jibundedekirukogao.dt25.net Open in urlscan Pro
210.188.201.43 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://jibundedekirukogao.dt25.net/
Submission Tags: phishtake
Submission: On April 20 via api (April 20th 2021, 10:45:16 pm UTC) from JP

Summary HTTP 111 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 21 IPs in 5 countries across 21 domains to perform 111 HTTP transactions. The main IP is 210.188.201.43, located in Japan and belongs to SAKURA-C SAKURA Internet Inc., JP. The main domain is jibundedekirukogao.dt25.net.
TLS certificate: Issued by R3 on April 20th 2021. Valid for: 3 months.

This is the only time jibundedekirukogao.dt25.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
13	210.188.201.43 210.188.201.43	9371 (SAKURA-C ...) (SAKURA-C SAKURA Internet Inc.)
10	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
9	185.29.135.190 185.29.135.190	30419 (MEDIAMATH...) (MEDIAMATH-INC)
8	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
3	138.201.84.245 138.201.84.245	24940 (HETZNER-AS) (HETZNER-AS)
3	184.30.20.207 184.30.20.207	16625 (AKAMAI-AS) (AKAMAI-AS)
1 5	138.201.84.252 138.201.84.252	24940 (HETZNER-AS) (HETZNER-AS)
1 5	138.201.63.117 138.201.63.117	24940 (HETZNER-AS) (HETZNER-AS)
1 4	46.4.10.49 46.4.10.49	24940 (HETZNER-AS) (HETZNER-AS)
2 4	104.111.239.217 104.111.239.217	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	34.246.227.69 34.246.227.69	16509 (AMAZON-02) (AMAZON-02)
18	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
1 1	3.120.24.152 3.120.24.152	16509 (AMAZON-02) (AMAZON-02)
3 3	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
6 6	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
3 3	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
2	2a05:d01c:1d8... 2a05:d01c:1d8:8102:5642:8a73:6264:9a1f	16509 (AMAZON-02) (AMAZON-02)
5	85.114.131.235 85.114.131.235	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2	2620:116:800d... 2620:116:800d:21:5a23:9c4e:e774:96c1	16509 (AMAZON-02) (AMAZON-02)
4 4	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
4 4	23.218.208.246 23.218.208.246	16625 (AKAMAI-AS) (AKAMAI-AS)
111	21

13 210.188.201.43 (Japan)

ASN9371 (SAKURA-C SAKURA Internet Inc., JP)
PTR: sv82.xserver.jp

jibundedekirukogao.dt25.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 185.29.135.190 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 138.201.84.245 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.245.84.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 184.30.20.207 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-20-207.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 138.201.84.252 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.252.84.201.138.clients.your-server.de

hal900024.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 138.201.63.117 (Ketsch, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.117.63.201.138.clients.your-server.de

hal90003.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 46.4.10.49 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.49.10.4.46.clients.your-server.de

hal90001.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.111.239.217 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-217.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.246.227.69 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-246-227-69.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.120.24.152 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-24-152.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.244.174.68 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.186.253.211 (Kansas City, United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.139 (Frankfurt am Main, Germany) 3 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d01c:1d8:8102:5642:8a73:6264:9a1f (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 85.114.131.235 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: srv21039.dus4.fastwebserver.de

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:5a23:9c4e:e774:96c1 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.190.78 (United Kingdom) 4 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.218.208.246 (Frankfurt am Main, Germany) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-208-246.deploy.static.akamaitechnologies.com

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	30 KB
18	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	177 KB
17	redintelligence.net 3 redirects hal9000.redintelligence.net hal900024.redintelligence.net hal90003.redintelligence.net hal90001.redintelligence.net	25 KB
13	dt25.net jibundedekirukogao.dt25.net	21 KB
12	mathtag.com tags.mathtag.com pixel.mathtag.com	9 KB
6	openx.net 6 redirects rtb.openx.net	2 KB
5	contentspread.net cdn.contentspread.net	130 KB
5	google.com adservice.google.com www.google.com	1 KB
4	casalemedia.com 4 redirects ssum-sec.casalemedia.com	4 KB
4	pubmatic.com 4 redirects image6.pubmatic.com	4 KB
4	awin1.com 2 redirects www.awin1.com	2 KB
4	googletagservices.com www.googletagservices.com	136 KB
3	rubiconproject.com 3 redirects pixel.rubiconproject.com	1 KB
3	rlcdn.com 3 redirects id.rlcdn.com	1 KB
2	quantserve.com cms.quantserve.com	925 B
2	innovid.com ag.innovid.com	591 B
2	mookie1.com odr.mookie1.com	999 B
2	everesttech.net 2 redirects pixel.everesttech.net	752 B
2	google.de adservice.google.de	921 B
1	agkn.com 1 redirects d.agkn.com	765 B
1	googleadservices.com partner.googleadservices.com	638 B
111	21

	Domain	Requested by
18	cm.g.doubleclick.net	googleads.g.doubleclick.net
13	jibundedekirukogao.dt25.net	jibundedekirukogao.dt25.net
11	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
10	pagead2.googlesyndication.com	jibundedekirukogao.dt25.net pagead2.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com tpc.googlesyndication.com
9	tags.mathtag.com	googleads.g.doubleclick.net tags.mathtag.com
8	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
6	rtb.openx.net	6 redirects
5	cdn.contentspread.net	hal900024.redintelligence.net hal90003.redintelligence.net hal90001.redintelligence.net
5	hal90003.redintelligence.net	1 redirects googleads.g.doubleclick.net hal90003.redintelligence.net
5	hal900024.redintelligence.net	1 redirects googleads.g.doubleclick.net hal900024.redintelligence.net
4	ssum-sec.casalemedia.com	4 redirects
4	image6.pubmatic.com	4 redirects
4	www.awin1.com	2 redirects googleads.g.doubleclick.net
4	hal90001.redintelligence.net	1 redirects googleads.g.doubleclick.net hal90001.redintelligence.net
4	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
3	pixel.rubiconproject.com	3 redirects
3	id.rlcdn.com	3 redirects
3	pixel.mathtag.com	tags.mathtag.com
3	hal9000.redintelligence.net	jibundedekirukogao.dt25.net
3	www.google.com	googleads.g.doubleclick.net tpc.googlesyndication.com
2	cms.quantserve.com	googleads.g.doubleclick.net
2	ag.innovid.com	googleads.g.doubleclick.net
2	odr.mookie1.com	googleads.g.doubleclick.net
2	pixel.everesttech.net	2 redirects
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
1	d.agkn.com	1 redirects
1	partner.googleadservices.com	pagead2.googlesyndication.com
111	28

This site contains links to these domains. Also see Links.

Domain
a11.yaruman.org
a12.yaruman.org
a13.yaruman.org
a14.yaruman.org

Subject Issuer	Validity	Valid
jibundedekirukogao.dt25.net R3	`2021-04-20` - `2021-07-19`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.googleadservices.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.google.de GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.mathtag.com DigiCert SHA2 Secure Server CA	`2020-04-15` - `2022-04-22`	2 years	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
www.google.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
redintelligence.net R3	`2021-02-19` - `2021-05-20`	3 months	crt.sh
pixel.mathtag.com DigiCert SHA2 Secure Server CA	`2020-04-15` - `2021-07-15`	a year	crt.sh
www.awin1.com DigiCert Secure Site ECC CA-1	`2020-04-21` - `2021-07-21`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
*.innovid.com RapidSSL RSA CA 2018	`2020-02-07` - `2022-04-07`	2 years	crt.sh
contentspread.net R3	`2021-02-01` - `2021-05-02`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh

This page contains 17 frames:

Primary Page: https://jibundedekirukogao.dt25.net/
Frame ID: 006CD40520F12890A3EE45F4ADF6842B
Requests: 24 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210415/r20190131/zrt_lookup.html
Frame ID: 52714B86207A4FCA082862F2B57DBFFF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&adk=1812271804&adf=3025194257&lmt=1570747697&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958695778&bpp=4&bdt=78&idt=69&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1261708783428&frm=20&pv=2&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&dtd=101
Frame ID: B984CB02DE4C8B3F112A7F3ADB970E3B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=15&slotname=9751991989&adk=3845026852&adf=402710408&pi=t.ma~as.9751991989&w=728&lmt=1570747697&psa=0&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958695987&bpp=2&bdt=287&idt=2&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=414&ady=87&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=k94BFT6YUE&p=https%3A//jibundedekirukogao.dt25.net&dtd=7
Frame ID: 730D5522BE5FCD6ACC970F6500712411
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=250&slotname=8561685583&adk=1410419542&adf=4274972013&pi=t.ma~as.8561685583&w=250&lmt=1570747697&psa=0&format=250x250&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958695999&bpp=3&bdt=298&idt=3&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=647&ady=176&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=7iiM9rwfpA&p=https%3A//jibundedekirukogao.dt25.net&dtd=8
Frame ID: 7A9484F41DECB7B7F20C8C14274123F6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=250&slotname=3379513183&adk=3419604076&adf=2457737313&pi=t.ma~as.3379513183&w=250&lmt=1570747697&psa=0&format=250x250&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696012&bpp=1&bdt=311&idt=1&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=907&ady=176&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&xpc=lDtErgvsIY&p=https%3A//jibundedekirukogao.dt25.net&dtd=5
Frame ID: 78470F32048276A24E57307F121F8E17
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=600&slotname=3613768783&adk=94595765&adf=282678229&pi=t.ma~as.3613768783&w=160&lmt=1570747697&psa=0&format=160x600&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696043&bpp=1&bdt=343&idt=1&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250%2C250x250&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=427&ady=374&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=UoXFPF44NY&p=https%3A//jibundedekirukogao.dt25.net&dtd=3
Frame ID: 807D53B3C876F1A3886693ADFD6FC0C8
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=90&slotname=9366493185&adk=2171484123&adf=2334505472&pi=t.ma~as.9366493185&w=728&lmt=1570747697&psa=0&format=728x90&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696050&bpp=4&bdt=350&idt=4&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250%2C250x250%2C160x600&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=1431&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=IcKvSntUZu&p=https%3A//jibundedekirukogao.dt25.net&dtd=7
Frame ID: D9EF325EA5D0B6C4A57245524F2D048F
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=15&slotname=9751991989&adk=2477136073&adf=3017637576&pi=t.ma~as.9751991989&w=728&lmt=1570747697&psa=0&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696060&bpp=1&bdt=359&idt=1&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250%2C250x250%2C160x600%2C728x90&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=1521&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=7GD0olG6Mj&p=https%3A//jibundedekirukogao.dt25.net&dtd=4
Frame ID: 6CFA52FABD22527A8493DDE58BF6FAC8
Requests: 1 HTTP requests in this frame

Frame: https://hal900024.redintelligence.net/request_content.php?s=55870000003079102179201011571024&a=3661f9ea
Frame ID: 553D499EBBA83294F569BD213242D446
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 63B2439253D2F567AE3ACF9EA417657E
Requests: 9 HTTP requests in this frame

Frame: https://hal90003.redintelligence.net/request_content.php?s=39848900003759900951399011571003&a=87de865e
Frame ID: 1F4B550DC46A10B42B0D4E4FFD2C7783
Requests: 5 HTTP requests in this frame

Frame: https://hal90001.redintelligence.net/request_content.php?s=86004800003811902179195011571001&a=fe15110c
Frame ID: 7034B376E9EB79707BC2B665DBF4919F
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 81F4D9A168751145FA3085A2CA65E30D
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 2F872F1B642E6A624066A5AF084A66AD
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 69B2F56CE947320828D3E5FAFD5353EA
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 8BD58D0C00768DCDCB39ADABC62E51EE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Page Statistics

111
Requests

100 %
HTTPS

30 %
IPv6

21
Domains

28
Subdomains

21
IPs

5
Countries

528 kB
Transfer

1159 kB
Size

4
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: http://a11.yaruman.org/
Title: ハーブでヘアケア

Search URL Search Domain Scan URL

URL: http://a12.yaruman.org/
Title: 呼吸法をマスターして誰でもできる簡単ダイエット

Search URL Search Domain Scan URL

URL: http://a13.yaruman.org/
Title: 無理なくやせられるレコーディングダイエット

Search URL Search Domain Scan URL

URL: http://a14.yaruman.org/
Title: 便秘を治す方法

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 57

https://hal900024.redintelligence.net/request.php?zone=tojuhhm84f1g&nw=20&renderingType=javascript&namespace=6f0277911c&subid=&uid=81efc620651ef228&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D7296427774574111200%26mt_id%3D8675608%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D6724607f-5968-4701-a611-30f2a2a94ceb%26mt_cid%3D6724607f-5968-4701-a611-30f2a2a94ceb%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCRxnfaFl_YKv7A6C5x_APksaBwAHPh46bXMCG2YLGAsCNtwEQASAAYJWK-IGUB4IBF2NhLXB1Yi04ODE5MjA0Nzc4MDAyOTEyyAEJqAMBqgSzAU_QyMRGYvrF_MpacyQ5sBZe0aZ9xpSfeI5nTtI3ozvQMX-xh-JSHZZ53qH3axKIuIZSiZj0I_MBYf8w58RvEEU6HsQ9vbrUbHk6lkJgB-eSuZs9ikQE9-S-s9qXrTVSizK5EE5uYnJbBPd_9mE_aETMogQsCq41IKc3slXop8Zcdaqu961uRwWAxgr3Vm9rIZY2pF5KGY0hn7Lz7bd6HBoPnxj4fFMDZ9KTeXx7zGRiXu6RgAb30dyH8dPYh-4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1R7VDzkGvkXMHPoHTvCVvLQn9Png%2526client%253Dca-pub-8819204778002912%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&ancestorOrigins=https%3A%2F%2Fjibundedekirukogao.dt25.net&random=767827920894&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900024.redintelligence.net/request.php?zone=tojuhhm84f1g&nw=20&renderingType=javascript&namespace=6f0277911c&subid=&uid=81efc620651ef228&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D7296427774574111200%26mt_id%3D8675608%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D6724607f-5968-4701-a611-30f2a2a94ceb%26mt_cid%3D6724607f-5968-4701-a611-30f2a2a94ceb%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCRxnfaFl_YKv7A6C5x_APksaBwAHPh46bXMCG2YLGAsCNtwEQASAAYJWK-IGUB4IBF2NhLXB1Yi04ODE5MjA0Nzc4MDAyOTEyyAEJqAMBqgSzAU_QyMRGYvrF_MpacyQ5sBZe0aZ9xpSfeI5nTtI3ozvQMX-xh-JSHZZ53qH3axKIuIZSiZj0I_MBYf8w58RvEEU6HsQ9vbrUbHk6lkJgB-eSuZs9ikQE9-S-s9qXrTVSizK5EE5uYnJbBPd_9mE_aETMogQsCq41IKc3slXop8Zcdaqu961uRwWAxgr3Vm9rIZY2pF5KGY0hn7Lz7bd6HBoPnxj4fFMDZ9KTeXx7zGRiXu6RgAb30dyH8dPYh-4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1R7VDzkGvkXMHPoHTvCVvLQn9Png%2526client%253Dca-pub-8819204778002912%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&ancestorOrigins=https%3A%2F%2Fjibundedekirukogao.dt25.net&random=767827920894&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 58

