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f764c969a82705ba7838239087f5ff9b33e978b6bae2657e299b6b14c30ad7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 07 Jan 2024 20:46:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 79957
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8523
x-xss-protection: 0
server: cafe
etag: 16500369019378894752
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 21 Jan 2024 20:46:25 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 6E44 0
0 14ms
14ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaThDmSmwtWuvuG1U9YSWg-OufV_a64DKrilw8hfmTaJ-GAPurCsrPodE8BDUso7J3m29Wxi5YfjaZRjNQ18JYeGRPZavQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=3173046724&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342170&bpp=1&bdt=374&idt=246&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3215437451061&frm=24&ife=3&pv=1&ga_vid=650811357.1704740342&ga_sid=1704740342&ga_hid=479107884&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C44808398%2C31079758%2C44807406%2C95320377%2C95320870%2C95320890&oid=2&pvsid=3437858270982662&tmod=2064810646&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.8z9oe33zf6zv&fsb=1&dtd=248
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6E44 204 KB
64 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65775
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704286440049996"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:02 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5977 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BSNPW9kWcZcbLDt3Q1PIP582lkAIAAAAAOAHgBAI&bg=!gIOlg8zNAAY3kmNgF5I7ADQBe5WfOJ_leZN0QDP0L7V15V6yH9VQHASO5QgTVMS6Oj64zeeA1sYr-4oxvfG_eMICU3OBAgAAASRSAAAAAWgBB5kDABC8iSPbdTJLkGt8-Nd-px0Wfq-xDiI2A4nel8EfxwOEm2QCAwmpfRGZIMhPyJXtSaxmJDZB7mDPdMy0lC6hyDJAO1bb9JocxnxQwXEYlGvX-OSZ2Nmq3k5iw9yuyNfNyqTAFckCmLVS1IeJDDw09gHoIBYDniaYMcTy9yO9MletBPdD6LSomqP3mecZI5XTn2vhdER-rZxP_YCPgMvpaTcLt6SVNbPSmJqnLkINfg_GLTpATvNgOw3Ex8DHMNtpP8yp53m5l_bpyqP6keMCj22UCHTJureWW5MGCccPzYj4-koRGk_rP6-if_GkA6ObvB5YHhCGm00Wp8bBQzAUFFvayFLfbTDRKVaZT4mfTFMs4f1yn4Y26w69VuRhzTyQcsX9GPE0kwDP4qMPJsQs55iULiu_5uxMd24ldnpMPeOT8gaBAbxwHcDfHJF3W3LYArHI1eiSRxoE0rksWhAfquDFj1U92dsRyx3FwUSnThMFvGlW-5F57C6Z02GMrC_aMatS01D18w9rejEJTOSb3k6jw_9UNMH8xuk6iUYuoaV-bNF4TvgTwecTblwQRZ279LzOgBDkDsEDT7rjUi3J7GrhcaC6hz-1udMvhuW3dTBSqSbL0GdkpZXcEOwD6MIYVEtQz_wkuXdl0zTtcf8xfZL-LwGamqYWVO7KyzZBqdwRnpUDXsbHsKSdUGhCPWGGQBlDwn4WQ7fYDbzBMQiqr3fikjlAX2fo6dTBLZ9n9W-N1PQv3KJ4Tkz-aLOkoKMQNNel9AIbbrGHNw-oXvQPVuXJqqzDQH1w-z0kPBm_ywB8A4grSnH0Spc26l3zCf9NlyKwiHHJkVo3Y9ERdVhWF1iXp95_KybIzNhy1W2-oGLdml1AhxgG3vIc0wOS8iYHtt7oi2aH8u4yo8Hlnp-KKBYc1z4zS57WhbGWQpsfwgXXXB2m5olKCSbNGNrPgzVa7-QHCy1Dy_69G4D-vBLkozdGlyig6WEXt445XDmwbmDiIe5Exy5b52DbL7L_hqcLrw

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

1x1.gif Show response
imagesrv.adition.com/ Frame 68BE
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?userid=&ssp=2&gdpr_consent=VM=TRUE_DV=FALSE
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMyMTgwNDAxNzA5MTQxMDA4MA%3D%3D
https://imagesrv.adition.com/1x1.gif

68 B
178 B

378ms
121ms

Script
image/gif

217.79.188.10
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://imagesrv.adition.com/1x1.gif
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186313&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342238&bpp=1&bdt=374&idt=265&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1007674390704&frm=24&ife=3&pv=1&ga_vid=1806834556.1704740342&ga_sid=1704740342&ga_hid=1962961701&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31080261%2C31080264%2C31080266%2C44809004%2C95320889&oid=2&pvsid=231521980711126&tmod=125727893&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.dlgvh1v9xcpg&fsb=1&dtd=267
Protocol: H2
Server: 217.79.188.10 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: imagesrv.adition.com
Software: /
Resource Hash: 293c77c6050e6d5b873a388ca5533ee4aedfb9c7a44d25fd89e22bb38cb44f86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 08 Jan 2024 18:59:03 GMT
last-modified: Fri, 24 Jul 2009 13:46:10 GMT
accept-ranges: bytes
etag: "3122740758"
content-length: 68
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://imagesrv.adition.com/1x1.gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 233
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 show_banner Show response
dspcluster.adfarm1.adition.com/ Frame 68BE 3 KB
2 KB 46ms
12ms Script
text/javascript 85.114.159.67
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://dspcluster.adfarm1.adition.com/show_banner?wpt=J&cuid=3984447&cid=6324602&bid=19203040&auction=121/32/4/14/53/55/124/87/89/-111/-128/-26/-124/-98/93/-80&ts=1891074550&bidid=7321804017062015373&p[isGdprCompliant:1,isFirstPrice:1,trafficType:2,isUserUnknown:1,bidId:7321804017062015373,advertiserId:128654,ssp:2,referrer:aHR0cHM6Ly93d3cuZm9yZWtzLmNvbQ,isWifi:1,adSlotId:62601535,supplyId:1,domain:foreks.com,networkId:3284,auctionType:1]&adhost=ad-dsp53&userid=&clickurl=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCblkY9kWcZf7GJIGBtdEP5pOqyA-Q5vLObZqXosfzAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQIRJ-Q3hmGyPqgDAcgDAqoE8gFP0DCSV3O3_Oo7ahUxYS8mDz52WVDG8qYgAg5IaIQSURpsdDVMXf5OcPf9DJE7ieRnyPgm-j8_26ueOF7ZisoVTCYsctdjof1hO8p8JIt-KvK01rpwlSmXP4YIN-RlsNlnW6wqOuVdXSG88-tyM51u178_mRFK66obNvW6SQZFcch1ItX1GKMC8A1-SntQ6a1rLyVPZebPsOU6_CUrcnpIowpULigpRrxNHiAVV4Hvfisutj-X8DL1lW1e_KjmoK5q_Wbw34lNUESL-BhdvtAT7r8o9uJUHOcDOQ5RuvX62PWTZbIV38PGlNmYpwebkElwl4AG0L_6uNS00ssloAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WP7es9S8zoMD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2_5AUUeQcM_PiCNHq90dNTNobOWA%26client%3Dca-pub-6593523210010154%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186313&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342238&bpp=1&bdt=374&idt=265&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1007674390704&frm=24&ife=3&pv=1&ga_vid=1806834556.1704740342&ga_sid=1704740342&ga_hid=1962961701&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31080261%2C31080264%2C31080266%2C44809004%2C95320889&oid=2&pvsid=231521980711126&tmod=125727893&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.dlgvh1v9xcpg&fsb=1&dtd=267
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.114.159.67 Loerrach, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: dspcluster.adfarm1.adition.com
Software: ADITIONSERVER v1.0 /
Resource Hash: 8c3cd39bd728c1030c043345485e2a0cbfd219bd539d81aaea8fecded84be3d3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 19:59:03 +0100
content-encoding: gzip
server: ADITIONSERVER v1.0
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
content-type: text/javascript
cache-control: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/ Frame 68BE 3 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186313&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342238&bpp=1&bdt=374&idt=265&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1007674390704&frm=24&ife=3&pv=1&ga_vid=1806834556.1704740342&ga_sid=1704740342&ga_hid=1962961701&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31080261%2C31080264%2C31080266%2C44809004%2C95320889&oid=2&pvsid=231521980711126&tmod=125727893&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.dlgvh1v9xcpg&fsb=1&dtd=267

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 12:23:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23752
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 12:23:11 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/ Frame 68BE 20 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186313&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342238&bpp=1&bdt=374&idt=265&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1007674390704&frm=24&ife=3&pv=1&ga_vid=1806834556.1704740342&ga_sid=1704740342&ga_hid=1962961701&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31080261%2C31080264%2C31080266%2C44809004%2C95320889&oid=2&pvsid=231521980711126&tmod=125727893&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.dlgvh1v9xcpg&fsb=1&dtd=267

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f764c969a82705ba7838239087f5ff9b33e978b6bae2657e299b6b14c30ad7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:12:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31582
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8523
x-xss-protection: 0
server: cafe
etag: 16500369019378894752
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 10:12:40 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 68BE 0
0 14ms
14ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRyZUA0JLnXvrh7YuC3iEmEq3mitOh8EP4gNRVeMa9XsHh9A5ILdcoCgc5h8BlS5ENMD6yT8ZyhJzYqishPIX-5cF__Qg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186313&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342238&bpp=1&bdt=374&idt=265&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1007674390704&frm=24&ife=3&pv=1&ga_vid=1806834556.1704740342&ga_sid=1704740342&ga_hid=1962961701&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31080261%2C31080264%2C31080266%2C44809004%2C95320889&oid=2&pvsid=231521980711126&tmod=125727893&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.dlgvh1v9xcpg&fsb=1&dtd=267
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 68BE 204 KB
64 KB 60ms
60ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186313&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342238&bpp=1&bdt=374&idt=265&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1007674390704&frm=24&ife=3&pv=1&ga_vid=1806834556.1704740342&ga_sid=1704740342&ga_hid=1962961701&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31080261%2C31080264%2C31080266%2C44809004%2C95320889&oid=2&pvsid=231521980711126&tmod=125727893&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.dlgvh1v9xcpg&fsb=1&dtd=267

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65775
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704286440049996"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 18:59:03 GMT

POST
H2 200 count
logger.virgul.com/ 0
116 B 386ms
61ms Ping
image/jpeg 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=adDataLoad&g=m&r=npm_foreks:preroll_midroll:100&o=&iv=&wVID=&info=&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=1/8/2024
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 08 Jan 2024 18:59:03 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

GET
DATA 200
OK truncated
/ 1016 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6823cdc5c5bc297bd4ac06187687fecb2a5c110658ebd5efba820132571fe6a2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 zoneview
ng.virgul.com/ 0
213 B 54ms
54ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1704740343010&v=https%3A%2F%2Fwww.foreks.com%2F%26vi%3D10816958%40&r=158737:foreks&userId=vnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1&info=&ref=&rdmt=0.23037682217838906
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: https://www.foreks.com
date: Mon, 08 Jan 2024 18:59:03 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 zoneview
ng.virgul.com/ 0
213 B 53ms
52ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1704740343011&v=https%3A%2F%2Fwww.foreks.com%2F%26vi%3D10816958%40&r=159346:foreks&userId=vnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1&info=&ref=&rdmt=0.33758509814312454
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: https://www.foreks.com
date: Mon, 08 Jan 2024 18:59:03 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 3D90 0
0 46ms
46ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstpjOgZR6aednSFnmtVEXg4CxOdOh9s3hJMAMtA93hmdzdzLEGGkhNKNClCGfrdjecyxSyCcmZo3XiSGHqsSYdSPKVIHfWjrqZbGGBdvWaXZ99Wz_eaQbuIZUim3uG1Ka-pVIj13PB_u6gKwSFqdkXvofbnFSWAESWaVY_87kmAkOWNxI37fcz43GaK5P2DRED_xC0Z392GnK2T6JklzwBR_Ki9QkIH-N-dsxMETIbC6rxYwZhi9UBNcCBFHSnFJVHkeR8tyD_WOM6uQ4eT_3wg4D1ZJOZi53rhadheMCKJVhUiJ_f6A8yTaWGBldim_MAbjooMhxG9FcxReWEzlIHufYLFxUzI8f7uejzDFUHFqudzt84QKA1TUz_PaKAUKw&sai=AMfl-YR55EhIhMMcXymFd1poytx-XdEBtzTRpuvYm8uqXyFtyUKnt9iKg3p3OG36VTCDJ2F6Z3AxHDzUJ_0TJ8pDEHkW9t5ZQi3_U-S3MDjM8aXNf_oauRjp7np3Gwng13w4FrHzrdu6OAo1nJ_f08PZcaXeavRAHDFrBCBL9RM1RXWWVBAt&sig=Cg0ArKJSzAmwUQeXJLgJEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 08 Jan 2024 18:59:03 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 3D90 16 KB
12 KB 59ms
59ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240103&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c21d8f19b48bf83626d5d957021dc7db160105082a57b40d78de786353b959c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12449
x-xss-protection: 0

POST
H2 200 v3 Show response
id5-sync.com/gm/ 319 B
599 B 21ms
8ms XHR
application/json 162.19.138.83
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/gm/v3

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.83 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31532338.ip-162-19-138.eu

Software

Resource Hash

5363ce0381cb3e40740d923b2fca59ff91ab707340c5d72b314857574bc8ccea

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.foreks.com
date: Mon, 08 Jan 2024 18:59:02 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type: application/json;charset=UTF-8

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame 5B3C 2 KB
3 KB 58ms
32ms Document
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1gfyksmbm2yrx3js1rn56d7bvprjc4hfjgszp950cpx7faz7m29ehkq6hw92a3az5a7pzpe5p98k8c4m06yty4gwk0e1qhrpfrmw7f265515yfs3vve094cg9tjeb6kmadtdq9grs8m3b958jwjx002qnhgk0beszrzv60tbjtrgj71hykk131yc1wxdas79040y3ynrr6wdx2pxqsnt8vs3s3a8ne183t5z98w1ag4skjfmgh9xa6ce1yks871vhr92v5kw9er4gqnw9yp3b05de7bmk6grg2qsrq76w0b3yscn3jxnd7bdz6t35zq955nqaxf1qntpg01xax1hjd40r2axwmfhbk7vtc0hqgqmx0667wbykawc9ntgftnc7g30fyep7vzkj1hmw6m4mdaak18wrxt9ydt82d15f83axts7&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJk5a9kWcZabzHrbHtOUPnO-muA-Q4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQIRJ-Q3hmGyPqgDAcgDAqoE8QFP0IN9aB5y50xbbPEyZYqf6MRVWn5n26EiHlf3PnXNqGuCwJuDnBi1P2NaqxXCKNnF4gIHGfPKbFYn_m3-9kYowoRoICKP9URLxoHb2TcOUEcBGsQKN5l06cFOBwV7rtsCdrOEbyhV_aY7-jhtP_01tl_XVB83m1laqUnlji1KvFWnOKYFAXXdvCiuRyL9AIdPE35tAr8aMloEMfDrH5m2lKWak-SDzgPIgPeMe4vnp8lxzHYxtVHiJt-wl0kM_07yMlAsWnA5hs37SwKH9Ht5b7y3oE2DJb6sEggfwn0yrXEn6-XqUuge_4500tXvPEj8gAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WIuArtS8zoMD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3tM7p-rqYZ-EZ37ss-yPNB9yPbGg%26client%3Dca-pub-6593523210010154%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5631005c6b0d68121ecfa27d0751f3ad19e2361140f0bd737874605a67815e1f

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src ;connect-src https:;default-src 'self';font-src ;form-action 'none';frame-src ;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src 'unsafe-inline'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8426ace81bae9a21-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:03 GMT
expires: 0
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
permissions-policy: accelerometer=(),autoplay=(self),camera=(),display-capture=(),encrypted-media=(self),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=*,local-fonts=*,magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=*,xr-spatial-tracking=()
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3AF8 1 KB
646 B 7ms
7ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 35133
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 09:13:30 GMT
etag: 48472445140208031
expires: Tue, 09 Jan 2024 09:13:30 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dc_pre=CPWQxdS8zoMDFRvpOwId91gKOQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=467024222124.1527
adservice.google.com/ddm/fls/z/ Frame E9C1 42 B
107 B 45ms
44ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CPWQxdS8zoMDFRvpOwId91gKOQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=467024222124.1527

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CPWQxdS8zoMDFRvpOwId91gKOQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=467024222124.1527?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 count
logger.virgul.com/ 0
116 B 342ms
62ms Ping
image/jpeg 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=alive&g=h&r=&o=npm_foreks::25:::vnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb&iv=&wVID=&info=&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=1/8/2024
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 08 Jan 2024 18:59:03 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

POST
H2 200 count
logger.virgul.com/ 0
116 B 341ms
61ms Ping
image/jpeg 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=alive&g=h&r=&o=npm_foreks::50:::vnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb&iv=&wVID=&info=&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=1/8/2024
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 08 Jan 2024 18:59:03 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

POST
H2 200 count
logger.virgul.com/ 0
116 B 342ms
62ms Ping
image/jpeg 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=alive&g=h&r=&o=npm_foreks::75:::vnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb&iv=&wVID=&info=&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=1/8/2024
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 08 Jan 2024 18:59:03 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

GET
H2 206 10816958-270_1-72k.mp4
istr-n14.nktcdn.com/data/videos/10816/ 759 KB
0 205ms
46ms Media
video/mp4 185.7.176.214
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://istr-n14.nktcdn.com/data/videos/10816/10816958-270_1-72k.mp4?token=UU30dcX8OSGeHc25VIAEng&ts=2064550042
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.214 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash

Request headers

Referer: https://www.foreks.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Range: bytes=0-

Response headers

access-control-allow-origin: *
Content-Range: bytes 0-15414097/15414098
date: Mon, 08 Jan 2024 18:59:03 GMT
last-modified: Tue, 02 Jan 2024 09:23:11 GMT
server: openresty/1.15.8.3
Content-Length: 15414098
content-type: video/mp4

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame BB8D 13 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 17419
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 14:08:44 GMT
expires: Tue, 07 Jan 2025 14:08:44 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame B0E6 829 B
560 B 18ms
18ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

99f3df1ac51136bd58797fd03e6e94fd94bcd07c10977de0ae0f22ce0bbe6a1e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-CSbPB87AJSugO97nTOj1uQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-CSbPB87AJSugO97nTOj1uQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:03 GMT
expires: Mon, 08 Jan 2024 18:59:03 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 025E 0
22 B 44ms
43ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B2z-D9kWcZd7HEa6T7_UP4b22oA4AAAAAOAHgBAI&bg=!k5ClkN_NAAY3kmNgF5I7ADQBe5WfOABo8a94aL6y42k42uKFmsAyvV31PRFgPgq4qAORQyQNosEb0uT5B-GfIAb6EoJdAgAAAUdSAAAAAWgBB5kDFFwJP0FASV9T5dR514IfMGidc_WHk5AEigGwR_112MjqTU4j1wA7-87R8O9-Qqi7N97CGaGG45rbE9v6W_PaIySn6iynV7CzhiMEaEtuEZBQ-R5VBJB2UQ-EoWgADzjnQelxiNcX7MQsIeIFj2Gji4aFe9yibRaZ3kNQ_hXSqoeB9kT1N6vTu4HSD73jGhvEglES1rA86sGxdfUqo-9McDwuFn4wgF9CYG-lJ4UymwNKcpb2xTnXZ4OqHo9NhU2Z2dTAdf3ztOQQRrcBtrv2EHaE-hsfyzUFDW0mWUSAOa_ALOwo3hKmIjcBVovDniYFDAUj4Pu0ATBizvjZkUrTFWp2M2W4sw5yw5zU-ozJUAjEaWVUYzw-TeKKa2TnBYBOuv_oE5NrQEzgHyiNgoxF4kpV1sNmINhJ7paSviSQ4FkNfvxeRq3EIwI1PqaDMTxMo2757T2FwtajMzWsEVMbBKHAPclRA7yzy6bAkujpOCDvT0os6aVBYbUXTW8LdJZvHSDmSVxDqdhrIOCZbfbuDupt5Bx-IJeJm8O70WIgdaF73Dz_RBoSyEXb3RqjOFJlEDmwiAT-Cdobyt55Inujbfw3FcrHFcvx8A5XcAXvj7n5n_jOS_Kkx9qgLwuATBoaNhwtzBqjNN5tqxVD-wowCBEnEFR_zr-DKMz731MjJzjpR0FRE-bX-FHx7N2gEu-BDRZD0uGrywz4Oy7CXZR5e4vOkEJnDDf6zPQaHuI4_TE7WTUlV2pC1BCp6yxAfyvOLUAOnPNFz5KYDYY235KvXVOyJIm11SdSO2qEO2fBa2Y1HLnthMRKZ-wYx2d5q_gKs8HeXUDDzQOrVmXhmRhbZbA1gNpvu-pAlA0HGI4QEShbzZ-W53eg27WK53aGUWHuIIPS8mQcnoaHz2Ds4AlEnq4AxVruVwxSlQJ47MOy6hfZXPzOTsUd4AmESODfLlg7fQG8wqBYPV1UqTDhV_bh89W79RE6RpjTu8j7-tpHNGDmiR9SNcPC_rJolvf0c5oEdj3SIVEik6pOhptr348Mt2dIUYkR

Requested by

Host: 087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
URL: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 6E44 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9c7bd44120dd3ef580e05582d06abf6646c21e9c9f43dc8ad7465f6308587056

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 3AF8
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEM2XUSEo2MmHEtogsCSQZp4&google_cver=1&google_push=AXcoOmR2eWH9UJ1BKYVtGOGv_ohJJKlj8I-7ke_PGXCEOTdtnF-bZj-tNy9r_VK4HApXXssREpkhtAgU6nXmDeSy7I_W3x75b4gcY...
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzY2NjgwODYzNjgwMTcwMTMzNA==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEM2XUSEo2MmHEtogsCSQZp4&google_cver=1

43 B
398 B

26ms
25ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEM2XUSEo2MmHEtogsCSQZp4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=3173046724&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342170&bpp=1&bdt=374&idt=246&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3215437451061&frm=24&ife=3&pv=1&ga_vid=650811357.1704740342&ga_sid=1704740342&ga_hid=479107884&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C44808398%2C31079758%2C44807406%2C95320377%2C95320870%2C95320890&oid=2&pvsid=3437858270982662&tmod=2064810646&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.8z9oe33zf6zv&fsb=1&dtd=248
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEM2XUSEo2MmHEtogsCSQZp4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 3AF8 35 B
464 B 34ms
8ms Image
image/gif 2620:116:800d:21:e365:4988:e8a7:3270
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEFkVLVJy3w_8qpfLCuXONsY&google_cver=1&google_push=AXcoOmSWoM8IVYuykhTK_fJs1Zzq52BaT8THJquEpAgHqjxZD1d_hZaxO0frj1ZyUUm33JHsUgGZPe7JSDsStUnv15Oiecj0VXLl21r4ahnrw1gQxcpusBWFJHaanJd8i6WjMipm2WMj76sj4qjBDySr4vf6Hg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:e365:4988:e8a7:3270 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:03 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 3AF8
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEFr-SWZLr_6BO8x84UGGRtg&google_cver=1&google_push=AXcoOmQylCvrarukOdde4tLncegnTk6_IdTctfXejZJgc93W_oGR3DCyxSuM7B5QAHDU2MgMOxMDeFq_fKzP1bkDUAG8NiHPqQCOu...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEFr-SWZLr_6BO8x84UGGRtg&google_cver=1&google_push=AXcoOmQylCvrarukOdde4tLncegnTk6_IdTctfXejZJgc93W_oGR3DCyxSuM7B5QAHDU2MgMOxMDeFq_fKzP1bkDUAG8NiHPqQC...

43 B
416 B

168ms
159ms

Image
image/gif

2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEFr-SWZLr_6BO8x84UGGRtg&google_cver=1&google_push=AXcoOmQylCvrarukOdde4tLncegnTk6_IdTctfXejZJgc93W_oGR3DCyxSuM7B5QAHDU2MgMOxMDeFq_fKzP1bkDUAG8NiHPqQCOuyb8ppxX37-ILdG77XzCj9T6n7EtVhDsfnCFONtERaw24HR3N673Zjj8gQo&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQylCvrarukOdde4tLncegnTk6_IdTctfXejZJgc93W_oGR3DCyxSuM7B5QAHDU2MgMOxMDeFq_fKzP1bkDUAG8NiHPqQCOuyb8ppxX37-ILdG77XzCj9T6n7EtVhDsfnCFONtERaw24HR3N673Zjj8gQo%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:03 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 8426acea8c9990ee-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:03 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 235
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEFr-SWZLr_6BO8x84UGGRtg&google_cver=1&google_push=AXcoOmQylCvrarukOdde4tLncegnTk6_IdTctfXejZJgc93W_oGR3DCyxSuM7B5QAHDU2MgMOxMDeFq_fKzP1bkDUAG8NiHPqQCOuyb8ppxX37-ILdG77XzCj9T6n7EtVhDsfnCFONtERaw24HR3N673Zjj8gQo&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQylCvrarukOdde4tLncegnTk6_IdTctfXejZJgc93W_oGR3DCyxSuM7B5QAHDU2MgMOxMDeFq_fKzP1bkDUAG8NiHPqQCOuyb8ppxX37-ILdG77XzCj9T6n7EtVhDsfnCFONtERaw24HR3N673Zjj8gQo%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 8426ace89ad290ee-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3AF8
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEITucTJSxFHPgbK-IeiagsU&google_push=AXcoOmQfwmH_v96nlx7Q1ir9JxUJezaCbXW21PSoXg9mwLmmU9ThPBvL6A...

170 B
188 B

17ms
17ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEITucTJSxFHPgbK-IeiagsU&google_push=AXcoOmQfwmH_v96nlx7Q1ir9JxUJezaCbXW21PSoXg9mwLmmU9ThPBvL6AhHioSOrvDThWsjKbedrF409-2MjNj3LQ3HgeGF1M5QFGghN1Th8MEUohYL8BE4X6Jrz2od1LIkihYQ5rWTQtnAPb3fVL5Kqkv52qw

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230095-FRA
pragma: no-cache
date: Mon, 08 Jan 2024 18:59:03 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1704740343.145535,VS0,VE99
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEITucTJSxFHPgbK-IeiagsU&google_push=AXcoOmQfwmH_v96nlx7Q1ir9JxUJezaCbXW21PSoXg9mwLmmU9ThPBvL6AhHioSOrvDThWsjKbedrF409-2MjNj3LQ3HgeGF1M5QFGghN1Th8MEUohYL8BE4X6Jrz2od1LIkihYQ5rWTQtnAPb3fVL5Kqkv52qw
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3AF8
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESECIdlXgUiWGD1e9lh6nvhcA&google_cver=1&google_push=AXcoOmTPCAkVu1kqtRKQITYzmYNQB1_r82vjll5nRbFf8t7SGeY6OHAT-evYt4eb7jZQI8z-FHVwVmwuKHcpTgBVSrcZOzmQ1VvuY9...
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=1F6381FF406F4533A81943D417B1AB84&google_push=AXcoOmTPCAkVu1kqtRKQITYzmYNQB1_r82vjll5nRbFf8t7SGeY6OHAT-evYt4eb7jZQI8z-FHVwVmwuKHcpTgB...

170 B
188 B

17ms
17ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=1F6381FF406F4533A81943D417B1AB84&google_push=AXcoOmTPCAkVu1kqtRKQITYzmYNQB1_r82vjll5nRbFf8t7SGeY6OHAT-evYt4eb7jZQI8z-FHVwVmwuKHcpTgBVSrcZOzmQ1VvuY9dIeNcqu3Q9cNot1Kzw6DlDVnRrBxhMspvy2h6TJMdelsXh53mEzRnhdkY

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 08 Jan 2024 18:59:03 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=1F6381FF406F4533A81943D417B1AB84&google_push=AXcoOmTPCAkVu1kqtRKQITYzmYNQB1_r82vjll5nRbFf8t7SGeY6OHAT-evYt4eb7jZQI8z-FHVwVmwuKHcpTgBVSrcZOzmQ1VvuY9dIeNcqu3Q9cNot1Kzw6DlDVnRrBxhMspvy2h6TJMdelsXh53mEzRnhdkY
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Sun, 07 Jan 2024 18:59:03 GMT

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 3AF8 0
187 B 68ms
12ms Image
text/plain 98.98.134.241
ZEN-ECN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEGfMOKccvcWr8Nan9kM5wfU&google_cver=1&google_push=AXcoOmR_AQ6ColFFatIPPY7SZgERuqdQbrFrebZ9S_thhiT87sqz2XoHN9puw-TwaBgqRyuTBtmmguR9K23qi4VOehZf2fVkjPzLvJXBkUDyxSttDfNa0QXPBczavArXNZHaSh2oQDaqO3gyLcYqsVMcVekvdW8
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=3173046724&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342170&bpp=1&bdt=374&idt=246&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3215437451061&frm=24&ife=3&pv=1&ga_vid=650811357.1704740342&ga_sid=1704740342&ga_hid=479107884&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C44808398%2C31079758%2C44807406%2C95320377%2C95320870%2C95320890&oid=2&pvsid=3437858270982662&tmod=2064810646&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.8z9oe33zf6zv&fsb=1&dtd=248
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 98.98.134.241 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: A /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
cache-control: max-age=0,no-cache,no-store
server: A
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3AF8
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEH16J0jD-Hn5-Oex65bykSU&google_cver=1&google_push=AXcoOmT9bM17xVlRcXjT-rLiOtgOWb9P6jXU7VZcCmQMvBR6dEcypC_ALLSkCu0j2OQnilof8Rss1Sb4xMVW2-_i...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=i2j3L1TgRagu3fMOUZ0mKQ&google_push=AXcoOmT9bM17xVlRcXjT-rLiOtgOWb9P6jXU7VZcCmQMvBR6dEcypC_ALLSkCu0j2OQnilof8Rss1Sb4xMVW2-_iip9wvBDnjACNGpu...

170 B
188 B

20ms
20ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=i2j3L1TgRagu3fMOUZ0mKQ&google_push=AXcoOmT9bM17xVlRcXjT-rLiOtgOWb9P6jXU7VZcCmQMvBR6dEcypC_ALLSkCu0j2OQnilof8Rss1Sb4xMVW2-_iip9wvBDnjACNGpu9arM3G_ZhKC9fquHAC6BzgMaGpmmUY_ZppNKRl1kNkkGnWFGTgt2k5w

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 08 Jan 2024 18:59:03 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=i2j3L1TgRagu3fMOUZ0mKQ&google_push=AXcoOmT9bM17xVlRcXjT-rLiOtgOWb9P6jXU7VZcCmQMvBR6dEcypC_ALLSkCu0j2OQnilof8Rss1Sb4xMVW2-_iip9wvBDnjACNGpu9arM3G_ZhKC9fquHAC6BzgMaGpmmUY_ZppNKRl1kNkkGnWFGTgt2k5w
x-host: tde-deliveryengine-production-5db7bf8975-7fcd9
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 3AF8 0
12 B 14ms
14ms Image
text/html 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L9suhYfmsOkLDY_6TRbPYihrLxOREVd8k1jV-SkObgEfi5Z4MQ9pfQc1oHrJSQ2C818rY6

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 3D90 17 KB
6 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 08 Jan 2024 18:59:03 GMT

GET
H2 200 default.css
as.ad4m.at/ad/style/0.1.50/one-ad/ Frame 5B3C 115 KB
14 KB 22ms
22ms Stylesheet
text/css 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.50/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1gfyksmbm2yrx3js1rn56d7bvprjc4hfjgszp950cpx7faz7m29ehkq6hw92a3az5a7pzpe5p98k8c4m06yty4gwk0e1qhrpfrmw7f265515yfs3vve094cg9tjeb6kmadtdq9grs8m3b958jwjx002qnhgk0beszrzv60tbjtrgj71hykk131yc1wxdas79040y3ynrr6wdx2pxqsnt8vs3s3a8ne183t5z98w1ag4skjfmgh9xa6ce1yks871vhr92v5kw9er4gqnw9yp3b05de7bmk6grg2qsrq76w0b3yscn3jxnd7bdz6t35zq955nqaxf1qntpg01xax1hjd40r2axwmfhbk7vtc0hqgqmx0667wbykawc9ntgftnc7g30fyep7vzkj1hmw6m4mdaak18wrxt9ydt82d15f83axts7&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJk5a9kWcZabzHrbHtOUPnO-muA-Q4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQIRJ-Q3hmGyPqgDAcgDAqoE8QFP0IN9aB5y50xbbPEyZYqf6MRVWn5n26EiHlf3PnXNqGuCwJuDnBi1P2NaqxXCKNnF4gIHGfPKbFYn_m3-9kYowoRoICKP9URLxoHb2TcOUEcBGsQKN5l06cFOBwV7rtsCdrOEbyhV_aY7-jhtP_01tl_XVB83m1laqUnlji1KvFWnOKYFAXXdvCiuRyL9AIdPE35tAr8aMloEMfDrH5m2lKWak-SDzgPIgPeMe4vnp8lxzHYxtVHiJt-wl0kM_07yMlAsWnA5hs37SwKH9Ht5b7y3oE2DJb6sEggfwn0yrXEn6-XqUuge_4500tXvPEj8gAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WIuArtS8zoMD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3tM7p-rqYZ-EZ37ss-yPNB9yPbGg%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f5a0db09b2c7d59fce00d749f6b857d80edafcca6897c038c5b77fb942f1393

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1gfyksmbm2yrx3js1rn56d7bvprjc4hfjgszp950cpx7faz7m29ehkq6hw92a3az5a7pzpe5p98k8c4m06yty4gwk0e1qhrpfrmw7f265515yfs3vve094cg9tjeb6kmadtdq9grs8m3b958jwjx002qnhgk0beszrzv60tbjtrgj71hykk131yc1wxdas79040y3ynrr6wdx2pxqsnt8vs3s3a8ne183t5z98w1ag4skjfmgh9xa6ce1yks871vhr92v5kw9er4gqnw9yp3b05de7bmk6grg2qsrq76w0b3yscn3jxnd7bdz6t35zq955nqaxf1qntpg01xax1hjd40r2axwmfhbk7vtc0hqgqmx0667wbykawc9ntgftnc7g30fyep7vzkj1hmw6m4mdaak18wrxt9ydt82d15f83axts7&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJk5a9kWcZabzHrbHtOUPnO-muA-Q4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQIRJ-Q3hmGyPqgDAcgDAqoE8QFP0IN9aB5y50xbbPEyZYqf6MRVWn5n26EiHlf3PnXNqGuCwJuDnBi1P2NaqxXCKNnF4gIHGfPKbFYn_m3-9kYowoRoICKP9URLxoHb2TcOUEcBGsQKN5l06cFOBwV7rtsCdrOEbyhV_aY7-jhtP_01tl_XVB83m1laqUnlji1KvFWnOKYFAXXdvCiuRyL9AIdPE35tAr8aMloEMfDrH5m2lKWak-SDzgPIgPeMe4vnp8lxzHYxtVHiJt-wl0kM_07yMlAsWnA5hs37SwKH9Ht5b7y3oE2DJb6sEggfwn0yrXEn6-XqUuge_4500tXvPEj8gAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WIuArtS8zoMD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3tM7p-rqYZ-EZ37ss-yPNB9yPbGg%26client%3Dca-pub-6593523210010154%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2308162
cf-polished: origSize=118430
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 02 Nov 2023 10:26:17 GMT
server: cloudflare
etag: W/"486507ccce9ac587d11c0ef3f32a109a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PPqa7vioaLygEmtotai9LIPcAdt7yGEYg7389awa8v%2Bp3e0N%2BTCCW9BT3pvPC3dJ0qqNFf81UezSyGp32tTzD3A%2BWDtCIln4MoiWH8WMF%2BMMUG50qcDwfhCgEBxP56%2FeTuJ4NTFVa7A%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=86400
cf-ray: 8426ace87c209a21-FRA
expires: Tue, 09 Jan 2024 18:59:03 GMT

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame 5B3C 24 KB
10 KB 24ms
17ms Script
application/javascript 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1gfyksmbm2yrx3js1rn56d7bvprjc4hfjgszp950cpx7faz7m29ehkq6hw92a3az5a7pzpe5p98k8c4m06yty4gwk0e1qhrpfrmw7f265515yfs3vve094cg9tjeb6kmadtdq9grs8m3b958jwjx002qnhgk0beszrzv60tbjtrgj71hykk131yc1wxdas79040y3ynrr6wdx2pxqsnt8vs3s3a8ne183t5z98w1ag4skjfmgh9xa6ce1yks871vhr92v5kw9er4gqnw9yp3b05de7bmk6grg2qsrq76w0b3yscn3jxnd7bdz6t35zq955nqaxf1qntpg01xax1hjd40r2axwmfhbk7vtc0hqgqmx0667wbykawc9ntgftnc7g30fyep7vzkj1hmw6m4mdaak18wrxt9ydt82d15f83axts7&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJk5a9kWcZabzHrbHtOUPnO-muA-Q4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQIRJ-Q3hmGyPqgDAcgDAqoE8QFP0IN9aB5y50xbbPEyZYqf6MRVWn5n26EiHlf3PnXNqGuCwJuDnBi1P2NaqxXCKNnF4gIHGfPKbFYn_m3-9kYowoRoICKP9URLxoHb2TcOUEcBGsQKN5l06cFOBwV7rtsCdrOEbyhV_aY7-jhtP_01tl_XVB83m1laqUnlji1KvFWnOKYFAXXdvCiuRyL9AIdPE35tAr8aMloEMfDrH5m2lKWak-SDzgPIgPeMe4vnp8lxzHYxtVHiJt-wl0kM_07yMlAsWnA5hs37SwKH9Ht5b7y3oE2DJb6sEggfwn0yrXEn6-XqUuge_4500tXvPEj8gAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WIuArtS8zoMD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3tM7p-rqYZ-EZ37ss-yPNB9yPbGg%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e688c863b85a28f75e5c1c7f21092f1f419649e10496f9f1fc36826112bbd348

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 29 Nov 2023 09:14:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 467051
etag: W/"aa3e81d21ff1f0e18f4862e53a794952"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uHGvwrGIrCrjxYMUbd6mG4kqUmMwq8YmFfSk%2FfY3mcyy4m44OS%2BdOrx%2Fwjk0GCRjZWKKSlezqYMes3wYpdXmf2lhKdCQ5xQkaCJZWxDEKS%2BVNPvnSeDG5w3EnJamQYd1S5DQSYc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 8426ace88c269a21-FRA
alt-svc: h3=":443"; ma=86400
expires: Wed, 27 Dec 2023 09:17:16 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame B0E6 0
0 41ms
41ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240104&jk=3672836851977151&rc=
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H3 200 MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js Show response
pagead2.googlesyndication.com/bg/ Frame BB8D 39 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 20:52:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 338806
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15229
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 03 Jan 2025 20:52:17 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2D7F 0
0 46ms
46ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstjWE6vkebzCWQRyZCO44itKDCzaYHd_LS5W1py5oihxMc3riM6SOplBYVSdUXuiGaJ9-Ei7TmmGKqiaWz8hYeNtMZKyFRo9pdAyeukyx9Sch_SgBMx0BFSbTTIOsA32A5x9bXjdS8pFjul1sXBKjZKDX5V3Tii2zjgHUwfxd3sTKnzRySQLssnvu7BNJL5-K0Z_mJwZuyy6yfYceYCXJ7xoalkOSwomqsnHKFiOKrt3YxnyPt4Kv7xq-vALtxaDP04Qa9NRabSVwvrRn4i2zE33lpMww2P-Wd6kIYioSD8ck7zbkUMdVGLP67w0tlgIMPst3C2GrwrIqQY7ZmnZbN0vxXmJDDCYpj_wDF0VrENgAks4U3eQ37Le_ZHInmFiw&sai=AMfl-YTPFwI99vwkY63tftUAp487xZMeRu_APeiUkQf-fFYAnlxB8P2kUluQDgU7qE6bTaHYH-MMmqZ46ToSL8OJV8p7EBAMfIIZD9GBSYzPWdvS1MDZepDpCdt7V4L_jw6fkcft4wIoYOieroTPajQOvzLIPOVGZtObs1TlWRoGizueoYZd&sig=Cg0ArKJSzGLag2Yn-AFrEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 08 Jan 2024 18:59:03 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2D7F 16 KB
12 KB 54ms
54ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240103&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

62f301f757bfab2416d25ec18004760040836ed33d85e2229235fd0a1549881c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12314
x-xss-protection: 0

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame 5B3C 350 B
912 B 94ms
61ms Image
image/png 2606:4700:20::ac43:444e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.50/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:444e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d41dc07aed30cb54de661289691254b1288a52bcf4d121cec3acb89d4aa872a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3433400
alt-svc: h3=":443"; ma=86400
content-length: 350
last-modified: Mon, 20 Nov 2023 11:04:04 GMT
server: cloudflare
etag: "e7fc49b61cae983db8c3a1dccf923b93"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wUlOUOhibo%2FPC%2BJJtd7iVi2ngwDPKTESd6plM8CTF4RmFnH6YoGqvNBFaqPEj%2BAlr656mV8rDOpx2fzYVlSJy%2FOycXhuM0mGVfUuc7W%2BEQNr5bv9vqicXeb2%2FaBmVEDN55D51xD3Y3aZaQWY4NcmC4zF"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 8426ace91c55bb4d-FRA
expires: Fri, 29 Nov 2024 01:15:43 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 83DF 13 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 17419
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 14:08:44 GMT
expires: Tue, 07 Jan 2025 14:08:44 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 1463 829 B
560 B 16ms
15ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8a5c7336a035dea60047189aee17a650847af6b9576f8985a1fe6b5da4098bbd

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ikPUxU_vOJIff7F6x_-DcQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-ikPUxU_vOJIff7F6x_-DcQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:03 GMT
expires: Mon, 08 Jan 2024 18:59:03 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 cookie-frame.html Show response
ad4m.at/ Frame 149C 2 KB
2 KB 20ms
20ms Document
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/cookie-frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0db16c25165bfd35ea9114187f3e97d7084a33135cb56fe276f6cdd2ab675647

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 876948
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=86400, stale-if-error=86400
cf-cache-status: HIT
cf-ray: 8426ace8fb109b67-FRA
content-encoding: br
content-language: en
content-type: text/html
date: Mon, 08 Jan 2024 18:59:03 GMT
expires: Wed, 29 Nov 2023 11:19:10 GMT
last-modified: Tue, 28 Nov 2023 11:49:55 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mizDjoklLaejweTOdNh76OMBylB1tzAO0m19s%2BCiF5s7HQgZHAJGnuWFDBihg83U2PucYQWb7IMvaJ1HM82wxlnMIdsl%2B1jGUwdQBOnxXXaMsVM8ceX5A%2BCrLfVbcO5MR4HF4%2FY%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 64f0a04de4b0a5353b11e8c6
ng2.virgul.com/tck/imp/ 0
213 B 55ms
54ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/64f0a04de4b0a5353b11e8c6?g=1&t=gb&r=158735@site_geneli@foreks:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1&info=&mt=1704740340252&userId=vnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: https://www.foreks.com
date: Mon, 08 Jan 2024 18:59:03 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2D7F 17 KB
6 KB 48ms
48ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 08 Jan 2024 18:59:03 GMT

GET
H3 200 MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js Show response
pagead2.googlesyndication.com/bg/ Frame 83DF 39 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 20:52:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 338806
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15229
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 03 Jan 2025 20:52:17 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame BB8D 0
10 B 6ms
6ms Image
text/plain 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?6WQSQw
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1463 0
0 41ms
41ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240103&jk=3522548824508111&rc=
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 6E44 0
19 B 50ms
49ms Image
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CcmB39kWcZabzHrbHtOUPnO-muA-Q4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQIRJ-Q3hmGyPqgDAcgDAqoE7gFP0IN9aB5y50xbbPEyZYqf6MRVWn5n26EiHlf3PnXNqGuCwJuDnBi1P2NaqxXCKNnF4gIHGfPKbFYn_m3-9kYowoRoICKP9URLxoHb2TcOUEcBGsQKN5l06cFOBwV7rtsCdrOEbyhV_aY7-jhtP_01tl_XVB83m1laqUnlji1KvFWnOKYFAXXdvCiuRyL9AIdPE35tAr8aMloEMfDrH5m2lKWak-SDzgPIgPeMe4vnp8lxzHYxtVHiJt-wl0kM_07yMlAsWnA5ho_5apBQDfw5pzv_NpfKt0yVBgKyyFMqcPHloncSxvYy51uoTZUngAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WIuArtS8zoMDgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTY1OTM1MjMyMTAwMTAxNTQYAA&sigh=4dVsbJAdmcs&uach_m=%5BUACH%5D&cid=CAQSPAAvHhf_ziHMiMGW6Rqo-RW4pnHxWm90CW_rUTkOPQOxYiQpnWHRuczdBU-4o5_u-FWEzxJvAEAwk3auPhgB&cbvp=2&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=3173046724&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342170&bpp=1&bdt=374&idt=246&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3215437451061&frm=24&ife=3&pv=1&ga_vid=650811357.1704740342&ga_sid=1704740342&ga_hid=479107884&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C44808398%2C31079758%2C44807406%2C95320377%2C95320870%2C95320890&oid=2&pvsid=3437858270982662&tmod=2064810646&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.8z9oe33zf6zv&fsb=1&dtd=248
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 08 Jan 2024 18:59:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame 6E44 0
103 B 42ms
17ms Image
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1jd4dnhz0px70vag49w8t53cv2b9m21cfq2fcchc1ma093x0ne0eg7g6ahft1c53ygm2b816dxdgrgag4zt0ehybzktk97hc6xvgcrw73d652sz39cpy54ndxvy8rmv3btajf14p85btchyheaa6c89vsft3fgb7a9fey6f4grvcq088ga58j6a83d00ph0dj1d0mp0x0thwy94yn3g6w830ws71gjjh8k5wjns5knkyjejwck8jsmen74mwny44ezkkp809857t5z5hj9wwq7c1zn8xv46nzdxzsjhgctkvtx67bjkaev2s0kbtrn5anb2kck7aha9pgz1p4t4r7b8yvdqgctv2g9kgeaftcp5nmef542s8vp6vc0md3wz2ykbh3m33n8&b=ZZxF9gAHuaYGrSO2AAm3nMg_y4ekpAjriz1Q7w&cbvp=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=3173046724&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342170&bpp=1&bdt=374&idt=246&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3215437451061&frm=24&ife=3&pv=1&ga_vid=650811357.1704740342&ga_sid=1704740342&ga_hid=479107884&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C44808398%2C31079758%2C44807406%2C95320377%2C95320870%2C95320890&oid=2&pvsid=3437858270982662&tmod=2064810646&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.8z9oe33zf6zv&fsb=1&dtd=248
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 08 Jan 2024 18:59:03 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 49ms
39ms Preflight
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://as.ad4m.at
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8426ace9cd456ae1-FRA
content-length: 24
content-type: text/plain
date: Mon, 08 Jan 2024 18:59:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=li3BmTtQ34YBjni0hkDB8MRaW0eDgQI6ThoSjtxirzHRVItiSFLvPmUX1TWkTPboCemBfOsG0zvBQEhBhDFlDmbV%2B%2FPSaFFNRxrmhWiUDPkm4t5SG3NUiQdpI5fpHpiL27rT66c%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-7gmt

POST
H3 200 rs Show response
ad4m.at/ Frame 5B3C 1 KB
1 KB 32ms
32ms XHR
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 397564ddb8d28e50f8855e407fbb2b2090170ad182898bf7ded99a93003dfecc

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X1SJrjx88ncJuekfxGA7rEvb0T6vGZniE59uIY8Dg8ba%2BEeSqqLct1gdfkTLfDDhz2L%2FFtPK0PHNOPgWaGSaWL1ib%2FO1ApajgviZeDT%2F5I5dF90aqX6ZFrE9Td2DVTvAxYdwAds%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
cf-ray: 8426acea0da26ae1-FRA
x-backend-server: aa-reachservice-group-europe-west1-7gmt
alt-svc: h3=":443"; ma=86400

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4CAD 42 B
64 B 46ms
46ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvSfa4vg84ErW0M_qQxk1t9iINnE2nyDrCddIy-Nuy3Qp1RR5CpDsEn9CPH7CNgmquME6mXO8h5dKlmx8TNevNNAdZ-N_qQUnkDUUThh9M7oy2NHWPDqYhnugo_7ctM8ksEz9wiWvCC1AweN1t4PJpMYKg0&sai=AMfl-YQ4xva1JFEu3WgrNzwqj4b9tooFTOjbqg_zQrWhedFp6a1dztLFI8p8qM7oxFaWHwjqIyjK3WHlpZGPuZE0tyfru1LRSm3wHsBXMxte6HbSlvkCz0gxD94E7ySAZkSz2o8Tw7aDLHIE1P86j2_His6QJLhs5U3tiosukFF7G6kz&sig=Cg0ArKJSzG-8QWfmZpoHEAE&cid=CAQSYAAvHhf_VH5F01ClzlFrqZbicmJkriaRs4uGiEMVfthrjh_02VsiiBoK6cZSVaI-7ouWiCj6BaMGohPUgXWrwgZDI-KMlWxvmOadD-5YlmB7Yg2k6k3i6Se0UYdHg6RQzRgB&id=lidar2&mcvt=1005&p=273,315,523,1285&mtos=1005,1005,1005,1005,1005&tos=1005,0,0,0,0&v=20240103&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1593130247&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1704740342031&rpt=290&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2DFE 42 B
64 B 44ms
44ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst2nak10nvcZhTOVaklL1LzTkVT-liUVDMS7rXu9M6r4Hz8G3gAfEiYWmRzJwgEltHcQ6ccEbxmOYbZGCtY4H36ydnGoM3g0CQeOGME55P1dr1xrWNOaKw-ZEChMuGKRGhmIMU2Ye2phycqVDSVgv-MKIfn&sai=AMfl-YQkcaeRiapRsgL3BzdTHiLSgPwUgi4u2BR0kds9Vf8lR_cRx2TIyBY7v1GYe28RC1G1hkIwCYc9xkyfdXD35YapYpqAysmqE0-jIhOMuWY2nqVgAhnmMkfShbFLMP_tGmmbYpxJEmq0epF_cTIlhyBX4_aUUHpe4SIkFsKpl9U9&sig=Cg0ArKJSzLmhLu5L3SBrEAE&cid=CAQSYAAvHhf_EmuEq1E6T18BgESM5ZmwxwYs_pA_BOhyYQulrSi7Jxl9drLeoHzOfZb_EqCIg_6m6Fgw6Nd2qbua9YU2kv1mV005TDZsVh8gRgyr8JHh3tvpdMwZ0mp34_8ycBgB&id=lidar2&mcvt=1007&p=947,1142,1197,1442&mtos=1007,1007,1007,1007,1007&tos=1007,0,0,0,0&v=20240103&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2254628106&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1704740341946&rpt=354&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame B14B 13 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 17419
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 14:08:44 GMT
expires: Tue, 07 Jan 2025 14:08:44 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame B426 829 B
560 B 16ms
16ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8b1a47296ff93be8ba9e8d86de1f98a1c2f254d9ca8f06856dd099405b2f2963