https://hal90003.redintelligence.net/request.php?zone=xxvlvujily3i&nw=20&renderingType=javascript&namespace=aa6be00a6f&subid=&uid=0bd250b055c7e8e1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=250x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D378898750164188957%26mt_id%3D6622325%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D0862607f-5968-4401-abd2-fed2dc19fb70%26mt_cid%3D0862607f-5968-4401-abd2-fed2dc19fb70%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCI8QMaFl_YISfAtCNgQfRr7SQCc-HjptcwIbZgsYCwI23ARABIABglYr4gZQHggEXY2EtcHViLTg4MTkyMDQ3NzgwMDI5MTLIAQmoAwGqBLkBT9C-FtjfEIOM7khG1uGGy70LZrI8gm_dL7QFBUUZ6eHz6fCYc-ZbmZc5j4HpiC8obaxCtkCaHnWcHT4vqEzR8NIzFGJB4urmTsYmcm8MPI23c1_mZ1gIychHMdjzBUgIxzExxszEDd4PDa8wkFtkO8hRNMj7K7rnIvfS23uzZAg0THzLMJcXyEMuEmNcIgwEE-CGbcamy1gwcXkolAvx2bsf8F-JhdX2WJJI78OmtrvlBgeigdegxPaABr_MxM6a-eOXgAGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_22j8Ry4eprH31PLjjPBIoGKjTCNA%2526client%253Dca-pub-8819204778002912%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&ancestorOrigins=https%3A%2F%2Fjibundedekirukogao.dt25.net&random=763374436369&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal90003.redintelligence.net/request.php?zone=xxvlvujily3i&nw=20&renderingType=javascript&namespace=aa6be00a6f&subid=&uid=0bd250b055c7e8e1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=250x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D378898750164188957%26mt_id%3D6622325%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D0862607f-5968-4401-abd2-fed2dc19fb70%26mt_cid%3D0862607f-5968-4401-abd2-fed2dc19fb70%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCI8QMaFl_YISfAtCNgQfRr7SQCc-HjptcwIbZgsYCwI23ARABIABglYr4gZQHggEXY2EtcHViLTg4MTkyMDQ3NzgwMDI5MTLIAQmoAwGqBLkBT9C-FtjfEIOM7khG1uGGy70LZrI8gm_dL7QFBUUZ6eHz6fCYc-ZbmZc5j4HpiC8obaxCtkCaHnWcHT4vqEzR8NIzFGJB4urmTsYmcm8MPI23c1_mZ1gIychHMdjzBUgIxzExxszEDd4PDa8wkFtkO8hRNMj7K7rnIvfS23uzZAg0THzLMJcXyEMuEmNcIgwEE-CGbcamy1gwcXkolAvx2bsf8F-JhdX2WJJI78OmtrvlBgeigdegxPaABr_MxM6a-eOXgAGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_22j8Ry4eprH31PLjjPBIoGKjTCNA%2526client%253Dca-pub-8819204778002912%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&ancestorOrigins=https%3A%2F%2Fjibundedekirukogao.dt25.net&random=763374436369&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 59

https://hal90001.redintelligence.net/request.php?zone=kfm7pdl6j5sw&nw=20&renderingType=javascript&namespace=b8769fd653&subid=&uid=b34b69839b131938&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D4990584769642530090%26mt_id%3D8675613%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Df607607f-5968-4401-9c10-34363f649f56%26mt_cid%3Df607607f-5968-4401-9c10-34363f649f56%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC4621aFl_YK-4BJKHgAf5zKPYA8-HjptcwIbZgsYCwI23ARABIABglYr4gZQHggEXY2EtcHViLTg4MTkyMDQ3NzgwMDI5MTLIAQmoAwGqBLgBT9BbbdsTdbexBCfAA4iUsxiC1q-YPxCEc863I6kMITm9UWb7XT4XWxIEKSexBq3Zm5ySlpfkmwu_X5ztkbjTXyKou1wmNkOUyzmCfP9fdo3U0-xAwfoVpIkPEvkMoXY82HwdFBLGCxbtmx2PWXJguPcLG5mVvB7VuWanbOgcHM73wZbw0Kkswu6CmVyCeUjiN7EqrjXINxrp9m0q2YAChTZn1O0Knivk8tl2uvO9wFlVKO6VRYc8JoAG-pm04aTW17RHoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAQ%2526num%253D1%2526sig%253DAOD64_2Hh-7eZ482h1hhpaBCxYwVfjGSyg%2526client%253Dca-pub-8819204778002912%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&ancestorOrigins=https%3A%2F%2Fjibundedekirukogao.dt25.net&random=1951759475273&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal90001.redintelligence.net/request.php?zone=kfm7pdl6j5sw&nw=20&renderingType=javascript&namespace=b8769fd653&subid=&uid=b34b69839b131938&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D4990584769642530090%26mt_id%3D8675613%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Df607607f-5968-4401-9c10-34363f649f56%26mt_cid%3Df607607f-5968-4401-9c10-34363f649f56%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC4621aFl_YK-4BJKHgAf5zKPYA8-HjptcwIbZgsYCwI23ARABIABglYr4gZQHggEXY2EtcHViLTg4MTkyMDQ3NzgwMDI5MTLIAQmoAwGqBLgBT9BbbdsTdbexBCfAA4iUsxiC1q-YPxCEc863I6kMITm9UWb7XT4XWxIEKSexBq3Zm5ySlpfkmwu_X5ztkbjTXyKou1wmNkOUyzmCfP9fdo3U0-xAwfoVpIkPEvkMoXY82HwdFBLGCxbtmx2PWXJguPcLG5mVvB7VuWanbOgcHM73wZbw0Kkswu6CmVyCeUjiN7EqrjXINxrp9m0q2YAChTZn1O0Knivk8tl2uvO9wFlVKO6VRYc8JoAG-pm04aTW17RHoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAQ%2526num%253D1%2526sig%253DAOD64_2Hh-7eZ482h1hhpaBCxYwVfjGSyg%2526client%253Dca-pub-8819204778002912%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&ancestorOrigins=https%3A%2F%2Fjibundedekirukogao.dt25.net&random=1951759475273&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 69

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitULTb7iqIc2eRsyfI4OzkDohEdHkF9VyIRr9vrB-0jyqU6LO8pogwDEcW8cPtFWFQ4qN78PjNlyloMCuKANky8ezOy5FT4zg&google_gid=CAESEBKmAD8XK-aS2u4ObZMAif0&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUg5WmFBQUFBVDdneURoaw&google_push=AQvitULTb7iqIc2eRsyfI4OzkDohEdHkF9VyIRr9vrB-0jyqU6LO8pogwDEcW8cPtFWFQ4qN78PjNlyloMCuKANky8ezOy5FT4zg

Request Chain 70

https://d.agkn.com/pixel/2175/?google_gid=CAESEJ-N0dgfY_lcJAHHVDUYDdY&google_cver=1&google_push=AQvitUIqCliJcBh_zY1Q8tkzbH9IOTp8BnouEqZbEt4cMPTyBIKdyPey2b5yTfwW_BVC2oQ1V0WJebgzy1-ikJNRQI1EhY3US4eK8A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUIqCliJcBh_zY1Q8tkzbH9IOTp8BnouEqZbEt4cMPTyBIKdyPey2b5yTfwW_BVC2oQ1V0WJebgzy1-ikJNRQI1EhY3US4eK8A&google_hm=Q0FFU0VKLU4wZGdmWV9sY0pBSEhWRFVZRGRZ

Request Chain 71

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAQvitULRS4a7MHB3bT61aNa_xE_6DBm4AI7iGpVTbxnIBXf-aQHnvuhQamWbDcQXCHxjoV3kog3NpFiU37gJ0nqEouJFhYHVDzu76g&google_gid=CAESEMjAedLS5GayyC7expB1tgY&google_cver=1 HTTP 307
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCOiy_YMGEgUI6AcQAEIASnJnb29nbGVfcHVzaD1BUXZpdFVMUlM0YTdNSEIzYlQ2MWFOYV94RV82REJtNEFJN2lHcFZUYnhuSUJYZi1hUUhudnVoUWFtV2JEY1FYQ0h4am9WM2tvZzNOcEZpVTM3Z0owbnFFb3VKRmhZSFZEenU3Nmc HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwcWtPLW5WczlPeHo5cHVEd09YeVhOcVFDOG1LNkZFakNmNVdseTRGRUtIOA==&google_push

Request Chain 73

https://rtb.openx.net/sync/dds?google_gid=CAESECoPLfQHqL4-PPp90sX7xU4&google_cver=1&google_push=AQvitUK0EAR2CouJjjr22izeC_t05763a2FG4Siz_H0tIaOPfzAjKWIPoVLvVrKgPhvZKNEE6P50VtqrKoZnSLefEWfQ0rEFnNU9Aw HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESECoPLfQHqL4-PPp90sX7xU4&google_cver=1&google_push=AQvitUK0EAR2CouJjjr22izeC_t05763a2FG4Siz_H0tIaOPfzAjKWIPoVLvVrKgPhvZKNEE6P50VtqrKoZnSLefEWfQ0rEFnNU9Aw&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUK0EAR2CouJjjr22izeC_t05763a2FG4Siz_H0tIaOPfzAjKWIPoVLvVrKgPhvZKNEE6P50VtqrKoZnSLefEWfQ0rEFnNU9Aw&google_hm=qpr4joJcz2sBaLERSJCsrw==

Request Chain 74

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENbA6W61xhEf_pNRmNP2Yrs&google_cver=1&google_push=AQvitULEClVUzLmG0ofJZ-Wy5n1BneSpkPt2ziZjPPc2cGkOGQMAB40AqkuHzpyWkli7bXrMWVp7Ll8AHNt4eg0zLsAvYfMMhavt HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05RTTdIQ1MtMTItS01QMA==&google_push=AQvitULEClVUzLmG0ofJZ-Wy5n1BneSpkPt2ziZjPPc2cGkOGQMAB40AqkuHzpyWkli7bXrMWVp7Ll8AHNt4eg0zLsAvYfMMhavt

Request Chain 79

https://www.awin1.com/cshow.php?s=2846679&v=14098&q=409715&r=296283&pref1=55870000003079102179201011571024&pv=0 HTTP 302
https://cdn.contentspread.net/24i/advertiser/3839/creativesup/kl_kis_160x600px.jpg

Request Chain 84

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAQvitUJAXOCYc-jE5jMop0hRAYrEsN6HSOwdEFuKyaeEmvlcHua_mQWvLFVQ2GnsJUu5co2NhSDeyGmKSrZP4KxNsogr_qjSO91Fmw&google_gid=CAESEJ4xG-V99P6x-7zOjDgiNPo&google_cver=1 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=&google_push

Request Chain 86

https://rtb.openx.net/sync/dds?google_gid=CAESEB5-uyUsQ0r9G6m9JJTX3PU&google_cver=1&google_push=AQvitUJIz_7TBmS9MfyNM7CVGVFYbTzy0mpmQN8a1XgmLaEbfQUaGWiQ_ZmiH_zhmck-6OkMgtnN43-XdIUSSJuJlYqQ4gPZZnoN HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEB5-uyUsQ0r9G6m9JJTX3PU&google_cver=1&google_push=AQvitUJIz_7TBmS9MfyNM7CVGVFYbTzy0mpmQN8a1XgmLaEbfQUaGWiQ_ZmiH_zhmck-6OkMgtnN43-XdIUSSJuJlYqQ4gPZZnoN&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJIz_7TBmS9MfyNM7CVGVFYbTzy0mpmQN8a1XgmLaEbfQUaGWiQ_ZmiH_zhmck-6OkMgtnN43-XdIUSSJuJlYqQ4gPZZnoN&google_hm=JY6RE71kysQrH5HogbgD_Q==

Request Chain 87

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESECLeHJ0qi2zgpfDX_ZTuqZg&google_cver=1&google_push=AQvitUJhemp0GqaE_Rs9CVlJExOitC_aUT5PAwoYYES8BGa0HtQTI6qCx0C2WEa5Tvevd6pXwBZTvS0nSD5E-STuMLEegSS-3COEMg HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESECLeHJ0qi2zgpfDX_ZTuqZg&google_cver=1&google_push=AQvitUJhemp0GqaE_Rs9CVlJExOitC_aUT5PAwoYYES8BGa0HtQTI6qCx0C2WEa5Tvevd6pXwBZTvS0nSD5E-STuMLEegSS-3COEMg&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=XQvD4BhCRpaPBCfJjNt7mQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJhemp0GqaE_Rs9CVlJExOitC_aUT5PAwoYYES8BGa0HtQTI6qCx0C2WEa5Tvevd6pXwBZTvS0nSD5E-STuMLEegSS-3COEMg

Request Chain 88

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEA32TYsI1NckL-KYdcwpY-w&google_cver=1&google_push=AQvitUK8zC17VPAbyPtuw4pDC-SaQpjZyc9Ws2xdLU7ibvu_oQJliXRY7_q_4zdER71KrwDDEmFtaqv4-Uuo_-DkbPk0YoXkOyygxQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05RTTdIRFAtMjUtNE85VQ==&google_push=AQvitUK8zC17VPAbyPtuw4pDC-SaQpjZyc9Ws2xdLU7ibvu_oQJliXRY7_q_4zdER71KrwDDEmFtaqv4-Uuo_-DkbPk0YoXkOyygxQ

Request Chain 89

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDM3DEcOwvqcEogFfiWfQv4&google_cver=1&google_push=AQvitUIuQuXghPynBlU6LAaNV7c8xTlzQTdQma-RGkGwZFEvLeZyPOJ8oh8UqwhpFzlhdmg3ZtFtU_57szemloK2oh6u6nl4HDbRWg HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDM3DEcOwvqcEogFfiWfQv4&google_cver=1&google_push=AQvitUIuQuXghPynBlU6LAaNV7c8xTlzQTdQma-RGkGwZFEvLeZyPOJ8oh8UqwhpFzlhdmg3ZtFtU_57szemloK2oh6u6nl4HDbRWg&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YH9ZaPZoSzxBU7whEDPRtgAABJEAAAIB&google_gid=CAESEDM3DEcOwvqcEogFfiWfQv4&google_push=AQvitUIuQuXghPynBlU6LAaNV7c8xTlzQTdQma-RGkGwZFEvLeZyPOJ8oh8UqwhpFzlhdmg3ZtFtU_57szemloK2oh6u6nl4HDbRWg&google_cver=1

Request Chain 92

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitUJVGM_pN7k9U7ffLYGY-fV9GPRi2OlR0Ink1QPN2cTJiiuyz381U0mUZ5L7Y2f0choViZez7X17WVluJKr54DRPMgIfN-Wu&google_gid=CAESEBufeHzpSj1iXPpcj0xb564&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUg5WmFBQUFBRWh0WFc5Vg&google_push=AQvitUJVGM_pN7k9U7ffLYGY-fV9GPRi2OlR0Ink1QPN2cTJiiuyz381U0mUZ5L7Y2f0choViZez7X17WVluJKr54DRPMgIfN-Wu

Request Chain 93

https://rtb.openx.net/sync/dds?google_gid=CAESEOEEmrjPN3Xa9z4E1_2RPkc&google_cver=1&google_push=AQvitUJTVjrCvSPcq94K9bp2tqjl9RdXW_WmZqNqGkn85th9ixBIyWyxbsh9yOlo8QEbfrGGG7PVVeO77rtMth0bSDkaYUp9SJWN HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEOEEmrjPN3Xa9z4E1_2RPkc&google_cver=1&google_push=AQvitUJTVjrCvSPcq94K9bp2tqjl9RdXW_WmZqNqGkn85th9ixBIyWyxbsh9yOlo8QEbfrGGG7PVVeO77rtMth0bSDkaYUp9SJWN&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJTVjrCvSPcq94K9bp2tqjl9RdXW_WmZqNqGkn85th9ixBIyWyxbsh9yOlo8QEbfrGGG7PVVeO77rtMth0bSDkaYUp9SJWN&google_hm=F4MW6HkuzBAQ2aZKpo1s2w==

Request Chain 94

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEFqmdV3liins8DWvzad7qHM&google_cver=1&google_push=AQvitUKty2jFofy94564ZwV4g8SFzlSZnPEzmn1gH9mHUjWvwt7hNX8GVlwlLKfIkY_RkwzRRkP75RPBXNwLTJG0ipxNq7cV26Kf HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEFqmdV3liins8DWvzad7qHM&google_cver=1&google_push=AQvitUKty2jFofy94564ZwV4g8SFzlSZnPEzmn1gH9mHUjWvwt7hNX8GVlwlLKfIkY_RkwzRRkP75RPBXNwLTJG0ipxNq7cV26Kf&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=3FfJ0p2vQ6KkYELRzjp8yA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKty2jFofy94564ZwV4g8SFzlSZnPEzmn1gH9mHUjWvwt7hNX8GVlwlLKfIkY_RkwzRRkP75RPBXNwLTJG0ipxNq7cV26Kf

Request Chain 95

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESELUvDMxgtFb6Ohtao-7EPlw&google_cver=1&google_push=AQvitULxkpqpQNi0xXj-wA5N1yctEFI8L6AQZ0HHNdqAbcKxXfHr-abK93YKf58_En5SbdgriJ0fLjvO8Vok0sG7juFOUKtKL118 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05RTTdIRUctNS02MFJL&google_push=AQvitULxkpqpQNi0xXj-wA5N1yctEFI8L6AQZ0HHNdqAbcKxXfHr-abK93YKf58_En5SbdgriJ0fLjvO8Vok0sG7juFOUKtKL118

Request Chain 96

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPUOQFoxbYFB3sRzNoRcgnM&google_cver=1&google_push=AQvitUKdTGWjb2PIGREhRaTrGE-mjHJcs1ycXpREPjxQbXLCWC4fPCUeExP_aOr6AOAsItJh9Wwc7jREnshBJcR2PHY0hJhmca0 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPUOQFoxbYFB3sRzNoRcgnM&google_cver=1&google_push=AQvitUKdTGWjb2PIGREhRaTrGE-mjHJcs1ycXpREPjxQbXLCWC4fPCUeExP_aOr6AOAsItJh9Wwc7jREnshBJcR2PHY0hJhmca0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YH9ZaPZoSzxBU7whEDPRuAAABFoAAAIB&google_push=AQvitUKdTGWjb2PIGREhRaTrGE-mjHJcs1ycXpREPjxQbXLCWC4fPCUeExP_aOr6AOAsItJh9Wwc7jREnshBJcR2PHY0hJhmca0&google_gid=CAESEPUOQFoxbYFB3sRzNoRcgnM&google_cver=1

Request Chain 102

https://www.awin1.com/cshow.php?s=2846676&v=14098&q=409715&r=296283&pref1=86004800003811902179195011571001&pv=0 HTTP 302
https://cdn.contentspread.net/24i/advertiser/3839/creativesup/kl_kts_728x90px.gif

111 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
jibundedekirukogao.dt25.net/ 8 KB
3 KB 1063ms
272ms Document
text/html 210.188.201.43
SAKURA-C SAKURA I...

General

Check archive.org

Show headers Download Go to

Full URL: https://jibundedekirukogao.dt25.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 210.188.201.43 , Japan, ASN9371 (SAKURA-C SAKURA Internet Inc., JP),
Reverse DNS: sv82.xserver.jp
Software: nginx /
Resource Hash: 1a0ac2a3a3c0169bbe335a8075500254a2771928031924123e78844a5ee3897c

Request headers

:method: GET
:authority: jibundedekirukogao.dt25.net
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server: nginx
date: Tue, 20 Apr 2021 22:44:55 GMT
content-type: text/html
vary: Accept-Encoding
last-modified: Thu, 10 Oct 2019 22:48:17 GMT
etag: W/"1f18-59496328df9e4"
content-encoding: gzip

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 133 KB
48 KB 42ms
21ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: jibundedekirukogao.dt25.net
URL: https://jibundedekirukogao.dt25.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8e7e1c0ca7f4b5de4bf685edab1b4db31bff56e83fa2745700947fea85ff3095

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://jibundedekirukogao.dt25.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:44:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48177
x-xss-protection: 0
server: cafe
etag: 991419791532950054
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 20 Apr 2021 22:44:55 GMT

GET
H2 200 base.css
jibundedekirukogao.dt25.net/style/css/ 8 KB
3 KB 274ms
273ms Stylesheet
text/css 210.188.201.43
SAKURA-C SAKURA I...

General

Check archive.org

Show headers Download Go to

Full URL: https://jibundedekirukogao.dt25.net/style/css/base.css
Requested by: Host: jibundedekirukogao.dt25.net
URL: https://jibundedekirukogao.dt25.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 210.188.201.43 , Japan, ASN9371 (SAKURA-C SAKURA Internet Inc., JP),
Reverse DNS: sv82.xserver.jp
Software: nginx /
Resource Hash: 7b6efeab19d4d63217545b21b431633d67960189397bfeec860dc9dfd4519744

Request headers

:path: /style/css/base.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: jibundedekirukogao.dt25.net
referer: https://jibundedekirukogao.dt25.net/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://jibundedekirukogao.dt25.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:44:55 GMT
content-encoding: gzip
last-modified: Thu, 02 May 2019 19:58:00 GMT
server: nginx
etag: W/"2148-587ed0d1c20cb"
vary: Accept-Encoding
content-type: text/css

GET
H2 200 style.css
jibundedekirukogao.dt25.net/style/css/ 7 KB
1 KB 274ms
273ms Stylesheet
text/css 210.188.201.43
SAKURA-C SAKURA I...

General

Check archive.org

Show headers Download Go to

Full URL: https://jibundedekirukogao.dt25.net/style/css/style.css
Requested by: Host: jibundedekirukogao.dt25.net
URL: https://jibundedekirukogao.dt25.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 210.188.201.43 , Japan, ASN9371 (SAKURA-C SAKURA Internet Inc., JP),
Reverse DNS: sv82.xserver.jp
Software: nginx /
Resource Hash: cbeda32f538a5c88837b4231b37ef6f0fec2f295a6a8f7c0dcf92a610afb821a

Request headers

:path: /style/css/style.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: jibundedekirukogao.dt25.net
referer: https://jibundedekirukogao.dt25.net/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://jibundedekirukogao.dt25.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:44:55 GMT
content-encoding: gzip
last-modified: Thu, 02 May 2019 19:58:00 GMT
server: nginx
etag: W/"1ac8-587ed0d1ff92c"
vary: Accept-Encoding
content-type: text/css

GET
H2 200 ie.css
jibundedekirukogao.dt25.net/style/css/ 249 B
381 B 274ms
273ms Stylesheet
text/css 210.188.201.43
SAKURA-C SAKURA I...

General

Check archive.org

Show headers Download Go to

Full URL: https://jibundedekirukogao.dt25.net/style/css/ie.css
Requested by: Host: jibundedekirukogao.dt25.net
URL: https://jibundedekirukogao.dt25.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 210.188.201.43 , Japan, ASN9371 (SAKURA-C SAKURA Internet Inc., JP),
Reverse DNS: sv82.xserver.jp
Software: nginx /
Resource Hash: 374c8dbc4170be246f238b17dc43ab7ab5a56793a5d67b91e345dcb4f5aed18d

Request headers

:path: /style/css/ie.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: jibundedekirukogao.dt25.net
referer: https://jibundedekirukogao.dt25.net/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://jibundedekirukogao.dt25.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:44:55 GMT
last-modified: Thu, 02 May 2019 19:58:00 GMT
server: nginx
accept-ranges: bytes
etag: "f9-587ed0d1dd64c"
content-length: 249
content-type: text/css

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210415/r20190131/ 222 KB
83 KB 40ms
27ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210415/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8819204778002912&plah=jibundedekirukogao.dt25.net&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f54415e29eb70befe2473a69a097e33e3f1e90376016243b2af5173f2c87bd23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://jibundedekirukogao.dt25.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:44:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 84655
x-xss-protection: 0
server: cafe
etag: 16615013293570182620
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 20 Apr 2021 22:44:55 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210415/r20190131/ Frame 5271 10 KB
5 KB 25ms
6ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210415/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210415/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://jibundedekirukogao.dt25.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://jibundedekirukogao.dt25.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 20 Apr 2021 14:42:17 GMT
expires: Tue, 04 May 2021 14:42:17 GMT
content-type: text/html; charset=UTF-8
etag: 10446291943670460780
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4644
x-xss-protection: 0
age: 28958
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 198 B
638 B 91ms
33ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=jibundedekirukogao.dt25.net&callback=_gfp_s_&client=ca-pub-8819204778002912

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210415/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8819204778002912&plah=jibundedekirukogao.dt25.net&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

569b6922d0065eccd95ed7158c81b29291be3de77d42517ec7e8f548b1394741

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://jibundedekirukogao.dt25.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:44:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 189
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
799 B 35ms
14ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=jibundedekirukogao.dt25.net

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://jibundedekirukogao.dt25.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 20 Apr 2021 22:44:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
553 B 34ms
13ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=jibundedekirukogao.dt25.net

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://jibundedekirukogao.dt25.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 20 Apr 2021 22:44:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B984 54 B
56 B 76ms
63ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&adk=1812271804&adf=3025194257&lmt=1570747697&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958695778&bpp=4&bdt=78&idt=69&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1261708783428&frm=20&pv=2&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&dtd=101

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

166a4ec3cb90d525f7f744c7616c01b36bebd6dcecd486c8f5be14ccc0a7b3da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-8819204778002912&output=html&adk=1812271804&adf=3025194257&lmt=1570747697&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958695778&bpp=4&bdt=78&idt=69&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1261708783428&frm=20&pv=2&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&dtd=101
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://jibundedekirukogao.dt25.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://jibundedekirukogao.dt25.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 20 Apr 2021 22:44:55 GMT
server: cafe
content-length: 34
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 20-Apr-2021 22:59:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 20 Apr 2021 22:44:55 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 33ms
14ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32feae1eaa46d369fe0a42d46b7e90a05cce2cdb8dc87c4dde67315e0d2a26f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://jibundedekirukogao.dt25.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:44:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1618831909828443"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28266
x-xss-protection: 0
expires: Tue, 20 Apr 2021 22:44:55 GMT

GET
H2 200 body_bg.gif
jibundedekirukogao.dt25.net/style/img/ 205 B
338 B 273ms
272ms Image
image/gif 210.188.201.43
SAKURA-C SAKURA I...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jibundedekirukogao.dt25.net/style/img/body_bg.gif
Requested by: Host: jibundedekirukogao.dt25.net
URL: https://jibundedekirukogao.dt25.net/style/css/base.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 210.188.201.43 , Japan, ASN9371 (SAKURA-C SAKURA Internet Inc., JP),
Reverse DNS: sv82.xserver.jp
Software: nginx /
Resource Hash: 36e919f0513f552e7e796f66fde18b1b2e19625b054e96b7089cc2d31edbb0f1

Request headers

:path: /style/img/body_bg.gif
pragma: no-cache
cookie: gadsTest=test; __gads=ID=d20ea468cc06fb18-22b9958fecc7008e:T=1618958695:RT=1618958695:S=ALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: jibundedekirukogao.dt25.net
referer: https://jibundedekirukogao.dt25.net/style/css/base.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://jibundedekirukogao.dt25.net/style/css/base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:44:56 GMT
last-modified: Thu, 02 May 2019 19:58:01 GMT
server: nginx
accept-ranges: bytes
etag: "cd-587ed0d2567cd"
content-length: 205
content-type: image/gif

GET
H2 200 wrapper_bg_left.gif
jibundedekirukogao.dt25.net/style/img/ 263 B
397 B 273ms
272ms Image
image/gif 210.188.201.43
SAKURA-C SAKURA I...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jibundedekirukogao.dt25.net/style/img/wrapper_bg_left.gif
Requested by: Host: jibundedekirukogao.dt25.net
URL: https://jibundedekirukogao.dt25.net/style/css/base.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 210.188.201.43 , Japan, ASN9371 (SAKURA-C SAKURA Internet Inc., JP),
Reverse DNS: sv82.xserver.jp
Software: nginx /
Resource Hash: 966c211fe65ffa6a9480283eeb514b5c85c4f88cf76946b843507571f05e262a

Request headers

:path: /style/img/wrapper_bg_left.gif
pragma: no-cache
cookie: gadsTest=test; __gads=ID=d20ea468cc06fb18-22b9958fecc7008e:T=1618958695:RT=1618958695:S=ALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: jibundedekirukogao.dt25.net
referer: https://jibundedekirukogao.dt25.net/style/css/base.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://jibundedekirukogao.dt25.net/style/css/base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:44:56 GMT
last-modified: Thu, 02 May 2019 19:58:02 GMT
server: nginx
accept-ranges: bytes
etag: "107-587ed0d3e3f33"
content-length: 263
content-type: image/gif