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-PYCD9CUEsPd2EyiQeNDCKQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-PYCD9CUEsPd2EyiQeNDCKQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:03 GMT
expires: Mon, 08 Jan 2024 18:59:03 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2CD8 0
0 44ms
44ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstgaMamgqr9jChzuMxjQcdFyT8H5BkBR9IjqsulcYxRMuCFoLu3tOAVl6PRidiTAd1XNaSHgqzHoYJxTH7Sh2YKQkYd__F_NCPrKv-tCba3QsjxAtGu2QOcdNvjcLEqQaWpg6MZXLF9a5xLALohHZAwNsm3ug5RFjkl22EIoPVDDINnPZ9EJluPut-F32gdSwxZSS_-Oa_1iDU6CvBewGzZR9mMiK3OvFPT8JeU00XxEKlDuq--cgR7N6CutFKQAwUmKVQxWZP37bc0KewH6M4VAnYt4erx1UDB7pBrQMs50E5Wd5GiIIJmbCCBCf50rqrGUNLDP3D9212CAajkxptuyzJ8slWKEyN5O8bU6QeekTNopcbjXGoP6TNDVLWm8w&sai=AMfl-YRuFgUmWHYV5vFjZJUhOSTLTsFS_cpVas92z_bTpOFfab7w6bEHhAHPHPNM49Dq9wlSXRFfSb9IxnV-hj2LjAnkzZQNfdpAUF-BRSBZmk7Xtg5T1anxVsOStKCxdF_EMke-KtCwCUepOvx50MM4GSRBIurK0yk5N1T_aqoUU75Xfr8c&sig=Cg0ArKJSzKxQAIKZM3KDEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 08 Jan 2024 18:59:03 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2CD8 16 KB
12 KB 54ms
54ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240103&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1197634b865ab89b27d6a8530503cd2f0132de9353e3a80f585b255bc51a7693

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12099
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2CD8 17 KB
6 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 08 Jan 2024 18:59:03 GMT

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame F27A 3 KB
3 KB 30ms
30ms Document
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=34719&b=ZxJfwfBfmJpsmHDHDt3tP8Zc6SXTx3qa27&f=9jeTMfmfr19cKHBH2tzCJK9S9SmTZY2TeE&c=320&d=50&e=&g=4f4e9a30dfb50dfa0ca9477b966b052d%2F12984422370548541923&i=26474&j=41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1704740343367&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1gs2yyad2ehdq487me54785xbgkm979bh8g2xsf5fstxb25ve3wv3bjyj6xyg4jm60wene6vq1nbsx74f8qkkcr49831hwehm5v3ft1rne0a21p2bf5c45yjey85dj90q3ft21173zz46aq6d7etdktc10hzvfw0j2n5z03z7att300sarfm37t5jaz1j3sf8mj1xkwbfkb18afa77t9prtwakt8bb8kax3yd89vea1ekmj65nfwc2g6826z7pv94qhxnhcsf30vk9yq72gg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJk5a9kWcZabzHrbHtOUPnO-muA-Q4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQIRJ-Q3hmGyPqgDAcgDAqoE8QFP0IN9aB5y50xbbPEyZYqf6MRVWn5n26EiHlf3PnXNqGuCwJuDnBi1P2NaqxXCKNnF4gIHGfPKbFYn_m3-9kYowoRoICKP9URLxoHb2TcOUEcBGsQKN5l06cFOBwV7rtsCdrOEbyhV_aY7-jhtP_01tl_XVB83m1laqUnlji1KvFWnOKYFAXXdvCiuRyL9AIdPE35tAr8aMloEMfDrH5m2lKWak-SDzgPIgPeMe4vnp8lxzHYxtVHiJt-wl0kM_07yMlAsWnA5hs37SwKH9Ht5b7y3oE2DJb6sEggfwn0yrXEn6-XqUuge_4500tXvPEj8gAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WIuArtS8zoMD-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3tM7p-rqYZ-EZ37ss-yPNB9yPbGg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0803c396ae54dcd94d33e01b0ce341daa6f0c2e09451221a21ab2dc4671eed43

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src ;connect-src https:;default-src 'self';font-src ;form-action 'none';frame-src ;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src 'unsafe-inline'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/dr?ed=1gfyksmbm2yrx3js1rn56d7bvprjc4hfjgszp950cpx7faz7m29ehkq6hw92a3az5a7pzpe5p98k8c4m06yty4gwk0e1qhrpfrmw7f265515yfs3vve094cg9tjeb6kmadtdq9grs8m3b958jwjx002qnhgk0beszrzv60tbjtrgj71hykk131yc1wxdas79040y3ynrr6wdx2pxqsnt8vs3s3a8ne183t5z98w1ag4skjfmgh9xa6ce1yks871vhr92v5kw9er4gqnw9yp3b05de7bmk6grg2qsrq76w0b3yscn3jxnd7bdz6t35zq955nqaxf1qntpg01xax1hjd40r2axwmfhbk7vtc0hqgqmx0667wbykawc9ntgftnc7g30fyep7vzkj1hmw6m4mdaak18wrxt9ydt82d15f83axts7&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCJk5a9kWcZabzHrbHtOUPnO-muA-Q4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQIRJ-Q3hmGyPqgDAcgDAqoE8QFP0IN9aB5y50xbbPEyZYqf6MRVWn5n26EiHlf3PnXNqGuCwJuDnBi1P2NaqxXCKNnF4gIHGfPKbFYn_m3-9kYowoRoICKP9URLxoHb2TcOUEcBGsQKN5l06cFOBwV7rtsCdrOEbyhV_aY7-jhtP_01tl_XVB83m1laqUnlji1KvFWnOKYFAXXdvCiuRyL9AIdPE35tAr8aMloEMfDrH5m2lKWak-SDzgPIgPeMe4vnp8lxzHYxtVHiJt-wl0kM_07yMlAsWnA5hs37SwKH9Ht5b7y3oE2DJb6sEggfwn0yrXEn6-XqUuge_4500tXvPEj8gAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WIuArtS8zoMD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3tM7p-rqYZ-EZ37ss-yPNB9yPbGg%26client%3Dca-pub-6593523210010154%26adurl%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8426acea4c4a9b67-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:03 GMT
expires: 0
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
permissions-policy: accelerometer=(),autoplay=(self),camera=(),display-capture=(),encrypted-media=(self),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=*,local-fonts=*,magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=*,xr-spatial-tracking=()
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H2 200 64633daae4b0e20873d6f248
ng.virgul.com/tck/i_vb2/ 0
213 B 52ms
52ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/64633daae4b0e20873d6f248?l=&r=158528@site_geneli@foreks:site_geneli&cs=1704740343414&userId=vnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: https://www.foreks.com
date: Mon, 08 Jan 2024 18:59:03 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame B14B 39 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 14:08:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17419
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 14:08:44 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame B426 0
0 41ms
40ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240103&jk=3985455299172220&rc=
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 83DF 0
10 B 6ms
6ms Image
text/plain 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?NyYP0w
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.50/one-ad/ Frame F27A 115 KB
14 KB 21ms
21ms Stylesheet
text/css 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.50/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=34719&b=ZxJfwfBfmJpsmHDHDt3tP8Zc6SXTx3qa27&f=9jeTMfmfr19cKHBH2tzCJK9S9SmTZY2TeE&c=320&d=50&e=&g=4f4e9a30dfb50dfa0ca9477b966b052d%2F12984422370548541923&i=26474&j=41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1704740343367&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1gs2yyad2ehdq487me54785xbgkm979bh8g2xsf5fstxb25ve3wv3bjyj6xyg4jm60wene6vq1nbsx74f8qkkcr49831hwehm5v3ft1rne0a21p2bf5c45yjey85dj90q3ft21173zz46aq6d7etdktc10hzvfw0j2n5z03z7att300sarfm37t5jaz1j3sf8mj1xkwbfkb18afa77t9prtwakt8bb8kax3yd89vea1ekmj65nfwc2g6826z7pv94qhxnhcsf30vk9yq72gg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJk5a9kWcZabzHrbHtOUPnO-muA-Q4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQIRJ-Q3hmGyPqgDAcgDAqoE8QFP0IN9aB5y50xbbPEyZYqf6MRVWn5n26EiHlf3PnXNqGuCwJuDnBi1P2NaqxXCKNnF4gIHGfPKbFYn_m3-9kYowoRoICKP9URLxoHb2TcOUEcBGsQKN5l06cFOBwV7rtsCdrOEbyhV_aY7-jhtP_01tl_XVB83m1laqUnlji1KvFWnOKYFAXXdvCiuRyL9AIdPE35tAr8aMloEMfDrH5m2lKWak-SDzgPIgPeMe4vnp8lxzHYxtVHiJt-wl0kM_07yMlAsWnA5hs37SwKH9Ht5b7y3oE2DJb6sEggfwn0yrXEn6-XqUuge_4500tXvPEj8gAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WIuArtS8zoMD-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3tM7p-rqYZ-EZ37ss-yPNB9yPbGg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f5a0db09b2c7d59fce00d749f6b857d80edafcca6897c038c5b77fb942f1393

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=34719&b=ZxJfwfBfmJpsmHDHDt3tP8Zc6SXTx3qa27&f=9jeTMfmfr19cKHBH2tzCJK9S9SmTZY2TeE&c=320&d=50&e=&g=4f4e9a30dfb50dfa0ca9477b966b052d%2F12984422370548541923&i=26474&j=41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1704740343367&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1gs2yyad2ehdq487me54785xbgkm979bh8g2xsf5fstxb25ve3wv3bjyj6xyg4jm60wene6vq1nbsx74f8qkkcr49831hwehm5v3ft1rne0a21p2bf5c45yjey85dj90q3ft21173zz46aq6d7etdktc10hzvfw0j2n5z03z7att300sarfm37t5jaz1j3sf8mj1xkwbfkb18afa77t9prtwakt8bb8kax3yd89vea1ekmj65nfwc2g6826z7pv94qhxnhcsf30vk9yq72gg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJk5a9kWcZabzHrbHtOUPnO-muA-Q4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQIRJ-Q3hmGyPqgDAcgDAqoE8QFP0IN9aB5y50xbbPEyZYqf6MRVWn5n26EiHlf3PnXNqGuCwJuDnBi1P2NaqxXCKNnF4gIHGfPKbFYn_m3-9kYowoRoICKP9URLxoHb2TcOUEcBGsQKN5l06cFOBwV7rtsCdrOEbyhV_aY7-jhtP_01tl_XVB83m1laqUnlji1KvFWnOKYFAXXdvCiuRyL9AIdPE35tAr8aMloEMfDrH5m2lKWak-SDzgPIgPeMe4vnp8lxzHYxtVHiJt-wl0kM_07yMlAsWnA5hs37SwKH9Ht5b7y3oE2DJb6sEggfwn0yrXEn6-XqUuge_4500tXvPEj8gAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WIuArtS8zoMD-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3tM7p-rqYZ-EZ37ss-yPNB9yPbGg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2038504
cf-polished: origSize=118430
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 02 Nov 2023 10:26:17 GMT
server: cloudflare
etag: W/"486507ccce9ac587d11c0ef3f32a109a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VzKVROicyL%2Bnr9XG2BRD9FIZTB9kQSf4atrsgo7gwCWImZUxuaraFui3%2B29%2F7CID2M%2BWYC1gFxUSK87aEOy%2FOLGuLyuH%2FoozoorqNJZB8HPhBmUW81C1LyCznHv4rN8UpdjTgFWV5Dg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=86400
cf-ray: 8426acea8c899b67-FRA
expires: Tue, 09 Jan 2024 18:59:03 GMT

GET
H2 200 E622BC9BD82AE6F51E341CE5BBC00C7BCEF1113266FC86A7954D357A123D68059FD32592A221C64F87EEABAF18D4698D5388E6B9CA984D807BB6BB7E4D07744E
assets.ad4m.at/logo/ Frame F27A 9 KB
9 KB 38ms
29ms Image
image/jpeg 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/E622BC9BD82AE6F51E341CE5BBC00C7BCEF1113266FC86A7954D357A123D68059FD32592A221C64F87EEABAF18D4698D5388E6B9CA984D807BB6BB7E4D07744E
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=34719&b=ZxJfwfBfmJpsmHDHDt3tP8Zc6SXTx3qa27&f=9jeTMfmfr19cKHBH2tzCJK9S9SmTZY2TeE&c=320&d=50&e=&g=4f4e9a30dfb50dfa0ca9477b966b052d%2F12984422370548541923&i=26474&j=41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1704740343367&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1gs2yyad2ehdq487me54785xbgkm979bh8g2xsf5fstxb25ve3wv3bjyj6xyg4jm60wene6vq1nbsx74f8qkkcr49831hwehm5v3ft1rne0a21p2bf5c45yjey85dj90q3ft21173zz46aq6d7etdktc10hzvfw0j2n5z03z7att300sarfm37t5jaz1j3sf8mj1xkwbfkb18afa77t9prtwakt8bb8kax3yd89vea1ekmj65nfwc2g6826z7pv94qhxnhcsf30vk9yq72gg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJk5a9kWcZabzHrbHtOUPnO-muA-Q4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQIRJ-Q3hmGyPqgDAcgDAqoE8QFP0IN9aB5y50xbbPEyZYqf6MRVWn5n26EiHlf3PnXNqGuCwJuDnBi1P2NaqxXCKNnF4gIHGfPKbFYn_m3-9kYowoRoICKP9URLxoHb2TcOUEcBGsQKN5l06cFOBwV7rtsCdrOEbyhV_aY7-jhtP_01tl_XVB83m1laqUnlji1KvFWnOKYFAXXdvCiuRyL9AIdPE35tAr8aMloEMfDrH5m2lKWak-SDzgPIgPeMe4vnp8lxzHYxtVHiJt-wl0kM_07yMlAsWnA5hs37SwKH9Ht5b7y3oE2DJb6sEggfwn0yrXEn6-XqUuge_4500tXvPEj8gAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WIuArtS8zoMD-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3tM7p-rqYZ-EZ37ss-yPNB9yPbGg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a58de8d9c7b24b39cfd318f36cf8ac8e2eb491829df30979155028a448fa254

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3345106
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 8772
cf-bgj: imgq:85,h2pri
last-modified: Thu, 09 Nov 2023 08:13:38 GMT
server: cloudflare
etag: "15b1f39d668aa86c2ba2ba17d94cc733"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dctklCXTw9fr0US9qDhKAq98GAFQGgpWsvypxmDZSf4fEh74syzYX5CdhDC08TPU3V%2BmYMRBeRcxG2%2Bh6IB02xbyePw9JyA1nf%2F6eYs%2Bdl9%2FVujE5vfHcjhuERXcEDOSZaqBUi8CQDJmlfx1"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 8426acea9e699a21-FRA

GET
H2 200 2A409C956034279942BB00C734EEBA96A30BFA66974E50A0A1FCCC37F0E29F63CDE4339A721079F3863F9D3A2D1FC91B69CE99DD1EDFB0C05A709324F55DF63A
assets.ad4m.at/ Frame F27A 32 KB
33 KB 34ms
25ms Image
image/jpeg 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/2A409C956034279942BB00C734EEBA96A30BFA66974E50A0A1FCCC37F0E29F63CDE4339A721079F3863F9D3A2D1FC91B69CE99DD1EDFB0C05A709324F55DF63A
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=34719&b=ZxJfwfBfmJpsmHDHDt3tP8Zc6SXTx3qa27&f=9jeTMfmfr19cKHBH2tzCJK9S9SmTZY2TeE&c=320&d=50&e=&g=4f4e9a30dfb50dfa0ca9477b966b052d%2F12984422370548541923&i=26474&j=41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1704740343367&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1gs2yyad2ehdq487me54785xbgkm979bh8g2xsf5fstxb25ve3wv3bjyj6xyg4jm60wene6vq1nbsx74f8qkkcr49831hwehm5v3ft1rne0a21p2bf5c45yjey85dj90q3ft21173zz46aq6d7etdktc10hzvfw0j2n5z03z7att300sarfm37t5jaz1j3sf8mj1xkwbfkb18afa77t9prtwakt8bb8kax3yd89vea1ekmj65nfwc2g6826z7pv94qhxnhcsf30vk9yq72gg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJk5a9kWcZabzHrbHtOUPnO-muA-Q4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQIRJ-Q3hmGyPqgDAcgDAqoE8QFP0IN9aB5y50xbbPEyZYqf6MRVWn5n26EiHlf3PnXNqGuCwJuDnBi1P2NaqxXCKNnF4gIHGfPKbFYn_m3-9kYowoRoICKP9URLxoHb2TcOUEcBGsQKN5l06cFOBwV7rtsCdrOEbyhV_aY7-jhtP_01tl_XVB83m1laqUnlji1KvFWnOKYFAXXdvCiuRyL9AIdPE35tAr8aMloEMfDrH5m2lKWak-SDzgPIgPeMe4vnp8lxzHYxtVHiJt-wl0kM_07yMlAsWnA5hs37SwKH9Ht5b7y3oE2DJb6sEggfwn0yrXEn6-XqUuge_4500tXvPEj8gAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WIuArtS8zoMD-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3tM7p-rqYZ-EZ37ss-yPNB9yPbGg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e23b6f4539643a37f0d615a630a76fc48571ebb8b0a9219ad38b4827a60ee18c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4966345
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 33043
cf-bgj: imgq:85,h2pri
last-modified: Thu, 09 Nov 2023 08:07:19 GMT
server: cloudflare
etag: "4248eb804269666620fb86952a326d7e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PL87zM09YUriVCQlNmfFrrCpFUcVDvfgxN2E6MaauXNUjGEp11QOn%2BV4lHDABH3%2FYjVnqppgETk3Rntfy9weULukUD%2FFbYoIQfsbKep531kwQ6MrJT8SAfvZglK9V5ZeI3EKVc88%2FPsTDJ7L"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 8426acea9e6c9a21-FRA

GET
H2 200 2aed39855b5f46b7651ba591340f258c
pv.medialead.de/trck/epv/ Frame F27A 0
327 B 63ms
20ms Image
application/javascript 91.121.248.44
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pv.medialead.de/trck/epv/2aed39855b5f46b7651ba591340f258c?t=htlp&subid=wkzMotivBoneidZxJfwfBfmJpsmHDHDt3tP8Zc6SXTx3qa27oneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=34719&b=ZxJfwfBfmJpsmHDHDt3tP8Zc6SXTx3qa27&f=9jeTMfmfr19cKHBH2tzCJK9S9SmTZY2TeE&c=320&d=50&e=&g=4f4e9a30dfb50dfa0ca9477b966b052d%2F12984422370548541923&i=26474&j=41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1704740343367&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1gs2yyad2ehdq487me54785xbgkm979bh8g2xsf5fstxb25ve3wv3bjyj6xyg4jm60wene6vq1nbsx74f8qkkcr49831hwehm5v3ft1rne0a21p2bf5c45yjey85dj90q3ft21173zz46aq6d7etdktc10hzvfw0j2n5z03z7att300sarfm37t5jaz1j3sf8mj1xkwbfkb18afa77t9prtwakt8bb8kax3yd89vea1ekmj65nfwc2g6826z7pv94qhxnhcsf30vk9yq72gg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCJk5a9kWcZabzHrbHtOUPnO-muA-Q4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQIRJ-Q3hmGyPqgDAcgDAqoE8QFP0IN9aB5y50xbbPEyZYqf6MRVWn5n26EiHlf3PnXNqGuCwJuDnBi1P2NaqxXCKNnF4gIHGfPKbFYn_m3-9kYowoRoICKP9URLxoHb2TcOUEcBGsQKN5l06cFOBwV7rtsCdrOEbyhV_aY7-jhtP_01tl_XVB83m1laqUnlji1KvFWnOKYFAXXdvCiuRyL9AIdPE35tAr8aMloEMfDrH5m2lKWak-SDzgPIgPeMe4vnp8lxzHYxtVHiJt-wl0kM_07yMlAsWnA5hs37SwKH9Ht5b7y3oE2DJb6sEggfwn0yrXEn6-XqUuge_4500tXvPEj8gAbozc7K-s7GwdcBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WIuArtS8zoMD-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3tM7p-rqYZ-EZ37ss-yPNB9yPbGg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.121.248.44 , France, ASN16276 (OVH, FR),
Reverse DNS: ip44.ip-91-121-248.eu
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
attribution-reporting-register-source: {"source_event_id":"17200573720103333","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server: nginx
host: pv.medialead.de
vary: Origin
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
content-length: 0
proxy-host: pv.medialead.de

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 6E8A 13 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 17419
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 14:08:44 GMT
expires: Tue, 07 Jan 2025 14:08:44 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5D40 829 B
559 B 16ms
16ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bb688c3f6fa28a6bbb0fd1534cc06558c5b690a680b656fd4c5232b95928cd47

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-dhyqY7Tz4U4AGcfRdoMYRw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-dhyqY7Tz4U4AGcfRdoMYRw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:03 GMT
expires: Mon, 08 Jan 2024 18:59:03 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 000002761400.jpeg
imagesrv.adition.com/banners/3284/files/00/2a/22/b8/ Frame 68BE 27 KB
27 KB 214ms
214ms Image
image/jpeg 217.79.188.10
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagesrv.adition.com/banners/3284/files/00/2a/22/b8/000002761400.jpeg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186313&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342238&bpp=1&bdt=374&idt=265&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1007674390704&frm=24&ife=3&pv=1&ga_vid=1806834556.1704740342&ga_sid=1704740342&ga_hid=1962961701&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31080261%2C31080264%2C31080266%2C44809004%2C95320889&oid=2&pvsid=231521980711126&tmod=125727893&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.dlgvh1v9xcpg&fsb=1&dtd=267
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.79.188.10 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: imagesrv.adition.com
Software: /
Resource Hash: 4b1c25b30c53825819079f364e306a3a111b4bfe30fad2648a1952a996e173d2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 08 Jan 2024 18:59:03 GMT
last-modified: Tue, 28 Nov 2023 08:25:28 GMT
accept-ranges: bytes
etag: "1522854665"
content-length: 27883
content-type: image/jpeg

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame D432 1 KB
646 B 6ms
6ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186313&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342238&bpp=1&bdt=374&idt=265&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1007674390704&frm=24&ife=3&pv=1&ga_vid=1806834556.1704740342&ga_sid=1704740342&ga_hid=1962961701&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31080261%2C31080264%2C31080266%2C44809004%2C95320889&oid=2&pvsid=231521980711126&tmod=125727893&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.dlgvh1v9xcpg&fsb=1&dtd=267

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 35133
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 09:13:30 GMT
etag: 48472445140208031
expires: Tue, 09 Jan 2024 09:13:30 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 68BE 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 992828baeee383a756dcb042414081ff580dcd98117e2e2cb49709c1afb07fe0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 count
logger.virgul.com/ 0
116 B 54ms
54ms Ping
image/jpeg 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=initBufferFull&g=h&r=npm_foreks::&o=&iv=&wVID=&info=&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=1/8/2024
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 08 Jan 2024 18:59:03 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

POST
H2 200 count
logger.virgul.com/ 0
116 B 54ms
54ms Ping
image/jpeg 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=start&g=m&r=npm_foreks::::&o=vnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb:306:500-600::&iv=&wVID=&info=&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=1/8/2024
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 08 Jan 2024 18:59:03 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

POST
H2 200 count
logger.virgul.com/ 0
116 B 54ms
54ms Ping
image/jpeg 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=adRequest&g=m&r=npm_foreks:preroll&o=&iv=&wVID=&info=&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=1/8/2024
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 08 Jan 2024 18:59:03 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

GET
DATA 200
OK truncated
/ 985 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6efe7e4964448fbdd5349e5116703648d6692fc191736eb19b62515e21a7a3d2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame D432
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEM2XUSEo2MmHEtogsCSQZp4&google_cver=1&google_push=AXcoOmQq6N_yP786wRHDCGPNHmTqBLEBYWh2FgPXOxTy32rU1ZurEGq7cGVPBp6yBAjr0HKxWDWogCIjMzS7ER5QhgKwtSFAYcyNpxo
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzY2NjgwODYzNjgwMTcwMTMzNA==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEM2XUSEo2MmHEtogsCSQZp4&google_cver=1

43 B
398 B

26ms
25ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEM2XUSEo2MmHEtogsCSQZp4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186313&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342238&bpp=1&bdt=374&idt=265&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1007674390704&frm=24&ife=3&pv=1&ga_vid=1806834556.1704740342&ga_sid=1704740342&ga_hid=1962961701&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31080261%2C31080264%2C31080266%2C44809004%2C95320889&oid=2&pvsid=231521980711126&tmod=125727893&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.dlgvh1v9xcpg&fsb=1&dtd=267
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 08 Jan 2024 18:59:03 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEM2XUSEo2MmHEtogsCSQZp4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D432
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGgfF5Wsb-wQGJ9fKop2KSM&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGgfF5Wsb-wQGJ9fKop2KSM&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=aVBwRnZaYkkxUm1VUFo1&google_gid=CAESEGgfF5Wsb-wQGJ9fKop2KSM&google_cver=1&google_push=AXcoOmQerZRpYt4GIfOTdbfcOQ9luhdRsZ1KpIipy588hvd...