GET
H2 200 kanban_bg.jpg
jibundedekirukogao.dt25.net/style/img/ 8 KB
8 KB 273ms
272ms Image
image/jpeg 210.188.201.43
SAKURA-C SAKURA I...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jibundedekirukogao.dt25.net/style/img/kanban_bg.jpg
Requested by: Host: jibundedekirukogao.dt25.net
URL: https://jibundedekirukogao.dt25.net/style/css/base.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 210.188.201.43 , Japan, ASN9371 (SAKURA-C SAKURA Internet Inc., JP),
Reverse DNS: sv82.xserver.jp
Software: nginx /
Resource Hash: 61f3994bd79e8f77a3a8e7630d7ad11ea2b4d6ab5bcdefa5c4b8a5ca0e7dc82a

Request headers

:path: /style/img/kanban_bg.jpg
pragma: no-cache
cookie: gadsTest=test; __gads=ID=d20ea468cc06fb18-22b9958fecc7008e:T=1618958695:RT=1618958695:S=ALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: jibundedekirukogao.dt25.net
referer: https://jibundedekirukogao.dt25.net/style/css/base.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://jibundedekirukogao.dt25.net/style/css/base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:44:56 GMT
last-modified: Thu, 02 May 2019 19:58:01 GMT
server: nginx
accept-ranges: bytes
etag: "1ef4-587ed0d2ce9af"
content-length: 7924
content-type: image/jpeg

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 29ms
16ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=jibundedekirukogao.dt25.net

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://jibundedekirukogao.dt25.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 20 Apr 2021 22:44:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 29ms
15ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=jibundedekirukogao.dt25.net

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://jibundedekirukogao.dt25.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 20 Apr 2021 22:44:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 730D 405 B
229 B 60ms
60ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=15&slotname=9751991989&adk=3845026852&adf=402710408&pi=t.ma~as.9751991989&w=728&lmt=1570747697&psa=0&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958695987&bpp=2&bdt=287&idt=2&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=414&ady=87&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=k94BFT6YUE&p=https%3A//jibundedekirukogao.dt25.net&dtd=7

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1acb84ad79a9555c1810d4791a7dd32ea3fcdc0adce2f7cb99f369ecdb21fe6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-8819204778002912&output=html&h=15&slotname=9751991989&adk=3845026852&adf=402710408&pi=t.ma~as.9751991989&w=728&lmt=1570747697&psa=0&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958695987&bpp=2&bdt=287&idt=2&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=414&ady=87&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=k94BFT6YUE&p=https%3A//jibundedekirukogao.dt25.net&dtd=7
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://jibundedekirukogao.dt25.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://jibundedekirukogao.dt25.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 20 Apr 2021 22:44:56 GMT
server: cafe
content-length: 205
x-xss-protection: 0
set-cookie: IDE=AHWqTUm4cODsECCsFhJ4uUfBJOb4DwHB6_AD2OYY0v2dr-xM3FFNZrLSDnGWsmyGVbU; expires=Sun, 15-May-2022 22:44:56 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 20 Apr 2021 22:44:56 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7A94 405 B
229 B 96ms
95ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=250&slotname=8561685583&adk=1410419542&adf=4274972013&pi=t.ma~as.8561685583&w=250&lmt=1570747697&psa=0&format=250x250&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958695999&bpp=3&bdt=298&idt=3&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=647&ady=176&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=7iiM9rwfpA&p=https%3A//jibundedekirukogao.dt25.net&dtd=8

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

753e9b80177a17f66245005bf2efcf16ed975d36d066588f213ca79f646e8b17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-8819204778002912&output=html&h=250&slotname=8561685583&adk=1410419542&adf=4274972013&pi=t.ma~as.8561685583&w=250&lmt=1570747697&psa=0&format=250x250&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958695999&bpp=3&bdt=298&idt=3&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=647&ady=176&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=7iiM9rwfpA&p=https%3A//jibundedekirukogao.dt25.net&dtd=8
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://jibundedekirukogao.dt25.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://jibundedekirukogao.dt25.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 20 Apr 2021 22:44:56 GMT
server: cafe
content-length: 205
x-xss-protection: 0
set-cookie: IDE=AHWqTUlO9_AsG8EbwO_YyrJzryDcdtfTXR65zYiL6AjJNBPLqclaJqTdcb9cJHRWvnc; expires=Sun, 15-May-2022 22:44:56 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 20 Apr 2021 22:44:56 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7847 14 KB
7 KB 107ms
106ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=250&slotname=3379513183&adk=3419604076&adf=2457737313&pi=t.ma~as.3379513183&w=250&lmt=1570747697&psa=0&format=250x250&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696012&bpp=1&bdt=311&idt=1&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=907&ady=176&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&xpc=lDtErgvsIY&p=https%3A//jibundedekirukogao.dt25.net&dtd=5

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ba2c7aa4cc7b01640f18e41e148ea35e82aa19fe1474a4649e20b4ab03a80fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-8819204778002912&output=html&h=250&slotname=3379513183&adk=3419604076&adf=2457737313&pi=t.ma~as.3379513183&w=250&lmt=1570747697&psa=0&format=250x250&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696012&bpp=1&bdt=311&idt=1&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=907&ady=176&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&xpc=lDtErgvsIY&p=https%3A//jibundedekirukogao.dt25.net&dtd=5
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://jibundedekirukogao.dt25.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://jibundedekirukogao.dt25.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 20 Apr 2021 22:44:56 GMT
server: cafe
content-length: 7226
x-xss-protection: 0
set-cookie: IDE=AHWqTUkGdMXztfHM9Wl9U3Y4WbgcyWko8Mlh3dkvy2QCaHx823McdKlp7xe9dz2Ef58; expires=Sun, 15-May-2022 22:44:56 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 20 Apr 2021 22:44:56 GMT
cache-control: private

GET
H2 200 h2_bg.gif
jibundedekirukogao.dt25.net/style/img/ 1 KB
2 KB 274ms
273ms Image
image/gif 210.188.201.43
SAKURA-C SAKURA I...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jibundedekirukogao.dt25.net/style/img/h2_bg.gif
Requested by: Host: jibundedekirukogao.dt25.net
URL: https://jibundedekirukogao.dt25.net/style/css/base.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 210.188.201.43 , Japan, ASN9371 (SAKURA-C SAKURA Internet Inc., JP),
Reverse DNS: sv82.xserver.jp
Software: nginx /
Resource Hash: cab74b4c1b5e1ffd31e4b19e6e20f56a7895cd7a301cbfd0ca901d26bf4622bd

Request headers

:path: /style/img/h2_bg.gif
pragma: no-cache
cookie: gadsTest=test; __gads=ID=d20ea468cc06fb18-22b9958fecc7008e:T=1618958695:RT=1618958695:S=ALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: jibundedekirukogao.dt25.net
referer: https://jibundedekirukogao.dt25.net/style/css/base.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://jibundedekirukogao.dt25.net/style/css/base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:44:56 GMT
last-modified: Thu, 02 May 2019 19:58:01 GMT
server: nginx
accept-ranges: bytes
etag: "5aa-587ed0d297eae"
content-length: 1450
content-type: image/gif

GET
H2 200 h3_bg.gif
jibundedekirukogao.dt25.net/style/img/ 52 B
184 B 273ms
272ms Image
image/gif 210.188.201.43
SAKURA-C SAKURA I...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jibundedekirukogao.dt25.net/style/img/h3_bg.gif
Requested by: Host: jibundedekirukogao.dt25.net
URL: https://jibundedekirukogao.dt25.net/style/css/base.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 210.188.201.43 , Japan, ASN9371 (SAKURA-C SAKURA Internet Inc., JP),
Reverse DNS: sv82.xserver.jp
Software: nginx /
Resource Hash: 4100200983407896b68dba6990abd1f94c96da85961db6d94718fda3eb4c462c

Request headers

:path: /style/img/h3_bg.gif
pragma: no-cache
cookie: gadsTest=test; __gads=ID=d20ea468cc06fb18-22b9958fecc7008e:T=1618958695:RT=1618958695:S=ALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: jibundedekirukogao.dt25.net
referer: https://jibundedekirukogao.dt25.net/style/css/base.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://jibundedekirukogao.dt25.net/style/css/base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:44:56 GMT
last-modified: Thu, 02 May 2019 19:58:01 GMT
server: nginx
accept-ranges: bytes
etag: "34-587ed0d2b14ef"
content-length: 52
content-type: image/gif

GET
H2 200 page_btn.gif
jibundedekirukogao.dt25.net/style/img/ 120 B
253 B 484ms
484ms Image
image/gif 210.188.201.43
SAKURA-C SAKURA I...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jibundedekirukogao.dt25.net/style/img/page_btn.gif
Requested by: Host: jibundedekirukogao.dt25.net
URL: https://jibundedekirukogao.dt25.net/style/css/base.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 210.188.201.43 , Japan, ASN9371 (SAKURA-C SAKURA Internet Inc., JP),
Reverse DNS: sv82.xserver.jp
Software: nginx /
Resource Hash: 92979cafefd4019ad1e8f1b2012125d62b48b3b2cbc4d765e9e5aaaf0bee688e

Request headers

:path: /style/img/page_btn.gif
pragma: no-cache
cookie: gadsTest=test; __gads=ID=d20ea468cc06fb18-22b9958fecc7008e:T=1618958695:RT=1618958695:S=ALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: jibundedekirukogao.dt25.net
referer: https://jibundedekirukogao.dt25.net/style/css/base.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://jibundedekirukogao.dt25.net/style/css/base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:44:56 GMT
last-modified: Thu, 02 May 2019 19:58:01 GMT
server: nginx
accept-ranges: bytes
etag: "78-587ed0d32e4f1"
content-length: 120
content-type: image/gif

GET
H2 404 side_title_bg.gif
jibundedekirukogao.dt25.net/style/img/ 3 KB
3 KB 485ms
484ms Image
text/html 210.188.201.43
SAKURA-C SAKURA I...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jibundedekirukogao.dt25.net/style/img/side_title_bg.gif
Requested by: Host: jibundedekirukogao.dt25.net
URL: https://jibundedekirukogao.dt25.net/style/css/base.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 210.188.201.43 , Japan, ASN9371 (SAKURA-C SAKURA Internet Inc., JP),
Reverse DNS: sv82.xserver.jp
Software: nginx /
Resource Hash: d365165afdcb6f4108f403153aa460fd81c69824524df90d8a9ed4853f82e49f

Request headers

:path: /style/img/side_title_bg.gif
pragma: no-cache
cookie: gadsTest=test; __gads=ID=d20ea468cc06fb18-22b9958fecc7008e:T=1618958695:RT=1618958695:S=ALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: jibundedekirukogao.dt25.net
referer: https://jibundedekirukogao.dt25.net/style/css/base.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://jibundedekirukogao.dt25.net/style/css/base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:44:56 GMT
content-encoding: gzip
last-modified: Wed, 18 Jul 2018 17:31:35 GMT
server: nginx
etag: W/"afe-571496f2aa9e3"
vary: Accept-Encoding
content-type: text/html

GET
H2 200 navies_li.gif
jibundedekirukogao.dt25.net/style/img/ 110 B
243 B 484ms
484ms Image
image/gif 210.188.201.43
SAKURA-C SAKURA I...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jibundedekirukogao.dt25.net/style/img/navies_li.gif
Requested by: Host: jibundedekirukogao.dt25.net
URL: https://jibundedekirukogao.dt25.net/style/css/base.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 210.188.201.43 , Japan, ASN9371 (SAKURA-C SAKURA Internet Inc., JP),
Reverse DNS: sv82.xserver.jp
Software: nginx /
Resource Hash: 3710d76ed137904196e68411fa784229749f004a0b4b16cfc191bbc273244f57

Request headers

:path: /style/img/navies_li.gif
pragma: no-cache
cookie: gadsTest=test; __gads=ID=d20ea468cc06fb18-22b9958fecc7008e:T=1618958695:RT=1618958695:S=ALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: jibundedekirukogao.dt25.net
referer: https://jibundedekirukogao.dt25.net/style/css/base.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://jibundedekirukogao.dt25.net/style/css/base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:44:56 GMT
last-modified: Thu, 02 May 2019 19:58:01 GMT
server: nginx
accept-ranges: bytes
etag: "6e-587ed0d2f0c90"
content-length: 110
content-type: image/gif

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 807D 13 KB
7 KB 107ms
106ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=600&slotname=3613768783&adk=94595765&adf=282678229&pi=t.ma~as.3613768783&w=160&lmt=1570747697&psa=0&format=160x600&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696043&bpp=1&bdt=343&idt=1&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250%2C250x250&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=427&ady=374&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=UoXFPF44NY&p=https%3A//jibundedekirukogao.dt25.net&dtd=3

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

802a3841836b708b7cbcbadb00aee09e22c660bff1c295150fdf033b46a547a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-8819204778002912&output=html&h=600&slotname=3613768783&adk=94595765&adf=282678229&pi=t.ma~as.3613768783&w=160&lmt=1570747697&psa=0&format=160x600&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696043&bpp=1&bdt=343&idt=1&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250%2C250x250&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=427&ady=374&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=UoXFPF44NY&p=https%3A//jibundedekirukogao.dt25.net&dtd=3
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://jibundedekirukogao.dt25.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://jibundedekirukogao.dt25.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 20 Apr 2021 22:44:56 GMT
server: cafe
content-length: 7162
x-xss-protection: 0
set-cookie: IDE=AHWqTUlUx9YZbsbkZ3Wrr6g-g4yKLMiLAHaFyplc9fU0BicY-HDNsv94AyVywkbDXfQ; expires=Sun, 15-May-2022 22:44:56 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 20 Apr 2021 22:44:56 GMT
cache-control: private

GET
H2 200 footer_bg.jpg
jibundedekirukogao.dt25.net/style/img/ 376 B
511 B 457ms
457ms Image
image/jpeg 210.188.201.43
SAKURA-C SAKURA I...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jibundedekirukogao.dt25.net/style/img/footer_bg.jpg
Requested by: Host: jibundedekirukogao.dt25.net
URL: https://jibundedekirukogao.dt25.net/style/css/base.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 210.188.201.43 , Japan, ASN9371 (SAKURA-C SAKURA Internet Inc., JP),
Reverse DNS: sv82.xserver.jp
Software: nginx /
Resource Hash: 570eb65eeda36596fbd65b7187972092ea068478cbad5f6dd3fc3149cd0ae572

Request headers

:path: /style/img/footer_bg.jpg
pragma: no-cache
cookie: gadsTest=test; __gads=ID=d20ea468cc06fb18-22b9958fecc7008e:T=1618958695:RT=1618958695:S=ALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: jibundedekirukogao.dt25.net
referer: https://jibundedekirukogao.dt25.net/style/css/base.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://jibundedekirukogao.dt25.net/style/css/base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:44:56 GMT
last-modified: Thu, 02 May 2019 19:58:01 GMT
server: nginx
accept-ranges: bytes
etag: "178-587ed0d28174e"
content-length: 376
content-type: image/jpeg

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D9EF 14 KB
7 KB 127ms
126ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=90&slotname=9366493185&adk=2171484123&adf=2334505472&pi=t.ma~as.9366493185&w=728&lmt=1570747697&psa=0&format=728x90&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696050&bpp=4&bdt=350&idt=4&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250%2C250x250%2C160x600&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=1431&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=IcKvSntUZu&p=https%3A//jibundedekirukogao.dt25.net&dtd=7

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

daff8dc77812d8005f48497891983924b94681969a67c9f71d4cadfa84683bf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-8819204778002912&output=html&h=90&slotname=9366493185&adk=2171484123&adf=2334505472&pi=t.ma~as.9366493185&w=728&lmt=1570747697&psa=0&format=728x90&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696050&bpp=4&bdt=350&idt=4&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250%2C250x250%2C160x600&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=1431&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=IcKvSntUZu&p=https%3A//jibundedekirukogao.dt25.net&dtd=7
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://jibundedekirukogao.dt25.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm4cODsECCsFhJ4uUfBJOb4DwHB6_AD2OYY0v2dr-xM3FFNZrLSDnGWsmyGVbU
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://jibundedekirukogao.dt25.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 20 Apr 2021 22:44:56 GMT
server: cafe
content-length: 7463
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6CFA 405 B
224 B 45ms
45ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=15&slotname=9751991989&adk=2477136073&adf=3017637576&pi=t.ma~as.9751991989&w=728&lmt=1570747697&psa=0&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696060&bpp=1&bdt=359&idt=1&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250%2C250x250%2C160x600%2C728x90&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=1521&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=7GD0olG6Mj&p=https%3A//jibundedekirukogao.dt25.net&dtd=4

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

167c433f4f52bf52b6d84f4941c810f72dea47c2db6d82b17efa6cfe3855a186

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-8819204778002912&output=html&h=15&slotname=9751991989&adk=2477136073&adf=3017637576&pi=t.ma~as.9751991989&w=728&lmt=1570747697&psa=0&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696060&bpp=1&bdt=359&idt=1&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250%2C250x250%2C160x600%2C728x90&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=1521&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=7GD0olG6Mj&p=https%3A//jibundedekirukogao.dt25.net&dtd=4
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://jibundedekirukogao.dt25.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm4cODsECCsFhJ4uUfBJOb4DwHB6_AD2OYY0v2dr-xM3FFNZrLSDnGWsmyGVbU
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://jibundedekirukogao.dt25.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 20 Apr 2021 22:44:56 GMT
server: cafe
content-length: 204
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame 7847 2 KB
2 KB 141ms
48ms Script
application/x-javascript 185.29.135.190
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTURSaFpqTTRNMk10TnpWaU15MWhZVEkyTFRBd01EQXRNREF3TURBd01EQXdNREF3LzM3ODg5ODc1MDE2NDE4ODk1Ny82NjIyMzI1LzQ1NjIzMDYvNC80Wm4tOEhpdGlDa0xTVTNyR1c1aHlDbzk1VjNSZ01pS2pZVEJ0SkdzN0pRLzEvNC8wLzAvOTU2ODAzLzAvMjE2NTM2LzY1MTg3MS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzM3ODg5ODc1MDE2NDE4ODk1Ny9hbXMvMC8yMTAvMy85OTkvNjYvMmEwMTo0Zjg6MTkyOjovMC4wMDAvMTYxODk1ODY5NS8xNjE4OTcxMjk1LzQvcHViLTg4MTkyMDQ3NzgwMDI5MTIv/g7vLNrjTMWC4cCHkDs2bpzXchvQ&nodeid=2817&group=eu&auctionid=378898750164188957&sid=4562306&cid=6622325&bp=a_bjgfgc&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.89&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCI8QMaFl_YISfAtCNgQfRr7SQCc-HjptcwIbZgsYCwI23ARABIABglYr4gZQHggEXY2EtcHViLTg4MTkyMDQ3NzgwMDI5MTLIAQmoAwGqBLkBT9C-FtjfEIOM7khG1uGGy70LZrI8gm_dL7QFBUUZ6eHz6fCYc-ZbmZc5j4HpiC8obaxCtkCaHnWcHT4vqEzR8NIzFGJB4urmTsYmcm8MPI23c1_mZ1gIychHMdjzBUgIxzExxszEDd4PDa8wkFtkO8hRNMj7K7rnIvfS23uzZAg0THzLMJcXyEMuEmNcIgwEE-CGbcamy1gwcXkolAvx2bsf8F-JhdX2WJJI78OmtrvlBgeigdegxPaABr_MxM6a-eOXgAGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_22j8Ry4eprH31PLjjPBIoGKjTCNA%26client%3Dca-pub-8819204778002912%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=250&slotname=3379513183&adk=3419604076&adf=2457737313&pi=t.ma~as.3379513183&w=250&lmt=1570747697&psa=0&format=250x250&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696012&bpp=1&bdt=311&idt=1&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=907&ady=176&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&xpc=lDtErgvsIY&p=https%3A//jibundedekirukogao.dt25.net&dtd=5
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.135.190 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.197.0 /
Resource Hash: 7bb3aa3a3564bba9896b55384a5b7d3ed063a6706ab4db87213bdc62b69b4376

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Apr 2021 22:44:55 GMT
Content-Encoding: gzip
x-mm-bid-request-time: 1618958695
Last-Modified: Tue, 20 Apr 2021 22:44:55 GMT
Server: MMBD/3.197.0
x-mm-latency: 4 (4)
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
x-mm-dbg: Count
Cache-Control: no-cache
x-mm-host: cdg-router-x43, cdg-bidder-x166
Connection: close
Content-Type: application/x-javascript; charset=UTF-8
Expires: Tue, 20 Apr 2021 22:44:54 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210415/r20110914/client/ Frame 7847 2 KB
2 KB 26ms
5ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210415/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=250&slotname=3379513183&adk=3419604076&adf=2457737313&pi=t.ma~as.3379513183&w=250&lmt=1570747697&psa=0&format=250x250&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696012&bpp=1&bdt=311&idt=1&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=907&ady=176&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&xpc=lDtErgvsIY&p=https%3A//jibundedekirukogao.dt25.net&dtd=5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:42:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 157
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 May 2021 22:42:19 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7847 118 KB
36 KB 28ms
14ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b79bbb4dde997e5ab5ccdc54788dfa659df09699a19aabff4c1ad10a20735b86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:44:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1618831897855645"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36793
x-xss-protection: 0
expires: Tue, 20 Apr 2021 22:44:56 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210415/r20110914/client/ Frame 7847 13 KB
6 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210415/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

231064110361844d6320331a5c35979c2a492a546604d97181eb6cf7aa4ae1cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:41:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 213
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5602
x-xss-protection: 0
server: cafe
etag: 7525161794280374107
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 May 2021 22:41:23 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 7847 0
0 47ms
47ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cb8aPaFl_YISfAtCNgQfRr7SQCc-HjptcwIbZgsYCwI23ARABIABglYr4gZQHggEXY2EtcHViLTg4MTkyMDQ3NzgwMDI5MTLIAQmoAwGqBLYBT9C-FtjfEIOM7khG1uGGy70LZrI8gm_dL7QFBUUZ6eHz6fCYc-ZbmZc5j4HpiC8obaxCtkCaHnWcHT4vqEzR8NIzFGJB4urmTsYmcm8MPI23c1_mZ1gIychHMdjzBUgIxzExxszEDd4PDa8wkFtkO8hRNMj7K7rnIvfS23uzZAg0THzLMJcXyEMuEmNcIgwEE-CGbcamy1gwcXkolAvx2bsf8F_Lh9hk9ALs6E4C_hA9RqhSnMOABr_MxM6a-eOXgAGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAYAKAfoLAggBgAwB0BUBgBcBshcYChYSFHB1Yi04ODE5MjA0Nzc4MDAyOTEy&sigh=K5mhgmJQFQQ&tpd=AGWhJmsIIH4Nw352JcosmvnXLWJtnLuyuQO5A-F8bhY6aqud_ret5K15T-4KRtXB9V9Qn8FtrY1vMWyphessHVR-f6j2Ai__Ra6dyc-fGVZTj9UfeEY4lDkQTm3jv4fTnhXa30PwVryhbynF9QoujC5HUaaO51O_VdRw74BARo3TPjzBKS0fC-gHQjucoW1QPHrEFtb1J9Fk3HhrzjYUJGsDo-kR7aulixEbH7VNRf9t3Nav1zOhPZCyKv72sc8Mz_wE9rAIulP47-XShj5uZsZG4zOiWsC6CZkSCXxTeFTlSvrPokd7IAa3VoodD9aZJzdt6u3MvCch_U2skAuZr5xIUVEa-5EsCAUPZCT1aUhKTxEX3ThkOsW6qbCUePXC5P6gL_zUJrMrtFznxydxM0CAhaZM19YRSDv5ZbLJU6253D7roDz4Khm_ryhlHaNrSstteTz30JoBzNTes5WDMZlcXy40M91_e21n5hzeI-KFqwG97tfhWqGSH77eDsrxf7lS7jsYnObm-oDQ92kADZgys0JR6-ZQtCyYQjtvmtGnX3b8ebBhbdhcGEoW7nGEAhOaslo0p6Ll-sQM6ItKUJs50pWF0eddMpS9XPExNXJ2PMj4CinJY_EETO6xH11kqGmdLPutjhMkHgG1PVr5e8sSP_kOQ-zg81wpWfTIg8rkZRx8TfZIgit0UYuSgR0tH9kjBk0oTk6yMmZ177xF9AS8TR2tVnwY4ohLlRbRZIvV37lhMFk8nZz5hUB2_xSJPkFfgGHNvgvjHljHfl-Hpzg6CtHE6HVi8dLkOyEAGEf5pTmzqXWbsq0WdQZzAMpSGhB3vC85sRui93Ol8igDmUn4ILd-wnB6Zw4GzfrVG8w6DF83Yh2zFY16vO3Y6ZjbSWhTXT7ij0m5Bt5DUJm9M8Tckub6aL3-pygWzyTCsf_yV8EB9oY9WEY25j0fsRQGd9IZ-Kp1yZa-d_HazGX3WQLmm78kwi88_M1aw8n6r564dk819glUeq9Q8olHTYCcy2xx4jngUkHyuGsV0Y2F-72B

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=250&slotname=3379513183&adk=3419604076&adf=2457737313&pi=t.ma~as.3379513183&w=250&lmt=1570747697&psa=0&format=250x250&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696012&bpp=1&bdt=311&idt=1&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=907&ady=176&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&xpc=lDtErgvsIY&p=https%3A//jibundedekirukogao.dt25.net&dtd=5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 20 Apr 2021 22:44:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame 807D 2 KB
2 KB 117ms
40ms Script
application/x-javascript 185.29.135.190
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTmpJeVpEYzROV1l0TlRCaU55MWlOak5oTFRBd01EQXRNREF3TURBd01EQXdNREF3LzcyOTY0Mjc3NzQ1NzQxMTEyMDAvODY3NTYwOC83MzI0NDE5LzQvbnhKcjRHc0E4eXVlckNjb19VWVFmem52TndPOXFCZ3NlM0xzd0Q0eWFzdy8xLzQvMC8wLzE1MTI1ODYvMC8yNDI4NzYvODYzMTgyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvODQ0OTM0OTI3OTE4MDk1ODAzNy9hbXMvMC8xNTcvMy85OTkvNjYvMmEwMTo0Zjg6MTkyOjovMC4wMDAvMTYxODk1ODY5NS8xNjE4OTcxMjk1LzQvcHViLTg4MTkyMDQ3NzgwMDI5MTIv/RJLGm9QesI1OJBNQeO9moI8VlFg&nodeid=1605&group=eu&auctionid=7296427774574111200&sid=7324419&cid=8675608&bp=a_agffcb&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.139&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCRxnfaFl_YKv7A6C5x_APksaBwAHPh46bXMCG2YLGAsCNtwEQASAAYJWK-IGUB4IBF2NhLXB1Yi04ODE5MjA0Nzc4MDAyOTEyyAEJqAMBqgSzAU_QyMRGYvrF_MpacyQ5sBZe0aZ9xpSfeI5nTtI3ozvQMX-xh-JSHZZ53qH3axKIuIZSiZj0I_MBYf8w58RvEEU6HsQ9vbrUbHk6lkJgB-eSuZs9ikQE9-S-s9qXrTVSizK5EE5uYnJbBPd_9mE_aETMogQsCq41IKc3slXop8Zcdaqu961uRwWAxgr3Vm9rIZY2pF5KGY0hn7Lz7bd6HBoPnxj4fFMDZ9KTeXx7zGRiXu6RgAb30dyH8dPYh-4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1R7VDzkGvkXMHPoHTvCVvLQn9Png%26client%3Dca-pub-8819204778002912%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=600&slotname=3613768783&adk=94595765&adf=282678229&pi=t.ma~as.3613768783&w=160&lmt=1570747697&psa=0&format=160x600&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696043&bpp=1&bdt=343&idt=1&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250%2C250x250&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=427&ady=374&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=UoXFPF44NY&p=https%3A//jibundedekirukogao.dt25.net&dtd=3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.135.190 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.197.0 /
Resource Hash: 2cac4ee6205a0d95fc3fff343576fcad096223030cd3efc54938cf9904b587a0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Apr 2021 22:44:55 GMT
Content-Encoding: gzip
x-mm-bid-request-time: 1618958695
Last-Modified: Tue, 20 Apr 2021 22:44:55 GMT
Server: MMBD/3.197.0
x-mm-latency: 1 (0)
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
x-mm-dbg: Count
Cache-Control: no-cache
x-mm-host: cdg-router-x99, cdg-bidder-x133
Connection: close
Content-Type: application/x-javascript; charset=UTF-8
Expires: Tue, 20 Apr 2021 22:44:54 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210415/r20110914/client/ Frame 807D 2 KB
1 KB 24ms
6ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210415/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=600&slotname=3613768783&adk=94595765&adf=282678229&pi=t.ma~as.3613768783&w=160&lmt=1570747697&psa=0&format=160x600&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696043&bpp=1&bdt=343&idt=1&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250%2C250x250&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=427&ady=374&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=UoXFPF44NY&p=https%3A//jibundedekirukogao.dt25.net&dtd=3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:42:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 157
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 May 2021 22:42:19 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 807D 118 KB
36 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b79bbb4dde997e5ab5ccdc54788dfa659df09699a19aabff4c1ad10a20735b86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:44:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1618831897855645"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36793
x-xss-protection: 0
expires: Tue, 20 Apr 2021 22:44:56 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210415/r20110914/client/ Frame 807D 13 KB
5 KB 23ms
6ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210415/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