170 B
188 B

16ms
16ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=aVBwRnZaYkkxUm1VUFo1&google_gid=CAESEGgfF5Wsb-wQGJ9fKop2KSM&google_cver=1&google_push=AXcoOmQerZRpYt4GIfOTdbfcOQ9luhdRsZ1KpIipy588hvdairQxct28HxHScZIfA1xQ3uUy745wFLJggQm8ayYFAS_UoEodsTuh-Gw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186313&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342238&bpp=1&bdt=374&idt=265&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1007674390704&frm=24&ife=3&pv=1&ga_vid=1806834556.1704740342&ga_sid=1704740342&ga_hid=1962961701&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31080261%2C31080264%2C31080266%2C44809004%2C95320889&oid=2&pvsid=231521980711126&tmod=125727893&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.dlgvh1v9xcpg&fsb=1&dtd=267

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 08 Jan 2024 18:59:03 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-795-gb641a57#rel-ec2-master i-091a6d662d9a132c7@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=aVBwRnZaYkkxUm1VUFo1&google_gid=CAESEGgfF5Wsb-wQGJ9fKop2KSM&google_cver=1&google_push=AXcoOmQerZRpYt4GIfOTdbfcOQ9luhdRsZ1KpIipy588hvdairQxct28HxHScZIfA1xQ3uUy745wFLJggQm8ayYFAS_UoEodsTuh-Gw
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame D432 70 B
149 B 112ms
34ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEL1sAbVaGoET6gk5BtimLoo&google_cver=1&google_push=AXcoOmSZWYd3sN3nPCGRjUDWl5wHM0Gw7QgRoOeVA4XcpGHpBm2U0yJLD3YzZ4-Mqthkh9VJ-e-Jh9hIlmnGaROeu0-JLYRvIq5u0g
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186313&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342238&bpp=1&bdt=374&idt=265&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1007674390704&frm=24&ife=3&pv=1&ga_vid=1806834556.1704740342&ga_sid=1704740342&ga_hid=1962961701&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31080261%2C31080264%2C31080266%2C44809004%2C95320889&oid=2&pvsid=231521980711126&tmod=125727893&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.dlgvh1v9xcpg&fsb=1&dtd=267
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D432
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEOFKr7xN0ATt2KKTdpCWohE&google_cver=1&google_push=AXcoOmQbi1T1SsSFQOWKC65tOCVALIUEOL2d80siCPe8tsSbJdeUzl1q2J9S6yIW2bOh48hwWXmjf5HIRZxK4XBtZ40WSky...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQbi1T1SsSFQOWKC65tOCVALIUEOL2d80siCPe8tsSbJdeUzl1q2J9S6yIW2bOh48hwWXmjf5HIRZxK4XBtZ40WSkyYrzVkykQ&google_hm=eS04TjdRVU9sRTJwRVh...

170 B
188 B

17ms
17ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQbi1T1SsSFQOWKC65tOCVALIUEOL2d80siCPe8tsSbJdeUzl1q2J9S6yIW2bOh48hwWXmjf5HIRZxK4XBtZ40WSkyYrzVkykQ&google_hm=eS04TjdRVU9sRTJwRVhBU1dBTTNvWnVRWkRNOFNpb3F0cX5B

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186313&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342238&bpp=1&bdt=374&idt=265&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1007674390704&frm=24&ife=3&pv=1&ga_vid=1806834556.1704740342&ga_sid=1704740342&ga_hid=1962961701&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31080261%2C31080264%2C31080266%2C44809004%2C95320889&oid=2&pvsid=231521980711126&tmod=125727893&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.dlgvh1v9xcpg&fsb=1&dtd=267

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 08 Jan 2024 18:59:03 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQbi1T1SsSFQOWKC65tOCVALIUEOL2d80siCPe8tsSbJdeUzl1q2J9S6yIW2bOh48hwWXmjf5HIRZxK4XBtZ40WSkyYrzVkykQ&google_hm=eS04TjdRVU9sRTJwRVhBU1dBTTNvWnVRWkRNOFNpb3F0cX5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D432
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmRw-C...
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-7X8oHFE7BARf-PPcgi1Wb7H8zLy01Ck1PEJ61g&google_push=AXcoOmRw-C_IMsBIId6ZrO4hJeZxrR6ZSTccFl6nc8peldIEgrbWtZtx2uJCeTZG9ghd2nLG9nbQkCU58chW...

170 B
188 B

17ms
16ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-7X8oHFE7BARf-PPcgi1Wb7H8zLy01Ck1PEJ61g&google_push=AXcoOmRw-C_IMsBIId6ZrO4hJeZxrR6ZSTccFl6nc8peldIEgrbWtZtx2uJCeTZG9ghd2nLG9nbQkCU58chWrePuLN2Tnc18t4lqLrA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186313&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342238&bpp=1&bdt=374&idt=265&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1007674390704&frm=24&ife=3&pv=1&ga_vid=1806834556.1704740342&ga_sid=1704740342&ga_hid=1962961701&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31080261%2C31080264%2C31080266%2C44809004%2C95320889&oid=2&pvsid=231521980711126&tmod=125727893&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.dlgvh1v9xcpg&fsb=1&dtd=267

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:03 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-7X8oHFE7BARf-PPcgi1Wb7H8zLy01Ck1PEJ61g&google_push=AXcoOmRw-C_IMsBIId6ZrO4hJeZxrR6ZSTccFl6nc8peldIEgrbWtZtx2uJCeTZG9ghd2nLG9nbQkCU58chWrePuLN2Tnc18t4lqLrA
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 816484
content-length: 0
expires: Mon, 08 Jan 2024 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D432
Redirect Chain

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEEGOMXZWXVm0v6H3_D6XCh4&google_cver=1&google_push=AXcoOmQwk7RVrRFl98YRsT86oiI0MxYBs4iuJJKFQHwP4Cwc7yxDU8fQAgi0aHnvaj...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmQwk7RVrRFl98YRsT86oiI0MxYBs4iuJJKFQHwP4Cwc7yxDU8fQAgi0aHnvajEb7FpsilbB9Pz9cU_bbcZqjMawFwy4OkNGKKLO&google_hm...

170 B
188 B

17ms
16ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmQwk7RVrRFl98YRsT86oiI0MxYBs4iuJJKFQHwP4Cwc7yxDU8fQAgi0aHnvajEb7FpsilbB9Pz9cU_bbcZqjMawFwy4OkNGKKLO&google_hm=rbbjWPUETzSs5aF3_gIH-kw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186313&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342238&bpp=1&bdt=374&idt=265&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1007674390704&frm=24&ife=3&pv=1&ga_vid=1806834556.1704740342&ga_sid=1704740342&ga_hid=1962961701&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31080261%2C31080264%2C31080266%2C44809004%2C95320889&oid=2&pvsid=231521980711126&tmod=125727893&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.dlgvh1v9xcpg&fsb=1&dtd=267

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:02 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmQwk7RVrRFl98YRsT86oiI0MxYBs4iuJJKFQHwP4Cwc7yxDU8fQAgi0aHnvajEb7FpsilbB9Pz9cU_bbcZqjMawFwy4OkNGKKLO&google_hm=rbbjWPUETzSs5aF3_gIH-kw
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

report
sync.teads.tv/um/ Frame D432
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESELI2oPQNwNaV...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmTJRhvRjphQC2dzNBhUyfeLIeYYDJAwdE7J-rZqOmCcKKE1KJAk2VgFJCkpLgRO7bVS1zOwiAJpMQBKU-wN0lyLddIh4dds873f
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

35ms
35ms

Image
image/gif

23.32.185.35
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186313&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342238&bpp=1&bdt=374&idt=265&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1007674390704&frm=24&ife=3&pv=1&ga_vid=1806834556.1704740342&ga_sid=1704740342&ga_hid=1962961701&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31080261%2C31080264%2C31080266%2C44809004%2C95320889&oid=2&pvsid=231521980711126&tmod=125727893&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.dlgvh1v9xcpg&fsb=1&dtd=267
Protocol: H2
Server: 23.32.185.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-185-35.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Mon, 08 Jan 2024 18:59:03 GMT
pragma: no-cache
date: Mon, 08 Jan 2024 18:59:03 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame D432 0
12 B 15ms
15ms Image
text/html 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K-yYkxS6OVptzMizyxy8pJkXddtgjRDeKcRpYTKk7aTwFDqIyO9mwR170Bh0wvMtqkGqZELjo

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186313&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342238&bpp=1&bdt=374&idt=265&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1007674390704&frm=24&ife=3&pv=1&ga_vid=1806834556.1704740342&ga_sid=1704740342&ga_hid=1962961701&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31080261%2C31080264%2C31080266%2C44809004%2C95320889&oid=2&pvsid=231521980711126&tmod=125727893&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.dlgvh1v9xcpg&fsb=1&dtd=267

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5D40 0
0 42ms
41ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240103&jk=3437858270982662&rc=
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 53F6 112 KB
19 KB 314ms
286ms XHR
text/xml 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21728129623%2C158935454%2Fweb_foreks_preroll_FP3&description_url=http%3A%2F%2Fforeks.com&env=vp&correlator=675689321532984&tfcd=0&npa=0&gdfp_req=1&output=xml_vast4&sz=640x360&unviewed_position_start=1&ppid=vnet7f0de5d86afb47fbaee9b70ad1fe45eb&cust_params=site%3Dforeks%26env%3Dweb%26mt%3D1704740340252%26r%3D158737%40site_geneli%40foreks%3Asite_geneli%26info%3D%26policy%3D0%26targetCtr%3D0%26viewable%3D2%26site%3Dforeks%26plm%3Dnull%26pid%3Dvnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0&sdkv=h.3.609.1&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&u_so=l&ctv=0&sdki=445&ptt=20&adk=1366865759&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.609.1&sid=AA844232-570A-4877-B0F0-AE1E0BC79A29&a3p=EhwKDWNyd2RjbnRybC5uZXQYnY3F084xSABSAghkEhsKDDMzYWNyb3NzLmNvbRidjcXTzjFIAFICCGQSGQoKcHViY2lkLm9yZxjljsXTzjFIAFICCGoSHQoOZXNwLmNyaXRlby5jb20YnY3F084xSABSAghkEj4KBW9wZW54EixleUpwSWpvaWJFNWtLM05OZEVOUlpUWlBZM2RsZEVRdlZFRktkejA5SW4wPRiEk8XTzjFIABKBAQoIcnRiaG91c2USbHJ0aHJSQkpoU2dDSENwOHdTUU16b1BMRE9yS242c1RIOVFiZWRmWUtGZUs0MnhGMmlUY3NwMGo1ZWg3Nmp1NWhONXhHRzNLbjVuMmxWOXBoMmhhNGNCMS96cnVRKzJERlVIbDEycGRCZG5RPRj_j8XTzjFIABIbCgxpZDUtc3luYy5jb20YuY_F084xSABSAghq&nel=0&eid=44772139%2C44777649%2C44781409%2C44804291%2C44804616&url=https%3A%2F%2Fwww.foreks.com%2F&dlt=1704740339138&idt=3855&dt=1704740343586&cookie=ID%3D140880d7dc701c7e%3AT%3D1704740341%3ART%3D1704740341%3AS%3DALNI_MaNWy95Sq6UON-GRmMnHAK2X4am2g&gpic=UID%3D00000d3d815ff0ca%3AT%3D1704740341%3ART%3D1704740341%3AS%3DALNI_MYanryTfJTpOnC1x4s4vyOazKH3XA&scor=2335542965469016&ged=ve4_td5_tt1_pd5_la5000_er660.1142.813.1442_vi0.0.1200.1600_vp100_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.609.1_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

e0a83addd39690eac6fe81a2b079cd7918d9a65cfc723e16a74704c2db775486

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19605
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 6E8A 39 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 14:08:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17419
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 14:08:44 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame B14B 0
10 B 6ms
6ms Image
text/plain 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?OswMEQ
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 6E8A 0
10 B 6ms
6ms Image
text/plain 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?KVFF5Q
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 68BE 0
19 B 49ms
48ms Image
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C_W5a9kWcZf7GJIGBtdEP5pOqyA-Q5vLObZqXosfzAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQIRJ-Q3hmGyPqgDAcgDAqoE7wFP0DCSV3O3_Oo7ahUxYS8mDz52WVDG8qYgAg5IaIQSURpsdDVMXf5OcPf9DJE7ieRnyPgm-j8_26ueOF7ZisoVTCYsctdjof1hO8p8JIt-KvK01rpwlSmXP4YIN-RlsNlnW6wqOuVdXSG88-tyM51u178_mRFK66obNvW6SQZFcch1ItX1GKMC8A1-SntQ6a1rLyVPZebPsOU6_CUrcnpIowpULigpRrxNHiAVV4Hvfisutj-X8DL1lW1e_KjmoK5q_Wbw34lNUETJ-jnPPEGKrBKxrmfjEVycAy1bF__UwG8Nyr-uSlTvuMEYE4bZPYAG0L_6uNS00ssloAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WP7es9S8zoMDgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTY1OTM1MjMyMTAwMTAxNTQYAA&sigh=MJeoETzV6ac&uach_m=%5BUACH%5D&cid=CAQSOwAvHhf_CPRtiTh9PoMZ39I2leI03qfKjCrTdSEwKYis_aa-8vgAwGndcLyxbjsXc0y8aOMpEJWYsK0OGAE&cbvp=2&vis=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186313&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342238&bpp=1&bdt=374&idt=265&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1007674390704&frm=24&ife=3&pv=1&ga_vid=1806834556.1704740342&ga_sid=1704740342&ga_hid=1962961701&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31080261%2C31080264%2C31080266%2C44809004%2C95320889&oid=2&pvsid=231521980711126&tmod=125727893&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.dlgvh1v9xcpg&fsb=1&dtd=267

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186313&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342238&bpp=1&bdt=374&idt=265&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1007674390704&frm=24&ife=3&pv=1&ga_vid=1806834556.1704740342&ga_sid=1704740342&ga_hid=1962961701&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31080261%2C31080264%2C31080266%2C44809004%2C95320889&oid=2&pvsid=231521980711126&tmod=125727893&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.dlgvh1v9xcpg&fsb=1&dtd=267
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 08 Jan 2024 18:59:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK /
dsp.active-agent.com/reporting/ Frame 68BE 43 B
256 B 50ms
10ms Image
image/gif 85.114.159.66
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsp.active-agent.com/reporting/?winningPrice=ZZxF9gAJI34ELUCBAAqJ5hIohf7wSYapVZlWmw&bannerId=19203040&campaignId=6324602&auctionId=121/32/4/14/53/55/124/87/89/-111/-128/-26/-124/-98/93/-80&impressionId=1&ssp=2&xr=0.99&xc=978cff8f7561120dd300593612811b3045368aa8&contentUnitId=3984447&bid=7321804017062015373&cbvp=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186313&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342238&bpp=1&bdt=374&idt=265&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1007674390704&frm=24&ife=3&pv=1&ga_vid=1806834556.1704740342&ga_sid=1704740342&ga_hid=1962961701&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31080261%2C31080264%2C31080266%2C44809004%2C95320889&oid=2&pvsid=231521980711126&tmod=125727893&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.dlgvh1v9xcpg&fsb=1&dtd=267
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.114.159.66 Loerrach, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: dsp.active-agent.com
Software: nginx /
Resource Hash: caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 08 Jan 2024 18:59:03 GMT
Access-Control-Allow-Credentials: false
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

POST
H/1.1 204
No Content collect Show response
v.clarity.ms/ 0
294 B 524ms
334ms XHR
text/plain 20.114.189.135
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://v.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.114.189.135 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.foreks.com
Date: Mon, 08 Jan 2024 18:59:04 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2048 0
0 43ms
43ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvm2SQG9A7gpgauVjEWsV9y7AHny_389XtPFDDuH6OznKdhg1C28abHLyqtblJcpzHL3h0zEVJYpCZ3lSKnBE7ea2p0M41To432kqy1LCYwbAYena87KvvBUyGyFJMgYWcqMgA10W52azrFXenbg0DaTtEV8F90iP1GhPHRoFYTPr1Sy51kl1vTTWWjj3-Uqic-iuxU42QACK0vNN0ZZdZ6zLzDICNc3mhzsxSeEJaAkI91B4m9unTwUV1-wXBWdf7fSVJFI3EB9fDuFdgIcrLotduQ99giQJUP_aCnW34dIrBLLDiroytwcB099JH-xeESabr32UAN9ZcWb4VKoqBaCVhQazY0OSoMRzC2sJAo1jqVI1GHROV3Dcs99_WBqw&sai=AMfl-YT5QTyhvXMLGzR0sE0LJ9Q7rMwSf7nbhMxT1AvBgfIwrMChXXURb51q3HQMgD0YaAMZ6TFd9M5Zv_dC7uxjudPABHivyBnNxt6y5v7E_pLLL058n2cYA9VAmnbo9W97IEncagQjCAOqudIHApZNS1qCAIOrliLa2wBj2O1-ItxfzVkz&sig=Cg0ArKJSzM9cvuwK6DYXEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 08 Jan 2024 18:59:03 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2048 16 KB
12 KB 56ms
55ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240103&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2dcd4149ffa1ef860b7f068ea2bc7b937e2b8b7dbf78c637e658605486efdd90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12281
x-xss-protection: 0

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=66C09C57B6EE422CA2D1B504DA3F3592&RedC=c.clarity.ms&MXFR=3E384A2F95B866B925805E2F91B868ED
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=66C09C57B6EE422CA2D1B504DA3F3592&MUID=175DE34AFDC46C5001EEF74AFCC46DAD

42 B
443 B

27ms
26ms

Image
image/gif

68.219.88.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=66C09C57B6EE422CA2D1B504DA3F3592&MUID=175DE34AFDC46C5001EEF74AFCC46DAD
Protocol: H2
Server: 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:03 GMT
last-modified: Tue, 12 Dec 2023 19:03:29 GMT
server: Microsoft-IIS/10.0
etag: "e8d91e42d2dda1:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:03 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 969D45C51FF34FE38BF40DDC62131B38 Ref B: FRAEDGE1817 Ref C: 2024-01-08T18:59:03Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=66C09C57B6EE422CA2D1B504DA3F3592&MUID=175DE34AFDC46C5001EEF74AFCC46DAD
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 56ms
56ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202401020101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

186154579f1e9f1558aaf921000f65d8c3356a301e94c3ac009e26919151cacf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12225
x-xss-protection: 0

GET
H2 200 netmera_worker.html Show response
www.foreks.com/ Frame 9DC4 4 KB
2 KB 17ms
16ms Document
text/html 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.foreks.com/netmera_worker.html
Requested by: Host: cdn.netmera-web.com
URL: https://cdn.netmera-web.com/wsdkjs/OcYc2nxy4-IE1PVMgxSo2cIXLNyzI3PXAb6uUisJim44jRp89r7eWQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 46785e2006a27d27d52b4ed2ac2459d147ddd4b2843efbef626f9e3645b2254b

Request headers

Referer: https://www.foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: public, max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 08 Jan 2024 18:59:03 GMT
etag: W/"ff3-18ca4cfb930"
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
vary: Accept-Encoding
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
x-amz-cf-id: 88nn2h8Wrs5V-Kl2qY-FO2L0eiim78_SYXS2wIKwDxt5tyK3CpEJ4Q==
x-amz-cf-pop: DUS51-P1
x-cache: Miss from cloudfront

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame C611 0
0 44ms
43ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240104&jk=3672836851977151&bg=!IiGlIW7NAAaumcC-jpk7ADQBe5WfOG_gsNVTnBOKaBKfEr2A3uI6YfySsG-CxTlJ8bC4MyNXLanMd6UUAntSt1XvsMWGAgAAAHRSAAAAAWgBBwoAZ_UZJ-8_3ML7WU76ya1Ov3hOmY620eaVnzwy9ml6A1_bpk1CZK9jAQnY1h6yi0eNAPde8CCSWv4FdiKEnlobmQTpCw4lQr_G8BKU6WVUfis2qS0rAHmFF--8j_jvuCJZjDpFCAX18kSZAwjR-aTnMPppEzJpaNVTifJgpSXOB-Q19SmeTvNkw75QJfACiMetOGgEwQW8dEBLeerZkEleYhlqoy3_xfO3qOA2K168zAbci1BrkgW6OsyYkg1ZIh-952kZJ3ZU94o1Epy-N9UwnJuyJLQwQL5rx-NE8K7n-_rT9MGCLfslEH0RR6fXKFcJSob1-44JrJO6_6mtptRkEjIoo6z5HQsTzymV68eklC401FB5sa_mZTiSNp1B846lgWihpnON-A9yfcPT4vqTEpn-Et2g1IBnBl07HlxrBi-awzkAZDMQAo0RjhNg7SdVdIeBwBsOaC4IeMjfPD9-in88GCqZade5Sq2Wehh_RuLx38_gbgMNmldLAdea5Ke3XJZWauaIYGRRJGexaBn2mbjLjBAsxEP6fNR67qBSqQHuZCs2ivoprPENZ9xlCUcoTWy579OJMXCg6mhRlAvWaI4JgBtDiQvHGioszWbKJqeoV53Mkr2r6n2y6_gBJ3c-eC_zZgohmMp3ixqYbf3lES-B8Rj7JPqNSyBXczFJfSj7MJqob89z-MK7hvpTscaNtyje8WI4TSVND_RFvRg0o9lO1uB74YJW0qd2vWVVBrV4RH9rFHKyTjS7GH74KsUOltg6jsJWdV8COVzNb8QZeccpoRx05eBeQ2RYCwi2GQoyh0yLw1qCEM83ZimQmM9rO9mYZev1VtJpDj8u0WRQIsu6bZUilQuel9S5nAue_e-CDbFJticAZeWQybY3YXefCxXT67_7waupTmpJp1XL1bZx9-Ck0NuiMIvnUqFKj8LaHiXQR8sHIWFsRrzdya8UZiygv7_0fiiVgLnCcRiOsrDvhn1tKESbHFSbT3MPbHzLOJOFcRcQx1x5uF8VlPfaY75R4xabM-VfkBORp3dp5it1o1_SyNPNlEdVZMPU3ckf05wOjApkOpJ4z8bWy3TZ9YS_bTCjusbUHtmjQSmm4suzz-EQ3T0wEY0_3D2PQVQZlJg5Z7946SCaVf5SnPUd_5acS03B3Se-brJ2PuqGv8APWw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H2 200 foreks-notify-logo.svg
www.foreks.com/img/ Frame 9DC4 667 B
717 B 16ms
16ms Image
image/svg+xml 18.66.248.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.foreks.com/img/foreks-notify-logo.svg
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/netmera_worker.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-121.dus51.r.cloudfront.net
Software: /
Resource Hash: ea3f874e92d2f05121d133ae8ab4e2138a7f904af2b9f8f4719a0543bbc3bc9b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/netmera_worker.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
content-encoding: gzip
via: 1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
last-modified: Tue, 26 Dec 2023 06:28:46 GMT
x-amz-cf-pop: DUS51-P1
etag: W/"29b-18ca4cfb930"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: NIw1hiOokBMo4Ip6LcQ5hU2RMYDkBC69qDio64HcIHRvAohI_4z4gA==

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2048 17 KB
6 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 08 Jan 2024 18:59:03 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 08 Jan 2024 18:59:03 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 2D42 13 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 17419
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 14:08:44 GMT
expires: Tue, 07 Jan 2025 14:08:44 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 112F 829 B
560 B 19ms
19ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e757e449eb372d90ccb8be9744d0a9b1c5735321edf8ccfc970ee71609bf12fb