231064110361844d6320331a5c35979c2a492a546604d97181eb6cf7aa4ae1cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:41:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 213
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5602
x-xss-protection: 0
server: cafe
etag: 7525161794280374107
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 May 2021 22:41:23 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 807D 0
0 15ms
13ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQhaRPczCq5sfA0gOCivMnkmdrCEdZpD6-_fCCgry5D8sQlo2vQiysIep5ZiL510XPlp3eYovkUEjHa6NUQJK2t0qRtMA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=600&slotname=3613768783&adk=94595765&adf=282678229&pi=t.ma~as.3613768783&w=160&lmt=1570747697&psa=0&format=160x600&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696043&bpp=1&bdt=343&idt=1&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250%2C250x250&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=427&ady=374&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=UoXFPF44NY&p=https%3A//jibundedekirukogao.dt25.net&dtd=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 807D 0
0 44ms
43ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CoCSSaFl_YKv7A6C5x_APksaBwAHPh46bXMCG2YLGAsCNtwEQASAAYJWK-IGUB4IBF2NhLXB1Yi04ODE5MjA0Nzc4MDAyOTEyyAEJqAMBqgSwAU_QyMRGYvrF_MpacyQ5sBZe0aZ9xpSfeI5nTtI3ozvQMX-xh-JSHZZ53qH3axKIuIZSiZj0I_MBYf8w58RvEEU6HsQ9vbrUbHk6lkJgB-eSuZs9ikQE9-S-s9qXrTVSizK5EE5uYnJbBPd_9mE_aETMogQsCq41IKc3slXop8Zcdaqu961uRwWAxgr3Vm9rIZY2pF5KGY0hn7Lz7bd6XhgCDbRo2FSOw5o4oTzUPHl2gAb30dyH8dPYh-4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGAoWEhRwdWItODgxOTIwNDc3ODAwMjkxMg&sigh=IthwRfpjK5g&tpd=AGWhJmugwirWUKeXu4uZbRLNmSBakLjOyj5fVF3XMDntJSDTmsX2JFOACyxvwT-HFxXq9QwpACpRvBr7I8J0BQCVIdLHTaVF0mnBA-RbzKAzxkYkyYnyR2EFOI_jZDt-FytkT9Sxc1uvbjr1cLq0cYRDHsIE9bMRXpFyjIjhl4Bka_z6DSy2zIsMKLH8Z55bAYSdRn3i83u8GmPD-NWSwOzxu7JQCfMKGObcrDZqIgsrTJkR1yx0zKZ9c-odVUCg4ltQN4aFTk0N06LuvPSIZhSsufZ_3VrIWj7-Ax0DOjipg_U4h8csVg6yh8QvfPg-2qq0LipSOzk0yzv9HxmPXbol1eT1fXouOx-Kj_sGLx0yGDPe_sHUO8xHVo-m-fufa_i7RpX9jjjiqLto-j3EMID9TRHi1JowooOPA49ma0ONJyICDcz8DA_EN7z5Xshnmm5oXfBle7gMgNCd5Lk7cElrXHa7TAaDteVf5Wi7TLS6XfYiRbyNeGfd22wtdEFxzeSc47_tVUnQblPVKOgIgOiW3daYSXAfYdq82dLT9psC9zsAdFgRtjVB3vXTEu_Wl7c84T3McQ9JgJYeZuZ-yYRL7l0dWpWZ1dASmivl5ACRaRtGiNS2As1Pv6n3hK6t2MO9RvG40_PIxouXaJwSjFXkbe2V5S_wSZNgurdn51xLRkq6KEIwroiKVzQGbM5SeoPDQMRBxBzg0LzAR_eZYXGuALJIcB-GUhafb3CZfUjhZBP4nmUyI4Jh7aYEpGwA_Z2018zsApLcWOi0tFOGxz70N7ee-GHusX3_eGCLKWrFUq0Jss3eLCLiAwHfNFkmY4maBfYa6M_cMq0GBPprpjc5Pu43bIimy9iadHhTLYNI8PoXPafTY2MEYkNOtsTCA-kmO-hs4AIVIp_VZQ8O4NKc7-WDAwenYXTKfDug9ANHZkh1q0uUhSrsAbcudiVTWNxauYqTv3GfuQxQeYst9Xf4FKBTvgqMGG1cSM6d3ZcqL7oqXVde4DWE4iuWbvGd7UC3kWVNfllduX8Xe7tmQNgKHjNl43r7

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=600&slotname=3613768783&adk=94595765&adf=282678229&pi=t.ma~as.3613768783&w=160&lmt=1570747697&psa=0&format=160x600&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696043&bpp=1&bdt=343&idt=1&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250%2C250x250&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=427&ady=374&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=UoXFPF44NY&p=https%3A//jibundedekirukogao.dt25.net&dtd=3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 20 Apr 2021 22:44:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame D9EF 2 KB
2 KB 147ms
59ms Script
application/x-javascript 185.29.135.190
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTURSa01qRXpNekF0WXpKbU15MDVPR0V3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzQ5OTA1ODQ3Njk2NDI1MzAwOTAvODY3NTYxMy83MzI0NDE5LzQvbnhKcjRHc0E4eXVlckNjb19VWVFmNV9xRFVNd0dYb1VEc0F5ZDFSbkd1OC8xLzQvMC8wLzE1MTI1ODYvMC8yNDI4NzYvODYzMTgyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNDk5MDU4NDc2OTY0MjUyOTk2MC96cmgvMC8xNTcvMy85OTkvNjYvMmEwMTo0Zjg6MTkyOjovMC4wMDAvMTYxODk1ODY5Ni8xNjE4OTcxMjk2LzQvcHViLTg4MTkyMDQ3NzgwMDI5MTIv/87N1wsXZBb28eMaqJe_GPqCC8qU&nodeid=36&group=eu&auctionid=4990584769642530090&sid=7324419&cid=8675613&bp=a_agffcb&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.139&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC4621aFl_YK-4BJKHgAf5zKPYA8-HjptcwIbZgsYCwI23ARABIABglYr4gZQHggEXY2EtcHViLTg4MTkyMDQ3NzgwMDI5MTLIAQmoAwGqBLgBT9BbbdsTdbexBCfAA4iUsxiC1q-YPxCEc863I6kMITm9UWb7XT4XWxIEKSexBq3Zm5ySlpfkmwu_X5ztkbjTXyKou1wmNkOUyzmCfP9fdo3U0-xAwfoVpIkPEvkMoXY82HwdFBLGCxbtmx2PWXJguPcLG5mVvB7VuWanbOgcHM73wZbw0Kkswu6CmVyCeUjiN7EqrjXINxrp9m0q2YAChTZn1O0Knivk8tl2uvO9wFlVKO6VRYc8JoAG-pm04aTW17RHoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAQ%26num%3D1%26sig%3DAOD64_2Hh-7eZ482h1hhpaBCxYwVfjGSyg%26client%3Dca-pub-8819204778002912%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=90&slotname=9366493185&adk=2171484123&adf=2334505472&pi=t.ma~as.9366493185&w=728&lmt=1570747697&psa=0&format=728x90&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696050&bpp=4&bdt=350&idt=4&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250%2C250x250%2C160x600&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=1431&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=IcKvSntUZu&p=https%3A//jibundedekirukogao.dt25.net&dtd=7
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.135.190 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.197.0 /
Resource Hash: 0d56e5efcd431a52574d86313c4fa77d45a95b4c8456528966c99535c815e9d5

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Apr 2021 22:44:55 GMT
Content-Encoding: gzip
x-mm-bid-request-time: 1618958696
Last-Modified: Tue, 20 Apr 2021 22:44:56 GMT
Server: MMBD/3.197.0
x-mm-latency: 16 (0)
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
x-mm-dbg: Count
Cache-Control: no-cache
x-mm-host: cdg-router-x26, zrh-bidder-x4
Connection: close
Content-Type: application/x-javascript; charset=UTF-8
Expires: Tue, 20 Apr 2021 22:44:54 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210415/r20110914/client/ Frame D9EF 2 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210415/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=90&slotname=9366493185&adk=2171484123&adf=2334505472&pi=t.ma~as.9366493185&w=728&lmt=1570747697&psa=0&format=728x90&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696050&bpp=4&bdt=350&idt=4&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250%2C250x250%2C160x600&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=1431&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=IcKvSntUZu&p=https%3A//jibundedekirukogao.dt25.net&dtd=7

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:42:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 157
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 May 2021 22:42:19 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D9EF 118 KB
36 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b79bbb4dde997e5ab5ccdc54788dfa659df09699a19aabff4c1ad10a20735b86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:44:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1618831897855645"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36793
x-xss-protection: 0
expires: Tue, 20 Apr 2021 22:44:56 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210415/r20110914/client/ Frame D9EF 13 KB
5 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210415/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

231064110361844d6320331a5c35979c2a492a546604d97181eb6cf7aa4ae1cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:41:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 213
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5602
x-xss-protection: 0
server: cafe
etag: 7525161794280374107
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 May 2021 22:41:23 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame D9EF 0
0 15ms
14ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSA955tjyurpO5zs7jxlV0imlZE4xjjILR4mFaqQbuQxB9dYQFcrL3oRQuV89YHYHZEZKuO83yoTgUqL9qzhUgttVR0vQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=90&slotname=9366493185&adk=2171484123&adf=2334505472&pi=t.ma~as.9366493185&w=728&lmt=1570747697&psa=0&format=728x90&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696050&bpp=4&bdt=350&idt=4&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250%2C250x250%2C160x600&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=1431&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=IcKvSntUZu&p=https%3A//jibundedekirukogao.dt25.net&dtd=7
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame D9EF 0
0 44ms
43ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C6hBBaFl_YK-4BJKHgAf5zKPYA8-HjptcwIbZgsYCwI23ARABIABglYr4gZQHggEXY2EtcHViLTg4MTkyMDQ3NzgwMDI5MTLIAQmoAwGqBLUBT9BbbdsTdbexBCfAA4iUsxiC1q-YPxCEc863I6kMITm9UWb7XT4XWxIEKSexBq3Zm5ySlpfkmwu_X5ztkbjTXyKou1wmNkOUyzmCfP9fdo3U0-xAwfoVpIkPEvkMoXY82HwdFBLGCxbtmx2PWXJguPcLG5mVvB7VuWanbOgcHM73wZbw0Kkswu6CmVyCeUjiN7EqrjXINxrp9m0q2YAChTZn1K8Ik7lIYn1xN1f1a4EVhx6IUYAG-pm04aTW17RHoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAGACgH6CwIIAYAMAbIXGAoWEhRwdWItODgxOTIwNDc3ODAwMjkxMg&sigh=yJufbm_-V_I&tpd=AGWhJmtbhLvICSyaoJH0U61KvHAc7bYzpOpHjP3KpyZGFMKX4w8v8BKtgtTfShrGLNiEaBk_uYD3ukljC4lRDcE0epLQvWkM-uc9ft03TL65S0yWFMJlzJxrG5oL2O2GKrG2JPqXSVym8csAihY_Ngbq_dywoBdmJOWz1jTXB3I9YXzo91AIM9ybTCtKloncf2XNqFa0ZE1Mf0QKV9wpyxhhh1luxrt0CHbFD6LBBMGDeRFVkRStoysZOiK2xnfJ-tOfmAggWFUCJolOx6Gls2wHcb7OUg4G2z8etEbVJVkOMCOlpWax0qe12sEUPtMDXjnYRhOxkddOvuDGQV1Y9S8YTSKui4D7BB716t5ZJaOSzzW7gI8u4c0Mld_FTIPQlnbN_UkNJMHiLtOjAAIzukWjbvkGHViE7xQ98v5-Tfsti7XIYZkZ573t5J2TB3kTsE6e9iZUPWLKiZiNt6sz1jOQjesHConB4BUBG6tbfXsJLAWybJehhg78BtIg6-2vVJsY73oGh1u3edndn5j-FA6kVYUfHcR2T5ZsJE7mg21vcivmRlj6MutEIPGKlerYLqi0JUTmbPOWnMqnwnbr-bKe_DcCoaBMfpa-oaTY2HMYGY0x6vTZzKu5vLIk8h8QHvgtvZahofKO8lpx2Dmicy5WzsFO3CjOtpj42T5y_TYeala8NHn-fY1jfzoq86ESqqVhKr2CMk15wrlmuwlw11gt9dNZ5zkkG4NomUPqO41pJft0MB9uRJVJrvO1e2LLWT0cSkEj9g-XmbdsVVSMkmUiTsA_6oIvMtqGkY6iSxxetiVT4pE8LRDrxQBCNGKEgAD7wFmdr9jcqojfZcOPpiM-z6Hpc4HitgbWq80OL0liQN_FnE3VG_N1awlsuX5SXABZshqSdiPhLDXuKNaOsFDsbtYOGgR3jWNdzutBe2V97kliCp59fTLTyHYnv607LtPmg8KSuchEbk34aMrt220Kg63fRa8fBRVxyCYustXcH24-67Bmo8xl4N0Pp0lbkThm6zouN5h7kxYNEqPGBzY-SN7MMA

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=90&slotname=9366493185&adk=2171484123&adf=2334505472&pi=t.ma~as.9366493185&w=728&lmt=1570747697&psa=0&format=728x90&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696050&bpp=4&bdt=350&idt=4&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250%2C250x250%2C160x600&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=1431&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=IcKvSntUZu&p=https%3A//jibundedekirukogao.dt25.net&dtd=7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 20 Apr 2021 22:44:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK xxvlvujily3i Show response
hal9000.redintelligence.net/zone/ Frame 7847 10 KB
3 KB 116ms
35ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/xxvlvujily3i?subid=&rnd=378898750164188957&extVar[]=DOUBLEBORDER:1&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D378898750164188957%26mt_id%3D6622325%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D0862607f-5968-4401-abd2-fed2dc19fb70%26mt_cid%3D0862607f-5968-4401-abd2-fed2dc19fb70%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCI8QMaFl_YISfAtCNgQfRr7SQCc-HjptcwIbZgsYCwI23ARABIABglYr4gZQHggEXY2EtcHViLTg4MTkyMDQ3NzgwMDI5MTLIAQmoAwGqBLkBT9C-FtjfEIOM7khG1uGGy70LZrI8gm_dL7QFBUUZ6eHz6fCYc-ZbmZc5j4HpiC8obaxCtkCaHnWcHT4vqEzR8NIzFGJB4urmTsYmcm8MPI23c1_mZ1gIychHMdjzBUgIxzExxszEDd4PDa8wkFtkO8hRNMj7K7rnIvfS23uzZAg0THzLMJcXyEMuEmNcIgwEE-CGbcamy1gwcXkolAvx2bsf8F-JhdX2WJJI78OmtrvlBgeigdegxPaABr_MxM6a-eOXgAGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_22j8Ry4eprH31PLjjPBIoGKjTCNA%2526client%253Dca-pub-8819204778002912%2526adurl%253D%26redirect%3D
Requested by: Host: jibundedekirukogao.dt25.net
URL: https://jibundedekirukogao.dt25.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 27aae4e83e21c485cb1250724c46c65aa676556f64b97ee762ab377cfcf1a4c4

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Apr 2021 22:44:56 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3346
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame 7847 49 B
330 B 127ms
40ms Image
image/gif 185.29.135.190
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=378898750164188957&node_id=2817&exch_id=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTURSaFpqTTRNMk10TnpWaU15MWhZVEkyTFRBd01EQXRNREF3TURBd01EQXdNREF3LzM3ODg5ODc1MDE2NDE4ODk1Ny82NjIyMzI1LzQ1NjIzMDYvNC80Wm4tOEhpdGlDa0xTVTNyR1c1aHlDbzk1VjNSZ01pS2pZVEJ0SkdzN0pRLzEvNC8wLzAvOTU2ODAzLzAvMjE2NTM2LzY1MTg3MS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzM3ODg5ODc1MDE2NDE4ODk1Ny9hbXMvMC8yMTAvMy85OTkvNjYvMmEwMTo0Zjg6MTkyOjovMC4wMDAvMTYxODk1ODY5NS8xNjE4OTcxMjk1LzQvcHViLTg4MTkyMDQ3NzgwMDI5MTIv/g7vLNrjTMWC4cCHkDs2bpzXchvQ&nodeid=2817&group=eu&auctionid=378898750164188957&sid=4562306&cid=6622325&bp=a_bjgfgc&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.89&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCI8QMaFl_YISfAtCNgQfRr7SQCc-HjptcwIbZgsYCwI23ARABIABglYr4gZQHggEXY2EtcHViLTg4MTkyMDQ3NzgwMDI5MTLIAQmoAwGqBLkBT9C-FtjfEIOM7khG1uGGy70LZrI8gm_dL7QFBUUZ6eHz6fCYc-ZbmZc5j4HpiC8obaxCtkCaHnWcHT4vqEzR8NIzFGJB4urmTsYmcm8MPI23c1_mZ1gIychHMdjzBUgIxzExxszEDd4PDa8wkFtkO8hRNMj7K7rnIvfS23uzZAg0THzLMJcXyEMuEmNcIgwEE-CGbcamy1gwcXkolAvx2bsf8F-JhdX2WJJI78OmtrvlBgeigdegxPaABr_MxM6a-eOXgAGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_22j8Ry4eprH31PLjjPBIoGKjTCNA%26client%3Dca-pub-8819204778002912%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.135.190 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.197.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Apr 2021 22:44:55 GMT
Server: MMBD/3.197.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x91, cdg-bidder-x166
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Tue, 20 Apr 2021 22:44:54 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame 7847 43 B
360 B 108ms
43ms Image
image/gif 184.30.20.207
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=378898750164188957&v3=651871&v4=4562306&v5=6622325&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTURSaFpqTTRNMk10TnpWaU15MWhZVEkyTFRBd01EQXRNREF3TURBd01EQXdNREF3LzM3ODg5ODc1MDE2NDE4ODk1Ny82NjIyMzI1LzQ1NjIzMDYvNC80Wm4tOEhpdGlDa0xTVTNyR1c1aHlDbzk1VjNSZ01pS2pZVEJ0SkdzN0pRLzEvNC8wLzAvOTU2ODAzLzAvMjE2NTM2LzY1MTg3MS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzM3ODg5ODc1MDE2NDE4ODk1Ny9hbXMvMC8yMTAvMy85OTkvNjYvMmEwMTo0Zjg6MTkyOjovMC4wMDAvMTYxODk1ODY5NS8xNjE4OTcxMjk1LzQvcHViLTg4MTkyMDQ3NzgwMDI5MTIv/g7vLNrjTMWC4cCHkDs2bpzXchvQ&nodeid=2817&group=eu&auctionid=378898750164188957&sid=4562306&cid=6622325&bp=a_bjgfgc&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.89&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCI8QMaFl_YISfAtCNgQfRr7SQCc-HjptcwIbZgsYCwI23ARABIABglYr4gZQHggEXY2EtcHViLTg4MTkyMDQ3NzgwMDI5MTLIAQmoAwGqBLkBT9C-FtjfEIOM7khG1uGGy70LZrI8gm_dL7QFBUUZ6eHz6fCYc-ZbmZc5j4HpiC8obaxCtkCaHnWcHT4vqEzR8NIzFGJB4urmTsYmcm8MPI23c1_mZ1gIychHMdjzBUgIxzExxszEDd4PDa8wkFtkO8hRNMj7K7rnIvfS23uzZAg0THzLMJcXyEMuEmNcIgwEE-CGbcamy1gwcXkolAvx2bsf8F-JhdX2WJJI78OmtrvlBgeigdegxPaABr_MxM6a-eOXgAGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_22j8Ry4eprH31PLjjPBIoGKjTCNA%26client%3Dca-pub-8819204778002912%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.207 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-207.deploy.static.akamaitechnologies.com
Software: MT3 3660 495c301 master zrh-pixel-x12 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Apr 2021 22:44:56 GMT
Server: MT3 3660 495c301 master zrh-pixel-x12
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 20 Apr 2021 22:44:55 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame 7847 49 B
330 B 130ms
40ms Image
image/gif 185.29.135.190
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=378898750164188957&st=4562306&time=1618958696&nodeid=2817
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTURSaFpqTTRNMk10TnpWaU15MWhZVEkyTFRBd01EQXRNREF3TURBd01EQXdNREF3LzM3ODg5ODc1MDE2NDE4ODk1Ny82NjIyMzI1LzQ1NjIzMDYvNC80Wm4tOEhpdGlDa0xTVTNyR1c1aHlDbzk1VjNSZ01pS2pZVEJ0SkdzN0pRLzEvNC8wLzAvOTU2ODAzLzAvMjE2NTM2LzY1MTg3MS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzM3ODg5ODc1MDE2NDE4ODk1Ny9hbXMvMC8yMTAvMy85OTkvNjYvMmEwMTo0Zjg6MTkyOjovMC4wMDAvMTYxODk1ODY5NS8xNjE4OTcxMjk1LzQvcHViLTg4MTkyMDQ3NzgwMDI5MTIv/g7vLNrjTMWC4cCHkDs2bpzXchvQ&nodeid=2817&group=eu&auctionid=378898750164188957&sid=4562306&cid=6622325&bp=a_bjgfgc&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.89&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCI8QMaFl_YISfAtCNgQfRr7SQCc-HjptcwIbZgsYCwI23ARABIABglYr4gZQHggEXY2EtcHViLTg4MTkyMDQ3NzgwMDI5MTLIAQmoAwGqBLkBT9C-FtjfEIOM7khG1uGGy70LZrI8gm_dL7QFBUUZ6eHz6fCYc-ZbmZc5j4HpiC8obaxCtkCaHnWcHT4vqEzR8NIzFGJB4urmTsYmcm8MPI23c1_mZ1gIychHMdjzBUgIxzExxszEDd4PDa8wkFtkO8hRNMj7K7rnIvfS23uzZAg0THzLMJcXyEMuEmNcIgwEE-CGbcamy1gwcXkolAvx2bsf8F-JhdX2WJJI78OmtrvlBgeigdegxPaABr_MxM6a-eOXgAGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_22j8Ry4eprH31PLjjPBIoGKjTCNA%26client%3Dca-pub-8819204778002912%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.135.190 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.197.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Apr 2021 22:44:55 GMT
Server: MMBD/3.197.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x99, cdg-bidder-x166
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Tue, 20 Apr 2021 22:44:54 GMT

GET
H/1.1 200
OK tojuhhm84f1g Show response
hal9000.redintelligence.net/zone/ Frame 807D 11 KB
3 KB 109ms
36ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/tojuhhm84f1g?subid=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&rnd=7296427774574111200&extVar[]=DOUBLEBORDER:1&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D7296427774574111200%26mt_id%3D8675608%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D6724607f-5968-4701-a611-30f2a2a94ceb%26mt_cid%3D6724607f-5968-4701-a611-30f2a2a94ceb%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCRxnfaFl_YKv7A6C5x_APksaBwAHPh46bXMCG2YLGAsCNtwEQASAAYJWK-IGUB4IBF2NhLXB1Yi04ODE5MjA0Nzc4MDAyOTEyyAEJqAMBqgSzAU_QyMRGYvrF_MpacyQ5sBZe0aZ9xpSfeI5nTtI3ozvQMX-xh-JSHZZ53qH3axKIuIZSiZj0I_MBYf8w58RvEEU6HsQ9vbrUbHk6lkJgB-eSuZs9ikQE9-S-s9qXrTVSizK5EE5uYnJbBPd_9mE_aETMogQsCq41IKc3slXop8Zcdaqu961uRwWAxgr3Vm9rIZY2pF5KGY0hn7Lz7bd6HBoPnxj4fFMDZ9KTeXx7zGRiXu6RgAb30dyH8dPYh-4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1R7VDzkGvkXMHPoHTvCVvLQn9Png%2526client%253Dca-pub-8819204778002912%2526adurl%253D%26redirect%3D
Requested by: Host: jibundedekirukogao.dt25.net
URL: https://jibundedekirukogao.dt25.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: b69e5926f8a65ce3d1b3ecb26580f079be2800d61c3ec290764ebef05dccc403

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Apr 2021 22:44:56 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3375
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame 807D 49 B
330 B 136ms
44ms Image
image/gif 185.29.135.190
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=7296427774574111200&node_id=1605&exch_id=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTmpJeVpEYzROV1l0TlRCaU55MWlOak5oTFRBd01EQXRNREF3TURBd01EQXdNREF3LzcyOTY0Mjc3NzQ1NzQxMTEyMDAvODY3NTYwOC83MzI0NDE5LzQvbnhKcjRHc0E4eXVlckNjb19VWVFmem52TndPOXFCZ3NlM0xzd0Q0eWFzdy8xLzQvMC8wLzE1MTI1ODYvMC8yNDI4NzYvODYzMTgyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvODQ0OTM0OTI3OTE4MDk1ODAzNy9hbXMvMC8xNTcvMy85OTkvNjYvMmEwMTo0Zjg6MTkyOjovMC4wMDAvMTYxODk1ODY5NS8xNjE4OTcxMjk1LzQvcHViLTg4MTkyMDQ3NzgwMDI5MTIv/RJLGm9QesI1OJBNQeO9moI8VlFg&nodeid=1605&group=eu&auctionid=7296427774574111200&sid=7324419&cid=8675608&bp=a_agffcb&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.139&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCRxnfaFl_YKv7A6C5x_APksaBwAHPh46bXMCG2YLGAsCNtwEQASAAYJWK-IGUB4IBF2NhLXB1Yi04ODE5MjA0Nzc4MDAyOTEyyAEJqAMBqgSzAU_QyMRGYvrF_MpacyQ5sBZe0aZ9xpSfeI5nTtI3ozvQMX-xh-JSHZZ53qH3axKIuIZSiZj0I_MBYf8w58RvEEU6HsQ9vbrUbHk6lkJgB-eSuZs9ikQE9-S-s9qXrTVSizK5EE5uYnJbBPd_9mE_aETMogQsCq41IKc3slXop8Zcdaqu961uRwWAxgr3Vm9rIZY2pF5KGY0hn7Lz7bd6HBoPnxj4fFMDZ9KTeXx7zGRiXu6RgAb30dyH8dPYh-4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1R7VDzkGvkXMHPoHTvCVvLQn9Png%26client%3Dca-pub-8819204778002912%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.135.190 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.197.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Apr 2021 22:44:55 GMT
Server: MMBD/3.197.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x84, cdg-bidder-x133
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Tue, 20 Apr 2021 22:44:54 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame 807D 43 B
360 B 98ms
39ms Image
image/gif 184.30.20.207
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=7296427774574111200&v3=863182&v4=7324419&v5=8675608&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTmpJeVpEYzROV1l0TlRCaU55MWlOak5oTFRBd01EQXRNREF3TURBd01EQXdNREF3LzcyOTY0Mjc3NzQ1NzQxMTEyMDAvODY3NTYwOC83MzI0NDE5LzQvbnhKcjRHc0E4eXVlckNjb19VWVFmem52TndPOXFCZ3NlM0xzd0Q0eWFzdy8xLzQvMC8wLzE1MTI1ODYvMC8yNDI4NzYvODYzMTgyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvODQ0OTM0OTI3OTE4MDk1ODAzNy9hbXMvMC8xNTcvMy85OTkvNjYvMmEwMTo0Zjg6MTkyOjovMC4wMDAvMTYxODk1ODY5NS8xNjE4OTcxMjk1LzQvcHViLTg4MTkyMDQ3NzgwMDI5MTIv/RJLGm9QesI1OJBNQeO9moI8VlFg&nodeid=1605&group=eu&auctionid=7296427774574111200&sid=7324419&cid=8675608&bp=a_agffcb&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.139&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCRxnfaFl_YKv7A6C5x_APksaBwAHPh46bXMCG2YLGAsCNtwEQASAAYJWK-IGUB4IBF2NhLXB1Yi04ODE5MjA0Nzc4MDAyOTEyyAEJqAMBqgSzAU_QyMRGYvrF_MpacyQ5sBZe0aZ9xpSfeI5nTtI3ozvQMX-xh-JSHZZ53qH3axKIuIZSiZj0I_MBYf8w58RvEEU6HsQ9vbrUbHk6lkJgB-eSuZs9ikQE9-S-s9qXrTVSizK5EE5uYnJbBPd_9mE_aETMogQsCq41IKc3slXop8Zcdaqu961uRwWAxgr3Vm9rIZY2pF5KGY0hn7Lz7bd6HBoPnxj4fFMDZ9KTeXx7zGRiXu6RgAb30dyH8dPYh-4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1R7VDzkGvkXMHPoHTvCVvLQn9Png%26client%3Dca-pub-8819204778002912%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.207 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-207.deploy.static.akamaitechnologies.com
Software: MT3 3660 495c301 master zrh-pixel-x12 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Apr 2021 22:44:56 GMT
Server: MT3 3660 495c301 master zrh-pixel-x12
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 20 Apr 2021 22:44:55 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame 807D 49 B
330 B 136ms
43ms Image
image/gif 185.29.135.190
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=7296427774574111200&st=7324419&time=1618958696&nodeid=1605
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTmpJeVpEYzROV1l0TlRCaU55MWlOak5oTFRBd01EQXRNREF3TURBd01EQXdNREF3LzcyOTY0Mjc3NzQ1NzQxMTEyMDAvODY3NTYwOC83MzI0NDE5LzQvbnhKcjRHc0E4eXVlckNjb19VWVFmem52TndPOXFCZ3NlM0xzd0Q0eWFzdy8xLzQvMC8wLzE1MTI1ODYvMC8yNDI4NzYvODYzMTgyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvODQ0OTM0OTI3OTE4MDk1ODAzNy9hbXMvMC8xNTcvMy85OTkvNjYvMmEwMTo0Zjg6MTkyOjovMC4wMDAvMTYxODk1ODY5NS8xNjE4OTcxMjk1LzQvcHViLTg4MTkyMDQ3NzgwMDI5MTIv/RJLGm9QesI1OJBNQeO9moI8VlFg&nodeid=1605&group=eu&auctionid=7296427774574111200&sid=7324419&cid=8675608&bp=a_agffcb&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.139&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCRxnfaFl_YKv7A6C5x_APksaBwAHPh46bXMCG2YLGAsCNtwEQASAAYJWK-IGUB4IBF2NhLXB1Yi04ODE5MjA0Nzc4MDAyOTEyyAEJqAMBqgSzAU_QyMRGYvrF_MpacyQ5sBZe0aZ9xpSfeI5nTtI3ozvQMX-xh-JSHZZ53qH3axKIuIZSiZj0I_MBYf8w58RvEEU6HsQ9vbrUbHk6lkJgB-eSuZs9ikQE9-S-s9qXrTVSizK5EE5uYnJbBPd_9mE_aETMogQsCq41IKc3slXop8Zcdaqu961uRwWAxgr3Vm9rIZY2pF5KGY0hn7Lz7bd6HBoPnxj4fFMDZ9KTeXx7zGRiXu6RgAb30dyH8dPYh-4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1R7VDzkGvkXMHPoHTvCVvLQn9Png%26client%3Dca-pub-8819204778002912%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.135.190 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.197.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Apr 2021 22:44:55 GMT
Server: MMBD/3.197.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x29, cdg-bidder-x133
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Tue, 20 Apr 2021 22:44:54 GMT