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-i3LiFUhJCfVE9kBovVKupw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-i3LiFUhJCfVE9kBovVKupw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:03 GMT
expires: Mon, 08 Jan 2024 18:59:03 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A9AE 13 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 17419
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 14:08:44 GMT
expires: Tue, 07 Jan 2025 14:08:44 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 44FC 829 B
559 B 18ms
17ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a0af514b82e8000ed1d386c65cf9ad30da22355ea39d021b925e5ab682aa4c2e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-mgt6afTSPSQyO7xmiPDvKw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-mgt6afTSPSQyO7xmiPDvKw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 18:59:03 GMT
expires: Mon, 08 Jan 2024 18:59:03 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H2 204 csi
csi.gstatic.com/ Frame 53F6 0
234 B 48ms
28ms Ping
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~lr5adv37&c=2818979527367&slotId=1409489763683.5&eee=missing-element&bi=missing-id&vast_v=4.0&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&vmfc=3&vhc=0&wta=1&ytext_viu=0&ytext_hd=1&hghme=1&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.609.1_en.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:03 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fbox.js Show response
ntm.netmera-web.com/wsdk2/ Frame 9DC4 4 KB
2 KB 7ms
6ms Script
application/javascript 31.3.2.88
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://ntm.netmera-web.com/wsdk2/fbox.js?v=4.2.22
Requested by: Host: www.foreks.com
URL: https://www.foreks.com/netmera_worker.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.88 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-2134 /
Resource Hash: 7b890dc41d051c686bda87447a5556a4d7e1a53fd40dde66bc9f12ea83bc00d1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:03 GMT
content-encoding: br
last-modified: Tue, 26 Dec 2023 21:15:50 GMT
server: MNCDN-2134
x-mnrequest-id: 05a4bd8568fac6c1543c5da415b8e909
x-amz-request-id: 6ZY0W6T784J24RJ8
x-edge-location: DE-372
x-amz-server-side-encryption: AES256
x-cache-status: Edge : HIT,
content-type: application/javascript
cache-control: private, max-age=900, s-maxage=604800
x-amz-id-2: eEWIkNQtsudw6KVrax2KAFxCkHAG6L7WKzDx2ngps6uK4gyknVqgUfzLmQ/sE63P7t+hoE7jTN4=
x-mserver: DE-372

POST
H2 204 csi
csi.gstatic.com/ Frame 53F6 0
54 B 27ms
27ms Ping
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~lr5advu7&c=2818979527367&slotId=1409489763683.5&qqid=CKrL-NS8zoMDFQvAuwgdjkoOQw&gqid=90WcZY32Jb3W9u8P6t6zWA&fb=ima_html5-lima&sdkv=h.3.609.1&mrd=10&aab=1&itv=1&ghmsh_eids=44772139%2C44777649%2C44781409%2C44804291%2C44804616&met.4=ghmsh_s.lr5advu8~ghmsh_s.lr5advu8&ghmsh_hd=1&ghmsh_mi=22%2C18%2C&ghmsh_vi=134%2C136%2C243%2C247%2C&ghmsh_ai=139%2C140%2C250%2C&ghmsh_gvt=0&ams=1&vs=1280x720&vc=avc1.64001F&mt=video%2Fmp4&vsrc=youtube&bit=22&cpn=aQOKOti9eMKh-A7M
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.609.1_en.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:04 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 help_outline_white_24dp_with_3px_trbl_padding.png
imasdk.googleapis.com/formats/wta/ Frame 53F6 453 B
478 B 8ms
7ms Image
image/png 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imasdk.googleapis.com/formats/wta/help_outline_white_24dp_with_3px_trbl_padding.png?wp=ca-video-pub-7983651257838282

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/js/core/bridge3.609.1_en.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:34:09 GMT
x-content-type-options: nosniff
age: 1495
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 453
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 14:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: image/png
cache-control: public, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 19:24:09 GMT

GET
H2 200 LrnQ1VxqvFZswhzOmosXVs9m-GdkzrvencGyslGN-d9dSo6GY0Cm8xnyFSxiKPI-HqMdmMrr=s48-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ Frame 53F6 2 KB
2 KB 34ms
7ms Image
image/jpeg 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/LrnQ1VxqvFZswhzOmosXVs9m-GdkzrvencGyslGN-d9dSo6GY0Cm8xnyFSxiKPI-HqMdmMrr=s48-c-k-c0x00ffffff-no-rj

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

69803de63650d5ca4ae7a48cca1c292d3c56c9ed3ea9b7f10089949cf9e85e26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 16:07:27 GMT
x-content-type-options: nosniff
age: 10297
content-disposition: inline;filename="channels4_profile.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1541
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 09 Jan 2024 16:07:27 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 53F6 42 B
64 B 45ms
45ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CQEcL90WcZerzJ4uA7_UPjpW5mASb142BcfXE9fuoErCQHxABIOa0gmtgleKQgqAHoAHl5IHHA8gBBakCgMtUH0Vpsj7gAgCoAwGYBACqBLkCT9DVM8CHEXJK6Q_FcaghVCCUFg1KexWZx18l46xIYsO2qCktbMaE9od8t3qpJHS9nNkgTsy1pobrvrkhApCe_ECqIZlB8_Xlas-ZPSCCV1Vb8zv4pu3GFYNDI5-eyVWX11HjH6dvcn7b-cLuOcgrqKKS9Vquu_xO5X0ytbOCgaLS4gAlSo9rvAmJRjzvopG1u5Zj17sbYbgn5NTEGgevMhP4Pg57FOomBsuSdwUA8TDMbQ45tj3C1ysMBAbmoKy59oBhvnFNA-ZVc4bl1MvZpWjRWYwMVbxUvfOv7YGrIaEnzrTwDV36uvkJ3P6uk_4J3wSeMZ7bCyCMnvZa2WaLb0I-YuPj4lnvotiXqPG_yfbM9b5EKMUsoJzHoqPqklOnWuxl416nv7ISI8C6EXTvNaL135-jfeqbcsAEyJfOg9QE4AQBiAX10OO8S5IFBggDEAEYAaAGVIAHrfPpAagH2baxAqgHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAtgHAagIAdIIHwiA4YAQEAEYHTICqgI6AoBASL39wTpYg_j21LzOgwOxCTTxJgDmyeUXgAoDmAsByAsB0AsPogwIKgYKBLu7sQLaDBAKChCg4P341e-RjGoSAgEDmg0BD6oNAkRFyA0B4g0TCISt99S8zoMDFQvAuwgdjkoOQ9gTE9AVAfgWAYAXAQ&sigh=Csc6Jk3z_yo&label=show_ad&sdkv=h.3.609.1&vci=CmsIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDYyOTQ3MjU4NDMwOTIMNjg3MDY5NTE5ODM4QMcCUiMQDyUAwGFEKAE6CzBzQzBmOWJvbllJQglnb29nbGVhZHNQABgB

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
pubads.g.doubleclick.net/pagead/ Frame 53F6 0
0 46ms
45ms Image
text/html 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubads.g.doubleclick.net/pagead/adview?ai=Cq_Ie90WcZerzJ4uA7_UPjpW5mASb142BcfXE9fuoErCQHxABIOa0gmtgleKQgqAHoAHl5IHHA8gBBakCgMtUH0Vpsj7gAgCoAwGYBACqBLYCT9DVM8CHEXJK6Q_FcaghVCCUFg1KexWZx18l46xIYsO2qCktbMaE9od8t3qpJHS9nNkgTsy1pobrvrkhApCe_ECqIZlB8_Xlas-ZPSCCV1Vb8zv4pu3GFYNDI5-eyVWX11HjH6dvcn7b-cLuOcgrqKKS9Vquu_xO5X0ytbOCgaLS4gAlSo9rvAmJRjzvopG1u5Zj17sbYbgn5NTEGgevMhP4Pg57FOomBsuSdwUA8TDMbQ45tj3C1ysMBAbmoKy59oBhvnFNA-ZVc4bl1MvZpWjRWYwMVbxUvfOv7YGrIaEnzrTwDV36uvkJ3P6uk_4J3wSeMZ7bCyCMnvZa2WaLb0I-YuPj4lnvotiX8PBlx8iOcarWnHKrkBtA_CdHueciBM1vTlSJp2qBlusOnofEGbpDTQCT-sAEyJfOg9QE4AQBiAX10OO8S5IFEQgSEAUYDzCCu6K3_Y-t4NIBoAZUgAet8-kBqAfZtrECqAeOzhuoB5PYG6gHnNwbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBDF4wmoCAHSCB8IgOGAEBABGB0yAqoCOgKAQEi9_cE6WIP49tS8zoMDmgl4aHR0cHM6Ly9scC5zaXN0cml4LmRlL2xpdmVzdHJlYW0_Y2FtcGFpZ25pZD0yMDI2MDEyMDY5MyZhZGdyb3VwaWQ9MTU5OTk1MTA0MjAwJmNyZWF0aXZlPTY4NzA2OTUxOTgzOCZuZXR3b3JrPXZwJmRldmljZT1jgAoDyAsBogwIKgYKBLu7sQLiDRMIhK331LzOgwMVC8C7CB2OSg5DwhMGGOXkgccD2BMT0BUBgBcBshceChwIABIUcHViLTY1OTM1MjMyMTAwMTAxNTQY6sFt&sigh=2AUX_3u7jvs&cmd=Ch1jYS12aWRlby1wdWItNzk4MzY1MTI1NzgzODI4MhAAGAI&uach_m=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&ase=2&nis=4&cid=CAQSTQAvHhf_fycY7BC2xV3kSqY9llefw8WB3QQkn7PXx9dVCeg6pzeVIZZqiwrITzzXu5OBTHFFZ_MkIC6i8ubR51_pX9ghDwiYhcTnx5dTGAE&vt=10&sdkv=h.3.609.1&vci=CmsIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDYyOTQ3MjU4NDMwOTIMNjg3MDY5NTE5ODM4QMcCUiMQDyUAwGFEKAE6CzBzQzBmOWJvbllJQglnb29nbGVhZHNQABgB
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s65-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

POST
H3 204 csi
csi.gstatic.com/ 0
17 B 26ms
26ms Ping
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&top=1&puid=1~lr5adumd&c=2818979527367&slotId=1409489763683.5&eee=missing-element&bi=missing-id
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:04 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 112F 0
0 42ms
41ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240103&jk=231521980711126&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H3 200 MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js Show response
pagead2.googlesyndication.com/bg/ Frame 2D42 39 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 20:52:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 338807
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15229
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 03 Jan 2025 20:52:17 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 44FC 0
0 42ms
42ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202401020101&jk=1599564253928301&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H/1.1

206
Partial Content

videoplayback
rr2---sn-4g5e6ns7.googlevideo.com/
Redirect Chain

https://rr2---sn-4g5edns7.googlevideo.com/videoplayback?expire=1704769143&ei=90WcZcPxM7rIi9oPyNWQaA&ip=45.141.152.76&id=d2c0b47fd6e89d82&itag=22&source=youtube&requiressl=yes&xpc=Eghovf3BOnoBAQ==&m...
https://rr2---sn-4g5e6ns7.googlevideo.com/videoplayback?expire=1704769143&ei=90WcZcPxM7rIi9oPyNWQaA&ip=45.141.152.76&id=d2c0b47fd6e89d82&itag=22&source=youtube&requiressl=yes&xpc=Eghovf3BOnoBAQ==&s...

4 MB
0

38ms
10ms

Media
video/mp4

2a00:1450:4001:5c::7
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr2---sn-4g5e6ns7.googlevideo.com/videoplayback?expire=1704769143&ei=90WcZcPxM7rIi9oPyNWQaA&ip=45.141.152.76&id=d2c0b47fd6e89d82&itag=22&source=youtube&requiressl=yes&xpc=Eghovf3BOnoBAQ==&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=903.650&lmt=1704530007198225&cpn=aQOKOti9eMKh-A7M&txp=5308224&sparams=expire,ei,ip,id,itag,source,requiressl,xpc,susc,acao,ctier,mime,vprv,dur,lmt&sig=AJfQdSswRgIhAJxsWgS2KdkexPlvtLYc04X9KhWEuCuf_OvAihkLtDm_AiEAsE4SayeymUGqNlaDeoZm3OMl2je1AwsnrSsYflUSbPM=&redirect_counter=1&rm=sn-4g5e6l7l&fexp=24350138,24350146,24350148,24350149,24350169&req_id=60afc68cbbe636e2&cms_redirect=yes&cmsv=e&ipbypass=yes&mh=pQ&mip=2001:ac8:20:3a00:1011:bee1:8168:3a07&mm=31&mn=sn-4g5e6ns7&ms=au&mt=1704739996&mv=m&mvi=2&pl=49&lsparams=ipbypass,mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AAO5W4owRgIhANbzs_R3QFi0f-Yh6BlIG0KEqnxNV5Yj_j7yrdedcQn_AiEAugIEBxiIRvjxnZOzdNLe9bId94VgOK4w1d35W3ErwpI%3D

Protocol

HTTP/1.1

Server

2a00:1450:4001:5c::7 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 08 Jan 2024 18:59:04 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sat, 06 Jan 2024 08:33:27 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Content-Range: bytes 0-53825863/53825864
Cache-Control: private, max-age=28499
Cross-Origin-Resource-Policy: cross-origin
Connection: close
Accept-Ranges: bytes
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 53825864
Expires: Mon, 08 Jan 2024 18:59:04 GMT

Redirect headers

Date: Mon, 08 Jan 2024 18:59:04 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: text/html
Location: https://rr2---sn-4g5e6ns7.googlevideo.com/videoplayback?expire=1704769143&ei=90WcZcPxM7rIi9oPyNWQaA&ip=45.141.152.76&id=d2c0b47fd6e89d82&itag=22&source=youtube&requiressl=yes&xpc=Eghovf3BOnoBAQ==&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=903.650&lmt=1704530007198225&cpn=aQOKOti9eMKh-A7M&txp=5308224&sparams=expire,ei,ip,id,itag,source,requiressl,xpc,susc,acao,ctier,mime,vprv,dur,lmt&sig=AJfQdSswRgIhAJxsWgS2KdkexPlvtLYc04X9KhWEuCuf_OvAihkLtDm_AiEAsE4SayeymUGqNlaDeoZm3OMl2je1AwsnrSsYflUSbPM=&redirect_counter=1&rm=sn-4g5e6l7l&fexp=24350138,24350146,24350148,24350149,24350169&req_id=60afc68cbbe636e2&cms_redirect=yes&cmsv=e&ipbypass=yes&mh=pQ&mip=2001:ac8:20:3a00:1011:bee1:8168:3a07&mm=31&mn=sn-4g5e6ns7&ms=au&mt=1704739996&mv=m&mvi=2&pl=49&lsparams=ipbypass,mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AAO5W4owRgIhANbzs_R3QFi0f-Yh6BlIG0KEqnxNV5Yj_j7yrdedcQn_AiEAugIEBxiIRvjxnZOzdNLe9bId94VgOK4w1d35W3ErwpI%3D
Cache-Control: private, max-age=900
Cross-Origin-Resource-Policy: cross-origin
Connection: close
Content-Length: 0
Expires: Mon, 08 Jan 2024 18:59:04 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3D90 0
0 44ms
43ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240103&jk=3522548824508111&bg=!BwSlBEvNAAaumcC-jpk7ADQBe5WfOHei15ZNYGiVlUCIltjOSugcgJVvxJwEHh6cEBn29Dgi0_Lz6kBqRR0W3rwbkT8tAgAAAIdSAAAAAWgBB5kDDdX4SclZIvk7M0QWsnSGiar8TNgAtblMKPwy5RTxEzDpmeOUvfjqGLikaF45DEFGVK7SSx3zqRJ1EJPI5HXxLYjGhKKqvkcMjcFWZ4nbmqNpyk5RAIt6Bd1h1dJ3d4bfhlDSlN5gxlU6MWUhdMGRLHB61UdNjnnRCs6k3E_HEv9gl4FBz_XFIShCCgHh7qvTUtaB4cTqXtdxDXMbulDpHPgXPpvHSs5sFeGPAWklOHiaAJv0zpBzRAGkHhqk17CnayW3G3LxU8dQ12Fhz14ARHjIGy8w4hfqZgAPrTLT2JWewZ7szKcV3trUxAnuJ8OjdG5cahe7O1vZq7HB9ny24jRtNrNfTdWXdsMoNytOqsMOdiBwNEQ4fS0IaTRXUcpIS9xpChmQm_Ba3zW0kMXg67CYrj5goYz0_0ugDF57L4v67z10jI2kbBVeTRwRFZEQn5Uc4Y0JMJopmb4SLMXB8v5BuolxkWHri-SGR_sQ0Wsl0KDI34Aqq2jWcJKolUP7cuQuER08NsaYMtH4W5a0JRGR3IKHPdApgzwtqGNzH971urIV6x1DOfmxZToWqmsibmF2lIDIlmKYbZbOY4TZSR__6ZfByvDGUj9n_1aS1A2tWoVL22q9SkD7fDfxx7cLKBt1pDDiBHPHOMOV6qTUXBdpR2jZAI51_srhs6bY4g5PNdkEM75bWdiKqcAvSLRxN9tbMWltsuCQMecfRY_-SV33egaBuiEAZ9H_KTAMHED90WhUgExRi8VRUAMjE0K4YHWn0FByaombOD7pT5MciCKEnCn8K-wVrILhiG_mHVCo6e05V6AxyJ-0LbVAxLu9tfVsgfzT22AI-QYOKFj9WiMZvOV7GMy6TeQypXQ1hqZv3InV5ijPesYRRWL8k8meTU7kcrDm8Wmjw8uqpP5aqMcTePAjFD9iMgY5io3OATji20OdkVHNfLCDVT-sDl32N6hkxZL7VLc6gLysLDWCfqeEgr1A4cp73OfOrs2IVKVMygaDaNn9k5fDzV9HHDwCyO4sVE28il7K5tjM9UQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame A9AE 39 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 14:08:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17420
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 14:08:44 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9A73 0
25 B 42ms
42ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8955019322171&version=m202309260101&ct=77&x=1&cor=14684776273329355000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 993F 0
25 B 42ms
41ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3087767446407&version=m202309260101&ct=77&x=1&cor=8173984081397032000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B149 0
25 B 42ms
42ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2443156928715&version=m202309260101&ct=77&x=1&cor=7082408291830103000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 53F6 0
17 B 27ms
27ms Ping
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=3~lr5advwc&c=2818979527367&slotId=1409489763683.5&qqid=CKrL-NS8zoMDFQvAuwgdjkoOQw&gqid=90WcZY32Jb3W9u8P6t6zWA&fb=ima_html5-lima&sdkv=h.3.609.1&mrd=10&aab=1&itv=1&ua_e=1&met.4=ghmsh_s.lr5advwc
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.609.1_en.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:04 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 64f0a04de4b0a5353b11e8c6
ng2.virgul.com/tck/imp/ 0
213 B 60ms
60ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/64f0a04de4b0a5353b11e8c6?g=1&t=gb&r=158735@site_geneli@foreks:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1&info=&mt=1704740340252&userId=vnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: https://www.foreks.com
date: Mon, 08 Jan 2024 18:59:04 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0C04 0
25 B 47ms
46ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5227703023212&version=m202309260101&ct=77&x=1&cor=805994000142811300

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2D7F 0
0 51ms
51ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240103&jk=3985455299172220&bg=!FRalFlnNAAY3kmNgF5I7ADQBe5WfOHdIVmAtPmGTugz3iNAypwjMoHwWGW_RPwyiyOMFwolIRWBwfimvBvVj0tu01BhaAgAAAIlSAAAAAWgBB5kDBHFAqfGYDyJ3CKWHbpV0ZzEqFfgwhk8EwAdWSsq8V69M7o5oxLvOtTDwiJdzhDV3moR6JYswrhPUTsrAh73XEbriinUujQI22t5gSFX9Q0GUSJh2EzAptd5Ec2ABt85kYLxnqhGH9_uvBP9nnyagLIFVOJbM16J_SvrAvqjZT3d7fvJ4CSInJlXZ1QftJmIdljjlQFK5aqk-m6tVDY2OpaEiZrZuLtfVG7MZrQ4tbVDYoLTArj8cDjvLWoCHFoHLCqwbjJsSQJPZiqKeC_VubKC40p0M2HYMrzLm_tAgXK4GqbVKEf_FGYBKRHz0tGjYACZvFNnZrcU5DkTmt9_q_mvobEwyzUklaXmDbmKHmWzP2gK7gAAVqnN6fUPl8IwXqc_FTPVEzemhz8QTSbKprYoa1w-zhWxLTAzWPl62VsYzmizJsozSvyFLZVeklxmPY_ZUqNgpcp7FWPFij8EQYymM6n5g1zXiGoJ7O_hmLdZ2h3wKT0ZAzgM1HKBbkvh5QV-k7mEI6qeR0GXrngggS3XXadUDbXkUOoT4x46AzW7K9SzR81IE0QkgqMFkwkd3KZqKZBWjWEsTGrk6Uze5s9iB4iBTM1yfgS2yX4zLKgC7qHhEQPe7wuu_IdKUc9afDiQLoahN78uWQJwyFALnK_8g3zDsnZljo9RTxxbu76nfTrIYBmuKb0yArtsVHQQQI5r3TJnOH9IfiNZkohqebUFm_qIhe070762eW_h0q1z7UpnuHp699uDl4ZgYd-JQZ6XDWwrBea-TRL_JTP8W4egD07eSdztSW2ivJHI7mxyLoS6r5XY_oxM44gCbq4ejBDAQLK5hmqIJEzyzv0yMugzVEZToAcKdbEUeUbiThZAQtnNjDbpjxhLbCei7aO3KKv6rgHpsSwycOT16cB_pvoUEdvK6_ldidS4kw5gLAJ5jLpc2Rykx1whMHZ_v6Jl4pbUxEvDZEdjQ10GMaTBoLT6xVi2a_60S5NlAsj1_tpTOrj9maSd4PGesUIpWfySHF9jdoHY
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 2D42 0
10 B 7ms
7ms Image
text/plain 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?BCBJLA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:04 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame A9AE 0
10 B 7ms
7ms Image
text/plain 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?BDZ6gA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 18:59:04 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 53F6 42 B
64 B 50ms
50ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CQEcL90WcZerzJ4uA7_UPjpW5mASb142BcfXE9fuoErCQHxABIOa0gmtgleKQgqAHoAHl5IHHA8gBBakCgMtUH0Vpsj7gAgCoAwGYBACqBLkCT9DVM8CHEXJK6Q_FcaghVCCUFg1KexWZx18l46xIYsO2qCktbMaE9od8t3qpJHS9nNkgTsy1pobrvrkhApCe_ECqIZlB8_Xlas-ZPSCCV1Vb8zv4pu3GFYNDI5-eyVWX11HjH6dvcn7b-cLuOcgrqKKS9Vquu_xO5X0ytbOCgaLS4gAlSo9rvAmJRjzvopG1u5Zj17sbYbgn5NTEGgevMhP4Pg57FOomBsuSdwUA8TDMbQ45tj3C1ysMBAbmoKy59oBhvnFNA-ZVc4bl1MvZpWjRWYwMVbxUvfOv7YGrIaEnzrTwDV36uvkJ3P6uk_4J3wSeMZ7bCyCMnvZa2WaLb0I-YuPj4lnvotiXqPG_yfbM9b5EKMUsoJzHoqPqklOnWuxl416nv7ISI8C6EXTvNaL135-jfeqbcsAEyJfOg9QE4AQBiAX10OO8S5IFBggDEAEYAaAGVIAHrfPpAagH2baxAqgHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAtgHAagIAdIIHwiA4YAQEAEYHTICqgI6AoBASL39wTpYg_j21LzOgwOxCTTxJgDmyeUXgAoDmAsByAsB0AsPogwIKgYKBLu7sQLaDBAKChCg4P341e-RjGoSAgEDmg0BD6oNAkRFyA0B4g0TCISt99S8zoMDFQvAuwgdjkoOQ9gTE9AVAfgWAYAXAQ&sigh=Csc6Jk3z_yo&label=video_ad_loaded&sdkv=h.3.609.1&vci=Co8BCAESGHB1YmFkcy5nLmRvdWJsZWNsaWNrLm5ldBoHQWRTZW5zZSAEKgw2Mjk0NzI1ODQzMDkyDDY4NzA2OTUxOTgzOEDHAlIjEA8lAMBhRCgBOgswc0MwZjlib25ZSUIJZ29vZ2xlYWRzUABaImRvdWJsZWNsaWNrYnlnb29nbGUuY29tLW9taWQtdmlkZW8YAQ..

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
pubads.g.doubleclick.net/pagead/ Frame 53F6 0
0 81ms
50ms Fetch
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pubads.g.doubleclick.net/pagead/adview?ai=Cq_Ie90WcZerzJ4uA7_UPjpW5mASb142BcfXE9fuoErCQHxABIOa0gmtgleKQgqAHoAHl5IHHA8gBBakCgMtUH0Vpsj7gAgCoAwGYBACqBLYCT9DVM8CHEXJK6Q_FcaghVCCUFg1KexWZx18l46xIYsO2qCktbMaE9od8t3qpJHS9nNkgTsy1pobrvrkhApCe_ECqIZlB8_Xlas-ZPSCCV1Vb8zv4pu3GFYNDI5-eyVWX11HjH6dvcn7b-cLuOcgrqKKS9Vquu_xO5X0ytbOCgaLS4gAlSo9rvAmJRjzvopG1u5Zj17sbYbgn5NTEGgevMhP4Pg57FOomBsuSdwUA8TDMbQ45tj3C1ysMBAbmoKy59oBhvnFNA-ZVc4bl1MvZpWjRWYwMVbxUvfOv7YGrIaEnzrTwDV36uvkJ3P6uk_4J3wSeMZ7bCyCMnvZa2WaLb0I-YuPj4lnvotiX8PBlx8iOcarWnHKrkBtA_CdHueciBM1vTlSJp2qBlusOnofEGbpDTQCT-sAEyJfOg9QE4AQBiAX10OO8S5IFEQgSEAUYDzCCu6K3_Y-t4NIBoAZUgAet8-kBqAfZtrECqAeOzhuoB5PYG6gHnNwbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBDF4wmoCAHSCB8IgOGAEBABGB0yAqoCOgKAQEi9_cE6WIP49tS8zoMDmgl4aHR0cHM6Ly9scC5zaXN0cml4LmRlL2xpdmVzdHJlYW0_Y2FtcGFpZ25pZD0yMDI2MDEyMDY5MyZhZGdyb3VwaWQ9MTU5OTk1MTA0MjAwJmNyZWF0aXZlPTY4NzA2OTUxOTgzOCZuZXR3b3JrPXZwJmRldmljZT1jgAoDyAsBogwIKgYKBLu7sQLiDRMIhK331LzOgwMVC8C7CB2OSg5DwhMGGOXkgccD2BMT0BUBgBcBshceChwIABIUcHViLTY1OTM1MjMyMTAwMTAxNTQY6sFt&sigh=2AUX_3u7jvs&cmd=Ch1jYS12aWRlby1wdWItNzk4MzY1MTI1NzgzODI4MhAAGAI&uach_m=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&ase=2&nis=4&cid=CAQSTQAvHhf_fycY7BC2xV3kSqY9llefw8WB3QQkn7PXx9dVCeg6pzeVIZZqiwrITzzXu5OBTHFFZ_MkIC6i8ubR51_pX9ghDwiYhcTnx5dTGAE&sdkv=h.3.609.1
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.609.1_en.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H3 200 Oy6hyfNY.js Show response
tpc.googlesyndication.com/sodar/ Frame 53F6 41 KB
15 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Oy6hyfNY.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.609.1_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b2ea1c9f3587781b58285cf64279e67f6329a3924fb93f81529f1826e2f4d16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 06:51:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 562052
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15406
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jan 2025 06:51:32 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 53F6 42 B
64 B 46ms
46ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CSZnb90WcZerzJ4uA7_UPjpW5mASb142BcfXE9fuoErCQHxABIOa0gmtgleKQgqAHoAHl5IHHA8gBBakCgMtUH0Vpsj7gAgCoAwGYBACqBLYCT9DVM8CHEXJK6Q_FcaghVCCUFg1KexWZx18l46xIYsO2qCktbMaE9od8t3qpJHS9nNkgTsy1pobrvrkhApCe_ECqIZlB8_Xlas-ZPSCCV1Vb8zv4pu3GFYNDI5-eyVWX11HjH6dvcn7b-cLuOcgrqKKS9Vquu_xO5X0ytbOCgaLS4gAlSo9rvAmJRjzvopG1u5Zj17sbYbgn5NTEGgevMhP4Pg57FOomBsuSdwUA8TDMbQ45tj3C1ysMBAbmoKy59oBhvnFNA-ZVc4bl1MvZpWjRWYwMVbxUvfOv7YGrIaEnzrTwDV36uvkJ3P6uk_4J3wSeMZ7bCyCMnvZa2WaLb0I-YuPj4lnvotiX8PBlx8iOcarWnHKrkBtA_CdHueciBM1vTlSJp2qBlusOnofEGbpDTQCT-sAEyJfOg9QE4AQBiAX10OO8S6AGVIAHrfPpAagH2baxAqgHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAtgHAagIAdIIHwiA4YAQEAEYHTICqgI6AoBASL39wTpYg_j21LzOgwOACgPICwGiDAgqBgoEu7uxAtoMEAoKEKDg_fjV75GMahICAQOqDQJEReINEwiErffUvM6DAxULwLsIHY5KDkPYExPQFQH4FgGAFwE&sigh=RzJRSIPBOsc&cmd=Ch1jYS12aWRlby1wdWItNzk4MzY1MTI1NzgzODI4MhAAGAI&label=vast_creativeview&ad_mt=0&sdkv=h.3.609.1&vci=CpIBCAESGHB1YmFkcy5nLmRvdWJsZWNsaWNrLm5ldBoHQWRTZW5zZSAEKgw2Mjk0NzI1ODQzMDkyDDY4NzA2OTUxOTgzOEDHAlImEA8lAMBhRCgBOgswc0MwZjlib25ZSUIJZ29vZ2xlYWRzSM4BUABaImRvdWJsZWNsaWNrYnlnb29nbGUuY29tLW9taWQtdmlkZW8YAQ..

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 53F6 42 B
64 B 45ms
45ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CSZnb90WcZerzJ4uA7_UPjpW5mASb142BcfXE9fuoErCQHxABIOa0gmtgleKQgqAHoAHl5IHHA8gBBakCgMtUH0Vpsj7gAgCoAwGYBACqBLYCT9DVM8CHEXJK6Q_FcaghVCCUFg1KexWZx18l46xIYsO2qCktbMaE9od8t3qpJHS9nNkgTsy1pobrvrkhApCe_ECqIZlB8_Xlas-ZPSCCV1Vb8zv4pu3GFYNDI5-eyVWX11HjH6dvcn7b-cLuOcgrqKKS9Vquu_xO5X0ytbOCgaLS4gAlSo9rvAmJRjzvopG1u5Zj17sbYbgn5NTEGgevMhP4Pg57FOomBsuSdwUA8TDMbQ45tj3C1ysMBAbmoKy59oBhvnFNA-ZVc4bl1MvZpWjRWYwMVbxUvfOv7YGrIaEnzrTwDV36uvkJ3P6uk_4J3wSeMZ7bCyCMnvZa2WaLb0I-YuPj4lnvotiX8PBlx8iOcarWnHKrkBtA_CdHueciBM1vTlSJp2qBlusOnofEGbpDTQCT-sAEyJfOg9QE4AQBiAX10OO8S6AGVIAHrfPpAagH2baxAqgHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAtgHAagIAdIIHwiA4YAQEAEYHTICqgI6AoBASL39wTpYg_j21LzOgwOACgPICwGiDAgqBgoEu7uxAtoMEAoKEKDg_fjV75GMahICAQOqDQJEReINEwiErffUvM6DAxULwLsIHY5KDkPYExPQFQH4FgGAFwE&sigh=RzJRSIPBOsc&cmd=Ch1jYS12aWRlby1wdWItNzk4MzY1MTI1NzgzODI4MhAAGAI&label=part2viewed&ad_mt=0&sdkv=h.3.609.1&vci=CpIBCAESGHB1YmFkcy5nLmRvdWJsZWNsaWNrLm5ldBoHQWRTZW5zZSAEKgw2Mjk0NzI1ODQzMDkyDDY4NzA2OTUxOTgzOEDHAlImEA8lAMBhRCgBOgswc0MwZjlib25ZSUIJZ29vZ2xlYWRzSM4BUABaImRvdWJsZWNsaWNrYnlnb29nbGUuY29tLW9taWQtdmlkZW8YAQ..

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 playback
www.youtube.com/api/stats/ Frame 53F6 0
0 24ms
24ms Image
text/html 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/api/stats/playback?cmt=0&rt=0&rtn=10&delay=30&adformat=2_2_1&c=vast_gvp_ads&el=adunit&len=903&ns=yt&ver=2&vtype=gvp&cplatform=desktop&cpn=aQOKOti9eMKh-A7M&docid=0sC0f9bonYI&visitordata=CgtFeTF3c1FiQ0o1aw%3D%3D&of=-_xhI4eL4MjOL53E0nwGhA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 53F6 42 B
64 B 47ms
46ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CSZnb90WcZerzJ4uA7_UPjpW5mASb142BcfXE9fuoErCQHxABIOa0gmtgleKQgqAHoAHl5IHHA8gBBakCgMtUH0Vpsj7gAgCoAwGYBACqBLYCT9DVM8CHEXJK6Q_FcaghVCCUFg1KexWZx18l46xIYsO2qCktbMaE9od8t3qpJHS9nNkgTsy1pobrvrkhApCe_ECqIZlB8_Xlas-ZPSCCV1Vb8zv4pu3GFYNDI5-eyVWX11HjH6dvcn7b-cLuOcgrqKKS9Vquu_xO5X0ytbOCgaLS4gAlSo9rvAmJRjzvopG1u5Zj17sbYbgn5NTEGgevMhP4Pg57FOomBsuSdwUA8TDMbQ45tj3C1ysMBAbmoKy59oBhvnFNA-ZVc4bl1MvZpWjRWYwMVbxUvfOv7YGrIaEnzrTwDV36uvkJ3P6uk_4J3wSeMZ7bCyCMnvZa2WaLb0I-YuPj4lnvotiX8PBlx8iOcarWnHKrkBtA_CdHueciBM1vTlSJp2qBlusOnofEGbpDTQCT-sAEyJfOg9QE4AQBiAX10OO8S6AGVIAHrfPpAagH2baxAqgHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAtgHAagIAdIIHwiA4YAQEAEYHTICqgI6AoBASL39wTpYg_j21LzOgwOACgPICwGiDAgqBgoEu7uxAtoMEAoKEKDg_fjV75GMahICAQOqDQJEReINEwiErffUvM6DAxULwLsIHY5KDkPYExPQFQH4FgGAFwE&sigh=RzJRSIPBOsc&cmd=Ch1jYS12aWRlby1wdWItNzk4MzY1MTI1NzgzODI4MhAAGAI&label=admute&ad_mt=0&sdkv=h.3.609.1&vci=CpIBCAESGHB1YmFkcy5nLmRvdWJsZWNsaWNrLm5ldBoHQWRTZW5zZSAEKgw2Mjk0NzI1ODQzMDkyDDY4NzA2OTUxOTgzOEDHAlImEA8lAMBhRCgBOgswc0MwZjlib25ZSUIJZ29vZ2xlYWRzSM4BUABaImRvdWJsZWNsaWNrYnlnb29nbGUuY29tLW9taWQtdmlkZW8YAQ..

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 64f81c55e4b029924474153b
ng.virgul.com/tck/imp/ 0
213 B 53ms
53ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/imp/64f81c55e4b029924474153b?pai=1&r=158737@site_geneli@foreks:site_geneli&info=&t=linear:preroll:cl10o0&cs=1704740344216&v=https%3A%2F%2Fwww.foreks.com%2F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: https://www.foreks.com
date: Mon, 08 Jan 2024 18:59:04 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

POST
H2 200 count
logger.virgul.com/ 0
116 B 52ms
52ms Ping
image/jpeg 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=adStart&g=m&r=npm_foreks:preroll:1200-1300&o=&iv=&wVID=&info=&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=1/8/2024
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 08 Jan 2024 18:59:04 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

GET
H3 200 hhrtBw21.html Show response
tpc.googlesyndication.com/sodar/ Frame 9654 23 KB
9 KB 21ms
21ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/hhrtBw21.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Oy6hyfNY.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

861aed070db50ce0da9928455deff784c115b44540b09450f225ff7cff0c7429

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 339897
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8727
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 04 Jan 2024 20:34:07 GMT
expires: Fri, 03 Jan 2025 20:34:07 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 9654 39 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/hhrtBw21.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 14:08:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17420
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 14:08:44 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2CD8 0
0 44ms
44ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240103&jk=3437858270982662&bg=!SkmlSQbNAAY3kmNgF5I7ADQBe5WfOIceAB3hwgYAsYIrAPol0l89wYC5u5f4NwH96wwnov1-KnDdHSqTyRZLRPLzRSbSAgAAAIBSAAAAAmgBB5kDBmZSR1nJY1By7BSiMsQV1xJDJg6LJ2aYkirOVpx41B41w9Iuwn4xSbhrrBveDSbioyWuxkPlPP9eXWG5TdnUi3U49DeQP8rbEeZOCAFzBnDX0PBLkXKi3MUmtEV3rxD7No-HtcMoKuc0qkUuD2YYpiOFk6oORFEou-MrK-UtTqijJcP9hk-Ck3phpa2OUzs_rzMdEIljkjtmafERh8oAy4HDgRLojR4hxejiP5-QFUXgyYQfE76qE_0zQhSo4Q4FBKIO9CwhBb1HGmi0-ISvCPggb_6hVOA2XB6sUE4SGjCXQSZGF6W3nxg6bLstbTUn1Y8egptGXg3xApdVkNFsF8xCv9JEASYhh_YZZKoMuvzVVeVeZrqx4XHarW7FEioupR3ba7NZE3pc6KQQ5SkU3u3_cmk_uGts23OaZJEyKrenb8WBgQeGYpI8AZyW1k_QLRGl1oi7KXcJssPOPZBvjq82Qw9HNoIWlYc6a4RKfPyrV3kCGlbH5bFQQAO_X21viZQXZlQHwehAFuHNLJThFS8HB2aURFyKzcw0aNRumne4qxEzfXTxBd0o2qMt41Ri2PRyxtu4kspPu-j5DWAO4EETW5hxJGvfLXE7GAqo-FEbGf_33TTdwqzKAQ3_LVuFWceTR8ZZLRUv25MladPaIjSNPZ6PFOrDE4O4QUpvZgtkB5HfrLdNt4KDLkl9EErhiPQeGSQmYzF_IIaB7iGeylWBDo6CQnDwKv16Wg9EdkSDv9BMnpXTviLP63I26x0WHLbwVM2eU_yNNlVNmN1cvOkWWCswv0C1u1XFufaLP0JB2yuaSj37jZa5JJjuwItFEjAg7lnkXzjEu8IEVDirNZw4bj4czcOBv5irx2iE6IGhhww9lEOLc4pF6E5Bxt7OMNilAqz-Lo2o3e_CiCY3YH83bPNWkzV0xsNVmECijNLz1P_1D_bB1ZMXOVf2c0q87HHsUQmPkxkc0YZxz81TK4pk1mCTFonogZUeuj7ViqvUPlBpzpsdj1p2jzCYeC0iOvv82uzCiw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9654 0
25 B 44ms
44ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=36&t=2&li=v_h.3.609.1&bgai=BGdSB90WcZerzJ4uA7_UPjpW5mAQAAAAAOAG6BRMIzc321LzOgwMVPav9Bx1q7wwL&bg=!VFelVxjNAAY3kmNgF5I7ADQBe5WfOBxrWhxMr0pc67D-767udIUk3ogOXg6pOZTWcEOF37WyLqhP2BACU2cY4ooQA53DAgAAADhSAAAAAWgBBwoANFd7tsJEIjDkLiOkz2A4TARE56BAPPwCIH1NysSDiuO1dluqcCNlpJiWTlW1-4QL3JNI1B2ZAjEf_kHp-XvAXprRypMqqgf2dtce_HV2XyMM8FJ5SVOA_hBWJtN3jaLuZuT7UrVCw06Gx43slwSLFu8uf9fVjuBR9vvUePx_TMRzuSwoR6JHZJBGB1hYbHYTYYlG6HjxgYrEp90eCdKhCGa45Y6Qu2t3aydJyk4GoaFwjL11pBUNT-zJK9AXrifMF3Zzzr3nKdrMEAtKd4ICCoyCiJcAD3z2bTQoO_kufbiPlDoC_q-5mhkffKaq9K4lpYtqxHVEZNtHHHVvV1ttgsxJQdQhxH6X0FbNdyRGfx1CkwM12Z3Ub5933MppOqLySeMGxtQ8YxrwooB3FoM-bYQvES5g5T8OXGxf5k4yfRiyZWLA-tC_WMWgd2M-E57fTQnxjowSn8ocnDYZeUeJuxy_TvXpjiyHZpRCqFwmnniHGDl8r9DD63S21TqQ_HiIOIkJWRhD11xE0fEdvk5MSx820Vhobe2sQFS2YdbHJjIrOcdT1BScmqh72gbLCYXaOiuT23u4_MKHK1zVbEFjzub4W9BAkQC--UYJYGCVffEI4EznKEmCzdKsw0tdiMokRzsFdAflXKdXYAWdwS8GjFmeV6aqruS_m8Sr2_DfK6es-JD6ZZEhWV2hfqIw6D69oHt2rLsNkyVT2IeZlxFf-VL9FQRFG0YHmzpuo41PIDX1xH7GGr0jxLq9Vr-Wmu9BV2mkayFHbSZfKace-PZ1XcWp_d9fJvH-7_XJfniGpwTRY3jXZXOH9eA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 64f06d40e4b0a5353b1171f6
ng.virgul.com/tck/i_vb2/ 0
213 B 53ms
52ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/64f06d40e4b0a5353b1171f6?l=&r=158529@site_geneli@foreks:site_geneli&cs=1704740344392&userId=vnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: https://www.foreks.com
date: Mon, 08 Jan 2024 18:59:04 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 6527d759e4b03f5e2f164e9d
ng.virgul.com/tck/i_vb2/ 0
213 B 53ms
53ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/6527d759e4b03f5e2f164e9d?l=&r=158822@site_geneli@foreks:site_geneli&cs=1704740344392&userId=vnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: https://www.foreks.com
date: Mon, 08 Jan 2024 18:59:04 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

POST
H2 200 fire Show response
wsdkapi.netmera.com/sdk/3.0/event/ 0
234 B 52ms
52ms Fetch 185.57.65.125
VMIND

General

Check archive.org

Show headers Download Go to

Full URL

https://wsdkapi.netmera.com/sdk/3.0/event/fire

Requested by

Host: cdn.netmera-web.com
URL: https://cdn.netmera-web.com/wsdkjs/OcYc2nxy4-IE1PVMgxSo2cIXLNyzI3PXAb6uUisJim44jRp89r7eWQ

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.57.65.125 Istanbul, Turkey, ASN9215 (VMIND, TR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

x-netmera-os: CHROME
accept-language: de-DE,de;q=0.9
x-netmera-device-type: DESKTOP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: application/json
accept: application/json
x-netmera-sdkv: 4.2.22
Referer: https://www.foreks.com/
x-netmera-api-key: OcYc2nxy4-IE1PVMgxSo2cIXLNyzI3PXAb6uUisJim44jRp89r7eWQ

Response headers

date: Mon, 08 Jan 2024 18:59:04 GMT
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: *
x-robots-tag: noindex
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 0
x-xss-protection: 1; mode=block

OPTIONS
H2 204 fire
wsdkapi.netmera.com/sdk/3.0/event/ Frame 0
0 51ms
51ms Preflight 185.57.65.125
VMIND

General

Check archive.org

Show headers Download Go to

Full URL: https://wsdkapi.netmera.com/sdk/3.0/event/fire
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.57.65.125 Istanbul, Turkey, ASN9215 (VMIND, TR),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-netmera-api-key,x-netmera-device-type,x-netmera-os,x-netmera-sdkv
Access-Control-Request-Method: POST
Origin: https://www.foreks.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1728000
content-length: 0
content-type: *
date: Mon, 08 Jan 2024 18:59:04 GMT
server: nginx

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2048 0
0 43ms
43ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240103&jk=231521980711126&bg=!UlGlUR7NAAaumcC-jpk7ADQBe5WfOKM_bHmcz7WTS2jlfYdWTyM7z8Urpx66WET_YYtwTjjFJAZgcKjmT_vT0oZT9VRlAgAAAHtSAAAAAmgBBwoABS3fVQoamQMKUInDhMvZc8HfPBdpsGL6l6DfMbGdfcGzR8nqV0gGUFhnOWbmr_EGtQoK6uB1n_f89I6VwteeVGfeJ85mG6IpnlMImpLo4JWqBKgGkogaqSv10A5FGC9eR7v-MWZHgivpWzH6f8M7fnDW_oY1yzHB7PJGbXorFNkaSDLhnXzRPA7p2O-rbhHokdgh_Nq_0f6fLg-5CRBoRLj7zlKYVz_46WjxALJoDV-GqxmyztwWZWuuas4RCQ_B37PahsuyLxzCWC73Dd6pbOOKJhKa__EVqy6pylVtXjbThgESf6z5hmaUZYnlF12z6hDcGeByGFWgLEhz_uU3OZITaZXafIiubOvzHKawdbwnjOzRzoT3qBppAVPklgi4xvXi4XstkLYo5mV2CP1tUzeHkubM1c97ECRpkSUwi7iOzejJ7gWXLSkEFDyPf_IwCZyQUuwf5IJIRz3QHxS2_yAYC5PkQ1Pq3hLymtr82ubR2aeDUFEoDiJX4kJ47aO3E-7aWhuka2DH06DRbQEfk2lnFlpqGHVO_vcmhr0LferSRI-vA2NtGHyR5bdqLiJ3UJB_t_u-5ezkEOru2vsRv1c8__5KigiaWN03_VDxYpsWCYQWiz2Oni0tEGrMRXOXZKM57exXKC4t_p1emQlwKLxDPSCreRkYPoHgkXqJnVeesM_HBeLD_ZgD8kOC4wlKA-rmu9OdMoBK4_bVxpBq6xanSwTc8oy3rtDJtIKq6bPtQNSiHFe_n0QgEgj4ghSB_zephBhsSGdLHFfkLljLqoNFmRnyNwb0pBepNeYSpAmqPAEs2rnoL4Q_mhPFKa6dxyxgtOftcKUs6nF7SBU1b1iudIpWwwxIoqI1DW4oyxK2CchDhIiLS3rKhwRdzDlqqrCWkRJoIeetKS2OzY690tPxxcMD4kROhVU3JcVbUkjSChtDsT3wC44tBF3P8y_mOxQBj5JdSnbG8SkAWsCXU10G7--s9ZcnVbxoO9AhbTVC74RFl0Gfiren02OWOwidhit69OZrQ7l96TR9_mMpRCbwQQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 44ms
43ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202401020101&jk=1599564253928301&bg=!9_Sl9LvNAAY3kmNgF5I7ADQBe5WfOFPX_BU3XLgSnCoOiGxNz0-je3g3vPG8ZVDm2fpkhc05v0dk84PhyDpHAVJJkIxaAgAAAHZSAAAAAWgBBwoAqBabTGMZa-W_m6ItbxVbk6wHGBaLgIcelHY6MM-WIuBmhlzAPf4Z_DvUYIMklsFr7OFQkxHbXLLCAJ3OhBvxS1GvNTsf4xHR_K7yYyUlG1MjBppbzVv6mGlBEQGI1DUGFPs7cfw5sNvZqjUEK338h5hhpuD8yRYEQcUB2fhYmDGgD7FX-c0ANNqgH-czIhW_KEqiHZ-CUsTYZ8kFxkX-T5712HCYiS0cppkCuhTqdKnaPeKUPh9X83vb6Ej6vzghg8kY6vhY8roYKJ1B0zJ4t2yz1r-PkMXuQzWUXzoz-X7VmllsZ37DV9rNkjzYfQQCIkVcWOWoCGDBhwAa6XkC7lRG0SernxtUA8S60WdJgA5njR2zeeeb3Sl3I7wtX1S2AdvCWSeNLBc06jHO96ahdFEQvLwryytoD1tCrXtq3D93yUKlrtCVc6SYaCUdxKJWgN-ZOD_8pXVjameApjEPhCRjdHXiT6LzKP_cUYvs2vC1BdPxMeJM4dHu12sKL_p2gClsCoa0dDghuIOqJ5NLfZ5_woK0EDhl8hQ668-92sKZ0LRRgLbyKSaru3u-XlsZhoF4nBySxCpTf5MAb7LHn63UBMsr5UeglVGFPq_8Ykhpb_pqUI4AbSG4JgIiALF7T5Bdq9t69RXrnsDkmLHuQq8ZHO1qrZlqo7ddPN4Ch4MA7dlRnFD45IO_ooBoYzU56XwvWpESrPaXj8KutlXDnEpCROz69nIDSX6Vx3SNwcYfqbZ7m4uvRZXlAd11Hc_I-ZVX0i3uphNQaUUjTjWpHIyb_tmjgWH5KTZ1u-Y69dvx5MdYbAgK1ciXHcaDR4DKOhQ5K7RjdB_u0YpqIefqatilR0vF-j-0q_EE0Lo9Df1UsI1sjLlXBlD5mTqDfO9yuS7M6QEXVbA7q9s-gI7v0-NfDwHzwH3MwxrDBnpGwRcamo3AY6jgh_sVMMDtUxs7mluLFLZspLS6YEQWSlCBs_bwl0PkzD36-c95HD2vOky06t5wKWinlqwUxFfuqDOvMWOe09qZRZ9JQ6-w6mRhfWEIm5pxFYYykp1U-as4bXHJkNXFTZLoOsseJ2vexSh_LYA-eeBB4KB_fPSU5rAFJbgjV3-slR68guwGDDpAOrR43dAGQd474yTSUtM7mEgbEDR9Dbsz
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

POST
H3 204 csi
csi.gstatic.com/ 0
17 B 26ms
26ms Ping
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&top=1&puid=2~lr5advx2&c=2818979527367&slotId=1409489763683.5&met.4=hvd_lc.lr5advx2~hvd_ad.lr5advx2~hvd_mad.lr5advx2~hvd_admu.lr5advx2~hvd_src.lr5advx2&ps=300x167
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:04 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 64f0a04de4b0a5353b11e8c6
ng2.virgul.com/tck/imp/ 0
213 B 54ms
54ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/64f0a04de4b0a5353b11e8c6?g=1&t=gb&r=158735@site_geneli@foreks:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1&info=&mt=1704740340252&userId=vnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: https://www.foreks.com
date: Mon, 08 Jan 2024 18:59:05 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 64f0a04de4b0a5353b11e8c6
ng2.virgul.com/tck/imp/ 0
213 B 62ms
62ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/64f0a04de4b0a5353b11e8c6?g=1&t=gb&r=158735@site_geneli@foreks:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1&info=&mt=1704740340252&userId=vnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: https://www.foreks.com
date: Mon, 08 Jan 2024 18:59:05 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

POST
H3 204 collect
region1.analytics.google.com/g/ 0
17 B 14ms
14ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-3HPQ6LZVLP&gtm=45je4130v9118958463z8888287377&_p=1704740339205&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=29850689.1704740339&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEI&sid=1704740339&sct=1&seg=0&dl=https%3A%2F%2Fwww.foreks.com%2F&dt=Piyasalar%2C%20Canl%C4%B1%20Borsa%2C%20D%C3%B6viz%2C%20Alt%C4%B1n%20Fiyatlar%C4%B1%20-%20Foreks&_s=3&tfd=8003
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3HPQ6LZVLP
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:06 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.foreks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
region1.analytics.google.com/g/ 0
17 B 14ms
14ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-4Y6C81V13E&gtm=45je4130v888287377&_p=1704740339205&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=29850689.1704740339&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEII&sid=1704740339&sct=1&seg=1&dl=https%3A%2F%2Fwww.foreks.com%2F&dt=Piyasalar%2C%20Canl%C4%B1%20Borsa%2C%20D%C3%B6viz%2C%20Alt%C4%B1n%20Fiyatlar%C4%B1%20-%20Foreks&_s=5&tfd=8009
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4Y6C81V13E&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 18:59:06 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.foreks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 64f0a04de4b0a5353b11e8c6
ng2.virgul.com/tck/imp/ 0
213 B 53ms
53ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/64f0a04de4b0a5353b11e8c6?g=1&t=gb&r=158735@site_geneli@foreks:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1&info=&mt=1704740340252&userId=vnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: https://www.foreks.com
date: Mon, 08 Jan 2024 18:59:06 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

POST
H/1.1 204
No Content collect Show response
v.clarity.ms/ 0
294 B 97ms
97ms XHR
text/plain 20.114.189.135
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://v.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.114.189.135 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.foreks.com
Date: Mon, 08 Jan 2024 18:59:06 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H2 200 64f0a04de4b0a5353b11e8c6
ng2.virgul.com/tck/imp/ 0
213 B 61ms
60ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/64f0a04de4b0a5353b11e8c6?g=1&t=gb&r=158735@site_geneli@foreks:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1&info=&mt=1704740340252&userId=vnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: https://www.foreks.com
date: Mon, 08 Jan 2024 18:59:07 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 64f0a04de4b0a5353b11e8c6
ng2.virgul.com/tck/imp/ 0
213 B 58ms
58ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/64f0a04de4b0a5353b11e8c6?g=1&t=gb&r=158735@site_geneli@foreks:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1&info=&mt=1704740340252&userId=vnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: https://www.foreks.com
date: Mon, 08 Jan 2024 18:59:08 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 64633daae4b0e20873d6f248
ng2.virgul.com/tck/imp/ 0
213 B 57ms
57ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/64633daae4b0e20873d6f248?g=1&t=gb&r=158528@site_geneli@foreks:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1&info=&mt=1704740340252&userId=vnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: https://www.foreks.com
date: Mon, 08 Jan 2024 18:59:09 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET /
googleads.g.doubleclick.net/pagead/interaction/ Frame 53F6 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/interaction/?ai=CSZnb90WcZerzJ4uA7_UPjpW5mASb142BcfXE9fuoErCQHxABIOa0gmtgleKQgqAHoAHl5IHHA8gBBakCgMtUH0Vpsj7gAgCoAwGYBACqBLYCT9DVM8CHEXJK6Q_FcaghVCCUFg1KexWZx18l46xIYsO2qCktbMaE9od8t3qpJHS9nNkgTsy1pobrvrkhApCe_ECqIZlB8_Xlas-ZPSCCV1Vb8zv4pu3GFYNDI5-eyVWX11HjH6dvcn7b-cLuOcgrqKKS9Vquu_xO5X0ytbOCgaLS4gAlSo9rvAmJRjzvopG1u5Zj17sbYbgn5NTEGgevMhP4Pg57FOomBsuSdwUA8TDMbQ45tj3C1ysMBAbmoKy59oBhvnFNA-ZVc4bl1MvZpWjRWYwMVbxUvfOv7YGrIaEnzrTwDV36uvkJ3P6uk_4J3wSeMZ7bCyCMnvZa2WaLb0I-YuPj4lnvotiX8PBlx8iOcarWnHKrkBtA_CdHueciBM1vTlSJp2qBlusOnofEGbpDTQCT-sAEyJfOg9QE4AQBiAX10OO8S6AGVIAHrfPpAagH2baxAqgHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAtgHAagIAdIIHwiA4YAQEAEYHTICqgI6AoBASL39wTpYg_j21LzOgwOACgPICwGiDAgqBgoEu7uxAtoMEAoKEKDg_fjV75GMahICAQOqDQJEReINEwiErffUvM6DAxULwLsIHY5KDkPYExPQFQH4FgGAFwE&sigh=RzJRSIPBOsc&cmd=Ch1jYS12aWRlby1wdWItNzk4MzY1MTI1NzgzODI4MhAAGAI&label=video_skip_shown&ad_mt=5255&sdkv=h.3.609.1&vci=CpIBCAESGHB1YmFkcy5nLmRvdWJsZWNsaWNrLm5ldBoHQWRTZW5zZSAEKgw2Mjk0NzI1ODQzMDkyDDY4NzA2OTUxOTgzOEDHAlImEA8lAMBhRCgBOgswc0MwZjlib25ZSUIJZ29vZ2xlYWRzSM4BUABaImRvdWJsZWNsaWNrYnlnb29nbGUuY29tLW9taWQtdmlkZW8YAQ..

Verdicts & Comments Add Verdict or Comment

388 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

60 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.ad4m.at/cookie-frame.html	1970-01-20 18:15:32	Name: userId Value: _T5_NnfTCXWqh2cIioOQm4laqeY1sqMo
www.foreks.com/	1970-01-20 17:42:25	Name: token Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImZvcmVrcy5jb20iLCJwYXNzd29yZCI6InY0YSFLJTJSIiwiaWF0IjoxNzA0NzQwMzM5fQ.bux_qvZzXeVAiFY8OlLr2g83H2OI0Tt3_fOTLOse0JM
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: BG0AsAnMeq0
.youtube.com/	1970-01-20 21:51:32	Name: VISITOR_INFO1_LIVE Value: aBPN8jmDPaw
www.foreks.com/	1970-01-21 02:17:56	Name: i18n_redirected Value: tr
.foreks.com/	1970-01-20 17:33:46	Name: _gid Value: GA1.2.1064847478.1704740340
.foreks.com/	1970-01-20 17:32:20	Name: _gat_gtag_UA_82686003_1 Value: 1
.foreks.com/	1970-01-21 03:08:20	Name: _ga Value: GA1.1.29850689.1704740339
.foreks.com/	1970-01-20 19:41:56	Name: _fbp Value: fb.1.1704740339655.120728287
.foreks.com/	1969-12-31 23:59:59	Name: CloudFront-Key-Pair-Id Value: APKAIVVJE7R23ILHVNCQ
www.clarity.ms/	1970-01-21 02:17:56	Name: CLID Value: 96b803bcfa2140e3a0b9b047e1721017.20240108.20250107
.foreks.com/	1969-12-31 23:59:59	Name: CloudFront-Signature Value: OlPTaoqtoFHffp6L4rcT2BWGnqBOEF3fX8PrB8mx3EDXH3d~rEgiFEta-f0o1tr~FSe~gkkqiRpH4JGJi6iJmpyDduu01j8st-CtlEQz~FaNsbOBACmSW7YHAT0d31U941ucWvQMRrarM-9qBEoK9Kz0kvx0V-2R9TjCZGmeAJaW~L9YSvCD8c~PzYF2IQgCsCpba0j0G8xpM7~zlHsAhN7h6CzHbt7dTWd6ZbBQ5VLEoXoem4D3Pe6Ay5gQt4TPKNsU17hdOuCIKF3YJ5ASCuswf1SWsz56KTHVrwVbUPaducbXnACrfrMJj6O2aAG3vxL3SdWAsy4chrO4I5-ONQ__
.foreks.com/	1969-12-31 23:59:59	Name: CloudFront-Policy Value: eyJTdGF0ZW1lbnQiOiBbeyJSZXNvdXJjZSI6Imh0dHBzOi8vbmV3cy1jb250ZW50LmZvcmVrcy5jb20vKiIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTcwNDc0MzgxMH19fV19
.hubspot.com/	1970-01-20 17:32:22	Name: __cf_bm Value: fOlwq8F9BHhINar6u8rTNSyq8bpiX57PLYodLeXIdD8-1704740340-1-AZnvO6DAB8+q+e9AdE2fFa9I7fmZXrsWlfak/oYikWysM43qf81cBoRfHyI1dLjbgFZzBS3lVGf3BYqEe/xJUtk=
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: 7ffEvTWgSFbLbFB86YDpJhSNcK3747gF7U4TCokdfUk-1704740340216-0-604800000
.foreks.com/	1970-01-21 02:17:56	Name: _clck Value: 961asp%7C2%7Cfi8%7C0%7C1468
www.foreks.com/	1969-12-31 23:59:59	Name: pId Value: vnet7f0de5d8-6afb-47fb-aee9-b70ad1fe45eb
www.foreks.com/	1969-12-31 23:59:59	Name: TAPAD Value: %7B%22id%22%3A%22fd31f889-7d96-4095-bb83-3ecfbb83f922%22%7D
.foreks.com/	1970-01-20 17:32:20	Name: lotame_domain_check Value: foreks.com
.openx.net/	1970-01-21 02:17:56	Name: i Value: 94d77eb0-cb42-41ee-8e73-07ad0ff4c027\|1704740341
.foreks.com/	1970-01-21 02:53:56	Name: __gads Value: ID=140880d7dc701c7e:T=1704740341:RT=1704740341:S=ALNI_MaNWy95Sq6UON-GRmMnHAK2X4am2g
.foreks.com/	1970-01-21 02:53:56	Name: __gpi Value: UID=00000d3d815ff0ca:T=1704740341:RT=1704740341:S=ALNI_MYanryTfJTpOnC1x4s4vyOazKH3XA
.doubleclick.net/	1970-01-21 02:53:56	Name: IDE Value: AHWqTUn3EJQ2yD267YXpK6MJrAuNJB6xqsO2PESJNIrvJrnMqDxq8_w3HxBwJ0C-_tg
.foreks.com/	1970-01-21 03:08:20	Name: _ga_3HPQ6LZVLP Value: GS1.1.1704740339.1.0.1704740342.57.0.0
.foreks.com/	1970-01-21 03:08:20	Name: _ga_4Y6C81V13E Value: GS1.1.1704740339.1.1.1704740342.57.0.0
.foreks.com/	1970-01-20 17:33:46	Name: _clsk Value: 1622m5x%7C1704740342110%7C1%7C1%7Cv.clarity.ms%2Fcollect
.casalemedia.com/	1970-01-20 19:41:56	Name: CMPS Value: 5165
.casalemedia.com/	1970-01-21 02:17:56	Name: CMID Value: ZZxF9vmzGPZEtqnBO93HSAAA
.casalemedia.com/	1970-01-20 19:41:56	Name: CMPRO Value: 5165
.adnxs.com/	1970-01-20 19:41:56	Name: uuid2 Value: 556798646651516588
.adnxs.com/	1970-01-20 19:41:56	Name: anj Value: dTM7k!M41.D>6NRF']wIg2IlcvT3RF!]tbPl1M>e)ZlrFUfJ+tGXxoPQ-_zcHNmoCbWoG=T01@M)LmGQ<9YlS+-EsbpRzqF1`b`i4*=V[?
.doubleclick.net/	1970-01-20 21:51:32	Name: APC Value: AfxxVi7IRAc-6SiQxd5X6Ch7gozBCvjDXcCHNKITAwL8GNtlIj-tpg
.adnxs.com/	1970-01-21 03:08:20	Name: XANDR_PANID Value: OAhnwD_QNh4394NEgrKjjqraDOkc5DGZX38ARkdLVqclnRVyaa3Rfflp1SwrGvaulO4BzUVeZ5tv7qfEk6QfQwnscyBu5KsjtfQyph6pOKE.
.doubleclick.net/	1970-01-20 18:15:32	Name: ar_debug Value: 1
.criteo.com/	1970-01-21 02:53:56	Name: receive-cookie-deprecation Value: 1
.criteo.com/	1970-01-21 02:53:56	Name: uid Value: 53a6e729-180e-4ad1-99c7-c560383a7bbe
.redintelligence.net/	1970-01-20 19:41:56	Name: 8lcfmzhxc8d6_uid Value: 176ba25ec5dbfb79
www.foreks.com/	1969-12-31 23:59:59	Name: watchID Value: fd923b53-d53a-4fe4-b2a2-5c9016950343
www.foreks.com/	1970-01-20 18:15:32	Name: userID Value: 7a93dbd5-1cc9-41c9-b29d-84506ae3a9f7
.foreks.com/	1970-01-21 02:53:56	Name: cto_bundle Value: UIYrVl82YWRNN3pjTnZGWkd3REhZUDMlMkZGS1ppYkt0YjRTNkFWOHAwYVgzbHZNNmszNUJYUGdqZTBZRmxuQVh4dDJpZmxMb0JoWm1pQ0lmUVRVTDFBZ3lPTmE2QVMyTDBKZDglMkZiNWJ0diUyRmZ3dWVaOGVqaHdXbWMzYWo5cVpReU0yRWUlMkZCWjZkYjA4aVNscmslMkZSJTJGbE5tRGZVV2clM0QlM0Q
.adfarm1.adition.com/	1970-01-20 19:41:59	Name: UserID1 Value: 0
.quantserve.com/	1970-01-20 19:41:56	Name: d Value: EF8BCQHtKoEA
.quantserve.com/	1970-01-21 03:02:34	Name: mc Value: 659c45f7-202db-1c9ed-38054
.travelaudience.com/	1970-01-21 03:04:01	Name: _tracker Value: %7B%22UUID%22%3A%228B68F72F-54E0-45A8-2EDD-F30E519D2629%22%7D
.simpli.fi/	1970-01-21 02:19:22	Name: suid Value: 1F6381FF406F4533A81943D417B1AB84
.turn.com/	1970-01-20 21:51:32	Name: uid Value: 7666808636801701334
.everesttech.net/	1970-01-21 02:17:56	Name: everest_g_v2 Value: g_surferid~ZZxF9wANDIbR5QBd
.tribalfusion.com/	1970-01-20 19:41:56	Name: ANON_ID Value: ayntuJRwEfES2QVoq6vnR8gWqRGS7qWES8ou9l4UYeFrUGN60QWHutntjyDcP4woJpZdieaKilXWacqG97AaXhi1k
.ctnsnet.com/	1970-01-21 02:17:56	Name: cid_adb6e358f5044f34ace5a177fe0207fa Value: 1
.ctnsnet.com/	1970-01-21 02:17:56	Name: gid_CAESEEGOMXZWXVm0v6H3_D6XCh4 Value: 1
.w55c.net/	1970-01-21 03:04:01	Name: wfivefivec Value: iPpFvZbI1RmUPZ5
.w55c.net/	1970-01-20 18:15:32	Name: matchgoogle Value: 5
.yahoo.com/	1970-01-21 02:18:17	Name: A3 Value: d=AQABBPdFnGUCELin0iVc2mkXagWsYwCaGD4FEgEBAQGXnWWmZQAAAAAA_eMAAA&S=AQAAApLWr8U6YlkvUknuUzIDrVI
.bing.com/	1970-01-21 02:53:56	Name: MUID Value: 175DE34AFDC46C5001EEF74AFCC46DAD
.c.bing.com/	1970-01-20 17:42:25	Name: MR Value: 0
.c.bing.com/	1970-01-21 02:53:56	Name: SRM_B Value: 175DE34AFDC46C5001EEF74AFCC46DAD
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 02:53:56	Name: MUID Value: 175DE34AFDC46C5001EEF74AFCC46DAD
.c.clarity.ms/	1970-01-20 17:42:25	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 17:32:20	Name: ANONCHK Value: 0

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 503) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186313&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fwww.foreks.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704740342238&bpp=1&bdt=374&idt=265&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1007674390704&frm=24&ife=3&pv=1&ga_vid=1806834556.1704740342&ga_sid=1704740342&ga_hid=1962961701&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=1796579218&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31080261%2C31080264%2C31080266%2C44809004%2C95320889&oid=2&pvsid=231521980711126&tmod=125727893&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.dlgvh1v9xcpg&fsb=1&dtd=267 Message: Refused to execute script from 'https://imagesrv.adition.com/1x1.gif' because its MIME type ('image/gif') is not executable.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

087b2bcc78cc3a083faa902783bcbbdc.safeframe.googlesyndication.com
5994599.fls.doubleclick.net
a.tribalfusion.com
ad.doubleclick.net
ad.turn.com
ad4m.at
ads.travelaudience.com
adservice.google.com
ajax.googleapis.com
as.ad4m.at
assets.ad4m.at
bcp.crwdcntrl.net
c.amazon-adsystem.com
c.bing.com
c.clarity.ms
c1.imgiz.com
cdn-ima.33across.com
cdn.contentspread.net
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.netmera-web.com
cm.g.doubleclick.net
cms.quantserve.com
config.aps.amazon-adsystem.com
connect.facebook.net
csi.gstatic.com
cta-service-cms2.hubspot.com
dis.criteo.com
dsp.active-agent.com
dsp.adfarm1.adition.com
dspcluster.adfarm1.adition.com
dsum-sec.casalemedia.com
esp.rtbhouse.com
feed.pghub.io
foreks.com
google-bidout-d.openx.net
googleads.g.doubleclick.net
gum.criteo.com
hal9000.redintelligence.net
hal900017.redintelligence.net
hal900020.redintelligence.net
hal900026.redintelligence.net
hal90009.redintelligence.net
i.ytimg.com
ib.adnxs.com
id5-sync.com
imagesrv.adition.com
imasdk.googleapis.com
invstatic101.creativecdn.com
istr-n14.nktcdn.com
ius.ctnsnet.com
js.hscta.net
lb.eu-1-id5-sync.com
logger.virgul.com
match.adsrvr.org
news-files.foreks.com
ng.virgul.com
ng2.virgul.com
ntm.netmera-web.com
oa.openxcdn.net
oajs.openx.net
pagead2.googlesyndication.com
perf.hsforms.com
pghub.io
pixel-sync.sitescout.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prod-rtb.ad4mat.net
pubads.g.doubleclick.net
pv.medialead.de
r.turn.com
region1.analytics.google.com
rr2---sn-4g5e6ns7.googlevideo.com
rr2---sn-4g5edns7.googlevideo.com
s.tribalfusion.com
s0.2mdn.net
securepubads.g.doubleclick.net
static-de.ad4mat.net
static.criteo.net
static.virgul.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.teads.tv
tags.crwdcntrl.net
tpc.googlesyndication.com
um.simpli.fi
us-u.openx.net
v.clarity.ms
wsdkapi.netmera.com
www.clarity.ms
www.facebook.com
www.foreks.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.youtube.com
yt3.ggpht.com
googleads.g.doubleclick.net
104.18.35.167
138.201.63.149
138.201.84.244
15.197.193.217
151.101.194.49
159.69.70.9
162.19.138.117
162.19.138.83
172.217.16.194
172.217.23.102
172.64.151.101
178.250.1.11
178.250.1.9
178.63.52.121
18.154.63.73
18.165.183.3
18.173.232.200
18.239.94.82
18.66.248.121
18.66.248.90
185.57.65.125
185.7.176.214
185.7.176.223
185.89.211.116
20.114.189.135
2001:4860:4802:32::36
2001:678:cb4:bbbb::11
216.58.206.38
217.79.188.10
23.32.185.35
2600:1901:0:76b9::
2606:4700:10::6816:3456
2606:4700:20::681a:ad1
2606:4700:20::ac43:444e
2606:4700:20::ac43:4a81
2606:4700::6810:5914
2606:4700::6811:cff9
2606:4700::6812:19ad
2606:4700::6812:d333
2606:4700::6813:9b53
2620:116:800d:21:e365:4988:e8a7:3270
2620:1ec:bdf::45
2620:1ec:c11::200
2a00:1450:4001:5c::7
2a00:1450:4001:68::7
2a00:1450:4001:800::2003
2a00:1450:4001:803::2003
2a00:1450:4001:803::200a
2a00:1450:4001:803::200e
2a00:1450:4001:806::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2016
2a00:1450:4001:810::2001
2a00:1450:4001:813::2004
2a00:1450:4001:81c::2001
2a00:1450:4001:81c::2002
2a00:1450:4001:827::2002
2a00:1450:4001:827::2008
2a00:1450:4001:828::2002
2a00:1450:4001:829::2002
2a00:1450:4001:82a::200e
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::200a
2a00:1450:4001:830::2006
2a00:1450:400c:c00::9a
2a02:2638:3::3
2a03:2880:f045:10:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
2a05:d018:d29:3602:28bf:6949:20a3:83ab
31.3.2.88
34.102.146.192
34.102.243.38
34.120.135.53
34.96.70.87
34.98.64.218
35.186.193.173
35.190.0.66
35.190.39.111
35.204.158.49
35.241.45.217
51.75.147.170
52.57.164.72
54.170.121.144
54.78.109.25
68.219.88.97
78.46.111.106
85.114.159.118
85.114.159.66
85.114.159.67
91.121.248.44
98.98.134.241
0061f3c24b6113cf75ff0a0a0da4b7dc0e146b34382f46de06d93480566de72f
021adbd6ead5fe4d28c4ce39ce88107135cb2ff63f38f0e01f3f86251fc40da3
0271e782d0e49674121fe3f5e703dfbff44ed8de8b8625a006eeb4a9702724d7
02cfe4f2d52b86a1ea1a025ca7d1a760aedb8024cbbc00cbce3591b31e0e7207
052ae73d2d07d709e4619405b96787c9c793ad1d68775f30cb7a64db9a95bf7e
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0803c396ae54dcd94d33e01b0ce341daa6f0c2e09451221a21ab2dc4671eed43
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
084d1ab9612bfe764a12bca357591614c1ab8e066ba5057bc31072e9d3685037
084dfc6236ad61686eccbb10710be44b70afddf750aad7694f1ae81c92c79b20
09ac9215e23e9e0c0472ba3ee0835146d896cba96798b92d86d507beeaa1d59e
0a98542c5c77556365676280c173fee3e7cf786f90303ec7e74aeac0855c591b
0adb33ca1a9776a37cb4501f171ea405ab5ec85ccd1b6b07ca2f534932f86cd0
0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bb23de06711894ad6d763f25ab3b5576bdb41046983f9e3776937b05418f6e5
0db16c25165bfd35ea9114187f3e97d7084a33135cb56fe276f6cdd2ab675647
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
0f9eae9df4a466cc9addece97de7d812741e1cac54ce97f94e08a467f13b0d3e
1078a9471c288413efb56e6171522052654e75f88c9c7b522317f481a8ab54d1
1197634b865ab89b27d6a8530503cd2f0132de9353e3a80f585b255bc51a7693
15f5b48fea2eba3149d89e554cc32840fda209c53da2269f5c163a22c80fdfd1
17250316be2a573fff6e7aee64e0179f34698d65fab66012f1891b097bb8c543
178c85dd1cd4028c38f2a5812f63414c9d0bc67308a56227ffc9f18e5e2fa863
186154579f1e9f1558aaf921000f65d8c3356a301e94c3ac009e26919151cacf
18a4c05c50ff534451dd71190a11ffd4296cdcf519ad13afa11a365fcb2618a5
1bd3b6a69b7209a0e5a098232952d82330bfda85d1f2ade0d94977f568c6df50
1c4de14d6484e6f48bdfb5afdd0446fa234daef464dddd798ed9f958c45a536c
1d25b0cefe19cbd5e63464228a187e334112cafd107904271f9ab5fffc52a455
1e57378e77a92940db56c07311efdbe76662b76eebd32f3098c016426df8f9dc
1e88e7d1d0170fdb08fc22f8e0a4549f01477fc6654f4efb900c65eb9b4b88fe
1ece2917b6ef392a1061eb0b9b3e45965b1f975608316df3f500f6c9a574bb38
1f494baf825408402621f56ee70634ffebe173d7f084d07a21436c84ccb430b6
1f7401be53d97db43455bdbcedc182e33833c813e66543e44cdeb1de45615e0d
1fe589baeb612614c7035a14e1c4b552f509be3a55c3994f7f0f29c121a39b9a
24b409a4a2b7345416ca8444450f96ff48d9c19fbf8e4038c4133772cf64e8fa
257300c48d532a7b1ca6bd338cc1a1182baa4937185e08bc7c147240fb13ca2f
27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea
2893a7e611342776beef4df487c025cb7c3e0a57e3744f9471b6fc673e267f03
291765207f51424a314bc9e933d988dc3140f28ebc7d631bcb8128c992e54633
293c77c6050e6d5b873a388ca5533ee4aedfb9c7a44d25fd89e22bb38cb44f86
29639c85a6490eefb3a8c59d0486705e9c9116340aec86cc561f2a465295018b
2a4b16a34759fec47ef434fb04b4c177a682990e3fe33a4935b6202146662a71
2ace5a4f127fa756acdc46f090b63d1d38d452d1bad9777a38877c1e8b53820b
2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f
2b7cf2fc231658e13a2f6d56e9aaa401ebfd0c2340a563ca8838b1383f4583e7
2d152c6b1bfe9bec6d66a8d2515c393d0bb4c058e48f94f0fb1a006bd5036e2e
2d3c04bef92289f2765dfe9196e8da1f330c1aeed8a73ea6a46a9ae03bcaa64c
2dcd4149ffa1ef860b7f068ea2bc7b937e2b8b7dbf78c637e658605486efdd90
2e533ea83f56317b6516ae6cfefc06d4ad65144ce48b57785c39491fa6fff668
2e86fe91cdbab455a50b70e274b95b629c255e7c7d53d46e765c04b04bc5f838
2f764c969a82705ba7838239087f5ff9b33e978b6bae2657e299b6b14c30ad7f
2fe31f5a5ce7f15aaa8dde47882b84c2ac4888b2b4960e42deffc82fdcafe88e
30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f
31503700561854889f00738eb4abc910732ca6655a6593b0491a1e20dfbabd84
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
339c99dca268ba6cec38f366324b92e7dc7d24438768d8b21e9f16e0d6fd9663
33fb46b1d3bd789033cbb8cfa7b72c00c9c0be7eecedde183c253668d3fa4a1b
37c4d6d85873383f6f8d0369c7528d8af49b359d4ac65369ce55f70823fb7756
387ebdf51a3a4b8cddd5159194a393b2c3b45ba58c053f71c5f5c324885d448f
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
3935edf8c6ce63a740b60b281c11bfeed2beed83b7be0612cd8a9412a53c4ab0
397564ddb8d28e50f8855e407fbb2b2090170ad182898bf7ded99a93003dfecc
3a21a1b8cd1305f786c76f4a19f318a8ddf0daec65b9020c25a096a6a3f8df15
3a58de8d9c7b24b39cfd318f36cf8ac8e2eb491829df30979155028a448fa254
3b2ea1c9f3587781b58285cf64279e67f6329a3924fb93f81529f1826e2f4d16
3b9e6c123a29565dda481f36bef0219ff2103640c858e4ddda1a50c31b23ffb4
3cbf6597b6375386590a306aa3f8808cc302bc50a5121823b84e597402c69f2d
3ee6a49f4818706bc8b190dce5ebed504bde4f84ad74e09d40c1ab304c8255d5
404dee41a85b8b1947fb898339c079c42f3a33ec89d1879636bc2f6ddd0482af
4062edaf750fb8074e7e83e0c9028c94e32468a8b6f1614774328ef045150f93
40fbdf939ee958bdf305369fb51495e63cc44d2a6357e138a865c1faca904c56
4135302dfd219eef0a3ef4efa22460d35f559f6bbd6c80075668ea0024fd673b
41843d248056a3ffa490dd390a6c077342e8ce37d2ae60e7bb9a1dd33fcac301
428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11
42e6e358bc7f764358842d65d23e2fa64dca92a503e253654538a43236ee3562
4338b900dcb0f658dc52b480e9a98fad20b051f31d48277fe8a7b0cc0ba8f684
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
44017113e515baeb9edbc21bd74660937194feead9156878006411232f1e4302
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44bcef116097fc595634e5a8fd5f7831a82b0c909f06a4c4ee002edaa404f263
44c582726a868fd32d871de80b1dceb00d20454d9815a37a912eb384eb27314a
4512e492257199f988691a0f342b97d0a0d0956bb867996666dc966e24862b71
45aba51b4a9fd6f6716cf981b873ff9755c803a6f3cb28bfb9f00e745a6a5239
45e18b1689e2f8036562775b899e2b5e1a6af1f30cc1b22f5b5d257d3d21b955
45e33062c49467a06af0ae500d896f800c24213a99a69755d3fd34b1f0a8ccaf
46785e2006a27d27d52b4ed2ac2459d147ddd4b2843efbef626f9e3645b2254b
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46d2f5f6d180a269e1dabbde63a10731e12bb841ec449d481bd06918d7e93741
47444c3556b254a17d7b6fee8d662cefd56d998a48ee6c36974ef6c7a668b9b2
47fb417f6b72c4edc08dfb90a376b2c88b3b51992bf3c83dd14e011edba2f339
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4a0c6b73f521ba21f25e422588c0a01679808186cee9a406505d4095e7ebc1a6
4ab2e39e5e25d65c2d1f9c076b2168aec697d983cb68da374b2d23216e735d2a
4b1c25b30c53825819079f364e306a3a111b4bfe30fad2648a1952a996e173d2
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c618aa1d91338d2fe74bc5c68684a3051965c1eb80d8629701ff24ad7f55193
4d3c300c1cd89393c7f945c06656981e3ac1c034f59996affcd1062a3092f40c
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fd582aea874113cb657ca39e45b8adacf045ca1b05c9f262ea6a195cfa2c057
51084ebf49f9c58b1ac49e69f1d3ae175be4ce398d43b7c7715de9bede6947a3
51491faea25ddae85bd910f8c356077cc63e3ec5ad3f395bb0c2102d891fa5e7
525d4bcb494f29edfbcf472fec04988765bb0cd93dafc4bf88bf7e66af4e6b40
52d223bf945d4a6585bab0d78752b7dc1cae352a56a5548927aab2c765a27a7c
5363ce0381cb3e40740d923b2fca59ff91ab707340c5d72b314857574bc8ccea
53f2fb03b94c607e371e845b3dee3c4c6dd6114b6b17aecbaa3ba3dd80899b1f
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
55568d78493cb7e0ee57d25db4418b7d0514549f94dc27314e7626f886b68f8a
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5631005c6b0d68121ecfa27d0751f3ad19e2361140f0bd737874605a67815e1f
56a165b2c6dfc6f49ade9a73cda691e327c40afda9853f70fe701a3fc4fef0e7
5812d2557010d144492cc7ac39b6a8196983793dc1dc16ca6e9df8d0f4e57a39
5c21d8f19b48bf83626d5d957021dc7db160105082a57b40d78de786353b959c
5c2e9ecf95b1a1670328b5170d07ab42d3acae690402316e20d1f6680c9e425e
5ca585e408547339e90795c9a2cb1c78792bd35df4e2ff0308d760ed078ceeba
5d57d88f79fd5b685f1ba3bd66081456f0b90c1da546002d4e5a6d4517e11156
5f5a0db09b2c7d59fce00d749f6b857d80edafcca6897c038c5b77fb942f1393
5feb736923115c10a6ce2636540d6950f32509e1f3554226ac004b73a8382675
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62f301f757bfab2416d25ec18004760040836ed33d85e2229235fd0a1549881c
6300f448d738e70ac11f0140df0b3ce91a2de9e0da7fdf09d32d28031600ba51
641a10f20b1c619a0c8a9fd6d83321299923e2736324385a731806f25aa0fd4d
643dd75cf9812c16397f2d14bd471c6265b4b2edf68b1a4297ca7daaf0f97dc3
666a81a98b9d8ce2098b91b1ae26d1b7262f82c43c3ecf8232622d4f614f9a0a
66f50e61f7a6ab9c9872b6341879353d62364b09ca5ea3d5aedbed1f44d8a6d7
67f63277f6b82526068df07bf12fad11eb52a2d7a9818991705a68a69376e44b
6823cdc5c5bc297bd4ac06187687fecb2a5c110658ebd5efba820132571fe6a2
68efbddaf18604b239c9507b60f9837b892697a3d698bcf2c131a2be8dd5fe6c
69803de63650d5ca4ae7a48cca1c292d3c56c9ed3ea9b7f10089949cf9e85e26
6a00ef2670157738264638d4f31a657e3990ec342fd82599617f8934f4f9de72
6a36207c1b389e4884bfbac41fd10b62c4b2975f68b84151453179a5d1a13549
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6bee848969d05548d45dcc23a41786cd8d7911a4de25e38081042bb494109360
6d8a5e03e1cb0563d65b907587f13c41394e1feb582f29cca9f15195b2b4d51b
6efe7e4964448fbdd5349e5116703648d6692fc191736eb19b62515e21a7a3d2
73ab5c76f545a93a484e94f983735c938d22eeadbb6ebee699278acb9d7b2917
74c228298bc973bb338c87fa5aa68ccd914dba883b1d05327ec8820231a70b46
74e60e9c798282bb909e94841f78d2eaff74b790f2b29dc247ca6ba702cf7c40
75c9ea2b36d56f9232f57780e574ab51743af90f0100e67e33320e5f97a81754
78ac7b9399103f427712af4097365a5e2c4049673ff8899d5c62effa6673b9e4
78e7c05d7af83fd831e116e0df20794ee337b1b27fc76a25b626e078e7827fa8
7912e72b602b2d0f47219cf7b075968b46b017f2f775ed62df64f28160d618ac
799fd87b9973e7bb24fbd6ebb6417997a8b62888c65bcd3bd4d0fefe404dd1d4
7b0d144f812d0dde96d2b56b904e0b4616e654dade04b85b10c4889ccc680ebf
7b890dc41d051c686bda87447a5556a4d7e1a53fd40dde66bc9f12ea83bc00d1
7c67dc1e9ecce0d3757d97792fd606effaa6fe799ebe7423aff81e26e07900a1
7d75f1e19e34aba94b7915a3319156152d0b9b13716821e6459e4a2341285ab5
7d8e89f8a9f0f83d17f5fcd12ace577219a0ddcf73eece11c8a89e6bfb0a2d6e
7e31b56f9b340d357de43ee58d72a6ea2dcb0dace14abcc4d7b801dc6bb18f71
7f6b21cd7ee672e0e0bca400f200999960bac58960a4139f44f956e73532a7c9
7fc04564513aeaf36af3cd6058820b56bb7862b0d94eaf974a42d880fc7e5ca8
806bd0ebadf98dbdfee863e715a395ab7a2a82eddefd365648deb48ef592302c
8201b02c2df0c6496a05372d58423399054d4553832a91fcc83150854c39ad7f
820ded4f7abf3187c3521ad72cf991bd3c3a373ca118e49c9c0f6aa35228aa22
824acd0c32164947f5fedae901cc02c9860e107d1f31224fb20696af20ba62b7
825c9781037f85140b4e968c77a87087e23d04604ac8a1081daa162e23a43c2a
825f99a399ad27c48025d7dc29e1f7e79f0da08282dccece11495a299a19eb78
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83a96cb88b706963fc1f4f8f42800145a00434eacd48be9b7cb55a321552d5f8
844b87b27dc65dd4bfd6b4a840673478ecdb0512337f6b30f7af691c339908af
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
84ec73bf5c442323c5fb7a77ddb52d555c74559717d1c9500872528a6f676032
8538fa1e11fa1334100b86b0c251b8ffa0b51f5db3e732c23963053686a93dc7
85c2bff65ad5b190bcc028a7d91d977938e18c2960259beb8dcf5145fb5d0f1f
861aed070db50ce0da9928455deff784c115b44540b09450f225ff7cff0c7429
883be0f894fc4951fd0407629f16d91dccb9d6a51c14da9a244f18129ed14d24
8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603
8a5c7336a035dea60047189aee17a650847af6b9576f8985a1fe6b5da4098bbd
8aa36b09195fecaabd62aa061e560b68f9cdae7b1ad5a403d81a5294eadbbaea
8aa79a5d6fdffd63c26f013cd8f1bcb12ed624ef714702b5850cc30b673e6a37
8b1a47296ff93be8ba9e8d86de1f98a1c2f254d9ca8f06856dd099405b2f2963
8b9c6129678c3e94167ee40ed02f6bd3395345f0184005d33bc66780280df84e
8bb6da2cc697565a46ee2e8fd1a17ab824af2ba65b4957bbb7384a3cb4fe49b9
8c3cd39bd728c1030c043345485e2a0cbfd219bd539d81aaea8fecded84be3d3
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8dbe4c0dca753de6f362fb3970a6bbbf08aa9bf876e6879586b4d36c39da6976
8fef85d0ee4bf6b4399b0a416fbbdb8a5fc71800ef98bfb7433da04b09159c1e
903523de347c4419f45121ac0047bc5b30d9c17c600302c8169a131423f23a84
92206bbec062ce5905115e37e922529a28790a785e9b0f882a5f6fd87b9d41a4
922e0b86f21ad638a8155f6dbd9dc80c7ed472cfe3a012f1966f48b3cf8b5639
926d0470826aa90ed4f834f73cc2e6d0fea211a2efea75537c324f24f6668744
932ffc85d925259f1a133aec23869b5d519252b9e4acc58faaf076d9c077e06e
9371e82947a34df42771c3bb99b1df923e119cb6fef753ddac447e4d496b4b5c
94a78761682fa48e72a3f4547a7d7f3bd6b9adf948c5885ef0988f294a5f68aa
9587db045d9ba3eaec6420e5db67290e2ad0a037c16c5aa6055db938cd9dc911
96a5e0ae1e8c0ec5ad54e89427a149f75f647bb851e9645f7438196f5cda1c6f
96c9511b7c64f93785177226f8b96bf4eab8fee1f4341f00c9fb82d436a8a56f
96d2738ac93887026499a36bbead36fbb3307af0389119ce89bff112618577ab
992828baeee383a756dcb042414081ff580dcd98117e2e2cb49709c1afb07fe0
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
99f3df1ac51136bd58797fd03e6e94fd94bcd07c10977de0ae0f22ce0bbe6a1e
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ae376c48a2ac49aa66965f30fdef60142e699956f5b35a0ff3c06607d5e6dbb
9baf13720db44ebb5e72cf96cc6d74afe1abdee85d66a2a65da8485b366dd046
9bec4810857c8523bd1c6966212260eabb19826bb94394bb19856f7dd92b1c32
9c2fc7307943988ca28efd7763c2205045bf18310cb2147458ab5b3bdfc73116
9c31edb555f9d7750905c3d52e87092fdca1f5443c1eb729758217972c5ce03d
9c7bd44120dd3ef580e05582d06abf6646c21e9c9f43dc8ad7465f6308587056
9e07d9ec8e82eb4fa3943845db09a2d069a8edfe194e3b3c03029a857009623d
9e7f223cb014d3679d7bd555a7443b5e1c85bd117140f7a583ee28de1ec83548
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0af514b82e8000ed1d386c65cf9ad30da22355ea39d021b925e5ab682aa4c2e
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a13e884d6656462348faecfc7185ab2d0a575e2cd62ebecc053e83a621790d01
a32a2f8e63f3c2d90d9653f6f762f980b13b90e3a32777b2228930045a951213
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a6480d5583c337bf4b92a83cd56202c2a52e735756f82cccfa3b57d649b5ad4b
a7871476057d36f6562b06be9d18fdea94c2265820128c364c815d8b24831030
a817d5e7c6a02da4018060272bbeec4287a6288bc76173450f0764dc8e1c215a
a897aa772be6fd024baa995acead8df3e5de4cba9e4aef00307c1a60edaeac94
a9018b1f339489260a59a3023df211eb1a5f38cf20c2df423c780e08893b01eb
aa07463b6ad60931ac72e15e7386fefa00b234d6cac8a69bdcc5a83ff3d32ab6
aba72ba4ee31626cd249cb76e4ff9a6ab23b8e9f5828a741324c8c9a7a8623ea
adfb37aca7f5fcd929ff53a7ca41eeed3de50f0ef3728a6ffadfb5bb6915cbf6
ae36470959223996193932b38efb21d5889b9f40d7a244cddd1e27a93d949207
aeb35390525c9a2ff55b35bceabd869925940837d658ac837fd1603db2c1455f
b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2fcfbc79f4d51f9afaa3f8c42ce6b8ade64c1c36f599876bbd018a69eb6301d
b6202d74eea96342e886a6277475ba00bfff60ef5e53a84a5fb9662b5830bb63
b625d5a8adce0e637b3263a627b65445e87da3ec1e62aff4ff86869707ed4fe7
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
b6a75dbb9026abde609be1b49466d12e2f383bd184c54f75bcf96f55cc593c1d
b6af033ab5b5d74fc4c4a81e72593e34f1c2b76bd74f5a568f69ee7a66026e83
b7bf4f406f5a9bf165c21dfebea2257eab80882e23e887a24756956daac44373
b7df0f8e8d115e37800cc570c3587c64a355d38a41c1cfb63c62e96ad3cf7250
b88b424759020d37552e324c6f32d9b87443bda67dbb3785cbd6b00f9dbee8db
b897e32342ccc2f773d70899797e11efaea58c76b5c42a1b98896eea9f3b29b4
b920c9788dc4c50a7875139e02ead52f2de250017bd7d1ec5211c8cf4a292592
bb59aae963092ebbb9554935feae1d631c8d7550f963b8ead804ea39d76998c3
bb688c3f6fa28a6bbb0fd1534cc06558c5b690a680b656fd4c5232b95928cd47
bbc81574ad0ec8a29121e6d27ef5f40b0d496a4ba81ace7fbabd3edf27af7d81
bd639d613b54759e08ba0e73fcac45edef560aadcbb73d5103721134fd2103a8
be8d30e8e16b816c8c46da4f0d206ef5d99762fc701d69457b1c2a1dea7f4b94
c14345412751f84fd061a93eeacdcae18c1d53a21501609217b1cf3f6f9dea41
c1aa15db788be06cbfeb0f5d202cd182daddd236c39e2ac5988a8edd517450a6
c1d5a94de96e16ff5cade47262ae251a766b737cdb70440e0aa96f2f3848f575
c22f9d5f6507963d8f78d019c222001b4e6f0819bb2fac28c8b02353f667b80b
c2fa9911d1958ae7e8a37d87371d241be79f176fdc5fc3210930b96b10d1c94b
c41da4ed8360857d1789b6356a4562ac9a0c57d7dbf0d5e9571372abd73bc162
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
c707d5798e40035ef5aa307db04e295703514d654b1e65fa62b04492c687c255
c78d10b2fba352f7f3ee9703c76e20f4af0f6256b0f3837bed567eb673f8e4e5
c8dad1e6405f440b7e00eebc5fd54d82829faebf668062bd520b676bffb07f63
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cb8f1d149e89e2fc12e167bca2ffd7d934fac475417136b6ad6369a514523a4e
cb9185e9d6ebbe344bac8715e379c56a62cdff9845f283d951d513a700683340
cbcfb303a1e7d1f9da8965565b535f4122f2de2f1f3ed9f61f3f9e2dad3dcf9d
cc79a1c2e75cb8a81a7df1aab90877149ae77867bb537fbf22c62a0977658344
ccae2b61a3aad8c4e607d727eb78e09f10c040b45f9188dcd461281a188ec3e8
cf66b1a88c1b59fe8d1068ff7ec392816c6a8a43a1d0647bd940591f09974446
cff7e05e049290d1830d43a1ba66b28eb98ec8c9d37d51389dbca54c84ea201b
d0104f5a4256dba1888e2ac755ef7495f737d3d72eba83d1bef0346eb7e5bc8d
d03ddfe5ee7c2f43d9cc2d9d9fe7eebb1e6c12ce7a3e282e121bce75f25d8ffb
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
d222cce9b803f746e839aa0febec4740b5d087d00deb8de050bb20db32164cce
d2ea3d6894c8f52d233d9601335945dd49782562a187a4627cf224c4915d8806
d351ad9e0491a3bb72ba3995d0dfe67f6af54bbf7d97e18f43ff203ffc5efe1f
d41dc07aed30cb54de661289691254b1288a52bcf4d121cec3acb89d4aa872a8
d46df17d4e3239b6eaf05d2e349fc1bcc81d004d35f3e1fb8c12308aa2d439b5
d517789f7f2287f125d0e691b3a03f1750120104b436360b69811393e0958149
d558014eadf8cc2e103907d66f622bcf05f88bba2a65ba8d343db89ce75a0b9d
d736fce89948bed318a12e26b2f45fb03e9b696bc7126f93ab37aa336c753211
d772756f7f30b155def5b4c539d7883b69134c27e64be72d6e2fd98b37718843
d815bc66c3283a00192965dfe2248be7e9e7fdf21dceea1364c0fdaaa5889f4c
d9ee64664bd309bcb0f0b6a8f8cd49db71bdba8ba3276e3d39d8c721c9c55b68
d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60
da048d750f80c54a010a455dea80502cdbb958225d4e4bf059c087adc42a96a9
dac9ce6b163b009d3fae39abc37e728afa2476e5dd0b5e5ac9480a9969fbbe6f
dad3694d81efeecd763fc8d651a9ee58b547765660bec0110aaeea9d788f0600
db2458d872da75659225b712eb5fe08a468c3d08c3e75732728296b5350039c7
dc07103206f712d3a73a03aa9e43108119fbddff18a7e655dc632eb529c6110d
dca34d4085f9aec1933f6d4ac88c52563c2f37aa20f84cfff5135acad4e15af0
dd750c079ff8953fb54c97e67fde64e5ca38e999a76d4ece21dd3b87629d2929
dda2af63e1ccbcf97f5c23c6f9efb37c40c3b7efc10954209172f664e7a52385
de259eb7ba7a0e45575deb33946f1fbc695c97c33145ae4e49af0069d010868e
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0a83addd39690eac6fe81a2b079cd7918d9a65cfc723e16a74704c2db775486
e23b6f4539643a37f0d615a630a76fc48571ebb8b0a9219ad38b4827a60ee18c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3c185d7172e2bbe4b5febef13973e745e0fa130113b993b150602b3bcdf9b32
e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e688c863b85a28f75e5c1c7f21092f1f419649e10496f9f1fc36826112bbd348
e757e449eb372d90ccb8be9744d0a9b1c5735321edf8ccfc970ee71609bf12fb
e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2
e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197
e95af539420559a250994e6cb58b697631778cad3bb789f53fdc776097845132
e992cb223edb9e7c0053725fc2382be6c7199fa499dad0571a8e60248c48c595
ea3f874e92d2f05121d133ae8ab4e2138a7f904af2b9f8f4719a0543bbc3bc9b
ea475eb5b869c80449c68b26f26dcdc596d53ea956ac9382566d4f70064bbeed
eb658766bc0865b719c76913b6b82ba32d0e14660216bf8d6d3953e30ad3e06d
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ecdef87a396be7d031d0c5ad8b2098f323e0e28e77701f44e7c3fc40bfe5a1ec
ed479689f9b96722b871c79a07145dd26a73834b9851ddd929b79e8ce12251d7
ed618e24e12104a91b63dbb3396772177910e749bbd5d95a2cd7afd9456e175f
ee266cad83dd463bc5e78ea6cfce1c06d37cb9610efc3f221ba3c18a2382fa55
eebe29898b8b7de5c9e47daab474152be8095e3ab42d768b84b085c5a12b95c6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
eff2899ad60aaec641f4b9933186cf1f8c525f6481f6212223c23c9f610aa080
f19307580753af0b607fa397f6357df75d467c396b11d139afa027a00a22922c
f2adf903c24c03641dd5ed0f2c5b16ecb50f9176bcdcda2cf806b99efb551fdc
f2d05f39822a17b55e801e6e5f907efd491c30b7e8574eaf6fe5be5fbfbba648
f3e05684eb43771985206b71d928855901c5dc6b9eb9df92343d057b608ef3e2
f51deb4b17f3929fc38473d43ed9b2a88d480864757574ff0e8f1ce327a5babe
f6e66da412973873d72fc1552cbe03faff46d043097510b7cf0c09d8b90958a7
f70e8b2108edfbcc2ff74ac7fd6e7cf46f0e9c381ab9b8781beb016f77061ac4
fb1099bf4716b40a45e019a68f4e78308d0f85b1284e4343921ee3b1370a6742
fbb6a8fd8eb8b0e9642821c3000b8346b1b64eb8e75f8d55bd5e3be5b3887a96
fe4a646ea507da1fff3b7f36c84ab203e648482e50305b6bbf1f6ce61a089e32
ff70c9bc4650cf5e6b12d1feaa7af29ebf0681993fc0c5ffe3658cea0dbd5403

www.foreks.com Open in urlscan Pro 18.66.248.121 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

564 Requests

92 %HTTPS

45 %IPv6

61 Domains

99 Subdomains

81 IPs

9 Countries

9005 kBTransfer

33035 kBSize

60 Cookies

30 Outgoing links

Page URL History

Redirected requests

564 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 31 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.foreks.com Open in urlscan Pro
18.66.248.121 Public Scan

Screenshot
Live screenshot

Full Image

564
Requests

92 %
HTTPS

45 %
IPv6

61
Domains

99
Subdomains

81
IPs

9
Countries

9005 kB
Transfer

33035 kB
Size

60
Cookies

564 HTTP transactions
31 data transactions