GET
H/1.1 200
OK kfm7pdl6j5sw Show response
hal9000.redintelligence.net/zone/ Frame D9EF 11 KB
3 KB 103ms
35ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/kfm7pdl6j5sw?subid=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&rnd=4990584769642530090&extVar[]=DOUBLEBORDER:1&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D4990584769642530090%26mt_id%3D8675613%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Df607607f-5968-4401-9c10-34363f649f56%26mt_cid%3Df607607f-5968-4401-9c10-34363f649f56%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC4621aFl_YK-4BJKHgAf5zKPYA8-HjptcwIbZgsYCwI23ARABIABglYr4gZQHggEXY2EtcHViLTg4MTkyMDQ3NzgwMDI5MTLIAQmoAwGqBLgBT9BbbdsTdbexBCfAA4iUsxiC1q-YPxCEc863I6kMITm9UWb7XT4XWxIEKSexBq3Zm5ySlpfkmwu_X5ztkbjTXyKou1wmNkOUyzmCfP9fdo3U0-xAwfoVpIkPEvkMoXY82HwdFBLGCxbtmx2PWXJguPcLG5mVvB7VuWanbOgcHM73wZbw0Kkswu6CmVyCeUjiN7EqrjXINxrp9m0q2YAChTZn1O0Knivk8tl2uvO9wFlVKO6VRYc8JoAG-pm04aTW17RHoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAQ%2526num%253D1%2526sig%253DAOD64_2Hh-7eZ482h1hhpaBCxYwVfjGSyg%2526client%253Dca-pub-8819204778002912%2526adurl%253D%26redirect%3D
Requested by: Host: jibundedekirukogao.dt25.net
URL: https://jibundedekirukogao.dt25.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: b7e97db2449beb81c36bbebd147d2a85bce3a47c87f04ff93f23e432cd1c21f5

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Apr 2021 22:44:56 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3367
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame D9EF 49 B
328 B 159ms
100ms Image
image/gif 185.29.135.190
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=4990584769642530090&node_id=36&exch_id=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTURSa01qRXpNekF0WXpKbU15MDVPR0V3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzQ5OTA1ODQ3Njk2NDI1MzAwOTAvODY3NTYxMy83MzI0NDE5LzQvbnhKcjRHc0E4eXVlckNjb19VWVFmNV9xRFVNd0dYb1VEc0F5ZDFSbkd1OC8xLzQvMC8wLzE1MTI1ODYvMC8yNDI4NzYvODYzMTgyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNDk5MDU4NDc2OTY0MjUyOTk2MC96cmgvMC8xNTcvMy85OTkvNjYvMmEwMTo0Zjg6MTkyOjovMC4wMDAvMTYxODk1ODY5Ni8xNjE4OTcxMjk2LzQvcHViLTg4MTkyMDQ3NzgwMDI5MTIv/87N1wsXZBb28eMaqJe_GPqCC8qU&nodeid=36&group=eu&auctionid=4990584769642530090&sid=7324419&cid=8675613&bp=a_agffcb&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.139&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC4621aFl_YK-4BJKHgAf5zKPYA8-HjptcwIbZgsYCwI23ARABIABglYr4gZQHggEXY2EtcHViLTg4MTkyMDQ3NzgwMDI5MTLIAQmoAwGqBLgBT9BbbdsTdbexBCfAA4iUsxiC1q-YPxCEc863I6kMITm9UWb7XT4XWxIEKSexBq3Zm5ySlpfkmwu_X5ztkbjTXyKou1wmNkOUyzmCfP9fdo3U0-xAwfoVpIkPEvkMoXY82HwdFBLGCxbtmx2PWXJguPcLG5mVvB7VuWanbOgcHM73wZbw0Kkswu6CmVyCeUjiN7EqrjXINxrp9m0q2YAChTZn1O0Knivk8tl2uvO9wFlVKO6VRYc8JoAG-pm04aTW17RHoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAQ%26num%3D1%26sig%3DAOD64_2Hh-7eZ482h1hhpaBCxYwVfjGSyg%26client%3Dca-pub-8819204778002912%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.135.190 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.197.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Apr 2021 22:44:55 GMT
Server: MMBD/3.197.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x51, zrh-bidder-x4
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Tue, 20 Apr 2021 22:44:54 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame D9EF 43 B
360 B 78ms
41ms Image
image/gif 184.30.20.207
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=4990584769642530090&v3=863182&v4=7324419&v5=8675613&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTURSa01qRXpNekF0WXpKbU15MDVPR0V3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzQ5OTA1ODQ3Njk2NDI1MzAwOTAvODY3NTYxMy83MzI0NDE5LzQvbnhKcjRHc0E4eXVlckNjb19VWVFmNV9xRFVNd0dYb1VEc0F5ZDFSbkd1OC8xLzQvMC8wLzE1MTI1ODYvMC8yNDI4NzYvODYzMTgyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNDk5MDU4NDc2OTY0MjUyOTk2MC96cmgvMC8xNTcvMy85OTkvNjYvMmEwMTo0Zjg6MTkyOjovMC4wMDAvMTYxODk1ODY5Ni8xNjE4OTcxMjk2LzQvcHViLTg4MTkyMDQ3NzgwMDI5MTIv/87N1wsXZBb28eMaqJe_GPqCC8qU&nodeid=36&group=eu&auctionid=4990584769642530090&sid=7324419&cid=8675613&bp=a_agffcb&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.139&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC4621aFl_YK-4BJKHgAf5zKPYA8-HjptcwIbZgsYCwI23ARABIABglYr4gZQHggEXY2EtcHViLTg4MTkyMDQ3NzgwMDI5MTLIAQmoAwGqBLgBT9BbbdsTdbexBCfAA4iUsxiC1q-YPxCEc863I6kMITm9UWb7XT4XWxIEKSexBq3Zm5ySlpfkmwu_X5ztkbjTXyKou1wmNkOUyzmCfP9fdo3U0-xAwfoVpIkPEvkMoXY82HwdFBLGCxbtmx2PWXJguPcLG5mVvB7VuWanbOgcHM73wZbw0Kkswu6CmVyCeUjiN7EqrjXINxrp9m0q2YAChTZn1O0Knivk8tl2uvO9wFlVKO6VRYc8JoAG-pm04aTW17RHoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAQ%26num%3D1%26sig%3DAOD64_2Hh-7eZ482h1hhpaBCxYwVfjGSyg%26client%3Dca-pub-8819204778002912%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.207 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-207.deploy.static.akamaitechnologies.com
Software: MT3 3660 495c301 master zrh-pixel-x12 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Apr 2021 22:44:56 GMT
Server: MT3 3660 495c301 master zrh-pixel-x12
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 20 Apr 2021 22:44:55 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame D9EF 49 B
328 B 161ms
99ms Image
image/gif 185.29.135.190
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=4990584769642530090&st=7324419&time=1618958696&nodeid=36
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTURSa01qRXpNekF0WXpKbU15MDVPR0V3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzQ5OTA1ODQ3Njk2NDI1MzAwOTAvODY3NTYxMy83MzI0NDE5LzQvbnhKcjRHc0E4eXVlckNjb19VWVFmNV9xRFVNd0dYb1VEc0F5ZDFSbkd1OC8xLzQvMC8wLzE1MTI1ODYvMC8yNDI4NzYvODYzMTgyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNDk5MDU4NDc2OTY0MjUyOTk2MC96cmgvMC8xNTcvMy85OTkvNjYvMmEwMTo0Zjg6MTkyOjovMC4wMDAvMTYxODk1ODY5Ni8xNjE4OTcxMjk2LzQvcHViLTg4MTkyMDQ3NzgwMDI5MTIv/87N1wsXZBb28eMaqJe_GPqCC8qU&nodeid=36&group=eu&auctionid=4990584769642530090&sid=7324419&cid=8675613&bp=a_agffcb&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.139&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC4621aFl_YK-4BJKHgAf5zKPYA8-HjptcwIbZgsYCwI23ARABIABglYr4gZQHggEXY2EtcHViLTg4MTkyMDQ3NzgwMDI5MTLIAQmoAwGqBLgBT9BbbdsTdbexBCfAA4iUsxiC1q-YPxCEc863I6kMITm9UWb7XT4XWxIEKSexBq3Zm5ySlpfkmwu_X5ztkbjTXyKou1wmNkOUyzmCfP9fdo3U0-xAwfoVpIkPEvkMoXY82HwdFBLGCxbtmx2PWXJguPcLG5mVvB7VuWanbOgcHM73wZbw0Kkswu6CmVyCeUjiN7EqrjXINxrp9m0q2YAChTZn1O0Knivk8tl2uvO9wFlVKO6VRYc8JoAG-pm04aTW17RHoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAQ%26num%3D1%26sig%3DAOD64_2Hh-7eZ482h1hhpaBCxYwVfjGSyg%26client%3Dca-pub-8819204778002912%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.135.190 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.197.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Apr 2021 22:44:55 GMT
Server: MMBD/3.197.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x97, zrh-bidder-x4
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Tue, 20 Apr 2021 22:44:54 GMT

GET
H/1.1

200
OK

request.php Show response
hal900024.redintelligence.net/ Frame 807D
Redirect Chain

https://hal900024.redintelligence.net/request.php?zone=tojuhhm84f1g&nw=20&renderingType=javascript&namespace=6f0277911c&subid=&uid=81efc620651ef228&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900024.redintelligence.net/request.php?zone=tojuhhm84f1g&nw=20&renderingType=javascript&namespace=6f0277911c&subid=&uid=81efc620651ef228&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

2 KB
1 KB

141ms
74ms

Script
application/x-javascript

138.201.84.252
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900024.redintelligence.net/request.php?zone=tojuhhm84f1g&nw=20&renderingType=javascript&namespace=6f0277911c&subid=&uid=81efc620651ef228&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D7296427774574111200%26mt_id%3D8675608%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D6724607f-5968-4701-a611-30f2a2a94ceb%26mt_cid%3D6724607f-5968-4701-a611-30f2a2a94ceb%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCRxnfaFl_YKv7A6C5x_APksaBwAHPh46bXMCG2YLGAsCNtwEQASAAYJWK-IGUB4IBF2NhLXB1Yi04ODE5MjA0Nzc4MDAyOTEyyAEJqAMBqgSzAU_QyMRGYvrF_MpacyQ5sBZe0aZ9xpSfeI5nTtI3ozvQMX-xh-JSHZZ53qH3axKIuIZSiZj0I_MBYf8w58RvEEU6HsQ9vbrUbHk6lkJgB-eSuZs9ikQE9-S-s9qXrTVSizK5EE5uYnJbBPd_9mE_aETMogQsCq41IKc3slXop8Zcdaqu961uRwWAxgr3Vm9rIZY2pF5KGY0hn7Lz7bd6HBoPnxj4fFMDZ9KTeXx7zGRiXu6RgAb30dyH8dPYh-4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1R7VDzkGvkXMHPoHTvCVvLQn9Png%2526client%253Dca-pub-8819204778002912%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&ancestorOrigins=https%3A%2F%2Fjibundedekirukogao.dt25.net&random=767827920894&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=600&slotname=3613768783&adk=94595765&adf=282678229&pi=t.ma~as.3613768783&w=160&lmt=1570747697&psa=0&format=160x600&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696043&bpp=1&bdt=343&idt=1&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250%2C250x250&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=427&ady=374&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=UoXFPF44NY&p=https%3A//jibundedekirukogao.dt25.net&dtd=3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.252 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.252.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: fe1e7584549ffb9a486d75e5e0fd1a6a813eb02f2e8be09859a24218a9fd98f0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Apr 2021 22:44:56 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 55870000003079102179201011571024
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 722
Expires: Tue, 20 Apr 2021 23:44:56 +0200

Redirect headers

Pragma: no-cache
Date: Tue, 20 Apr 2021 22:44:56 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=tojuhhm84f1g&nw=20&renderingType=javascript&namespace=6f0277911c&subid=&uid=81efc620651ef228&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D7296427774574111200%26mt_id%3D8675608%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D6724607f-5968-4701-a611-30f2a2a94ceb%26mt_cid%3D6724607f-5968-4701-a611-30f2a2a94ceb%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCRxnfaFl_YKv7A6C5x_APksaBwAHPh46bXMCG2YLGAsCNtwEQASAAYJWK-IGUB4IBF2NhLXB1Yi04ODE5MjA0Nzc4MDAyOTEyyAEJqAMBqgSzAU_QyMRGYvrF_MpacyQ5sBZe0aZ9xpSfeI5nTtI3ozvQMX-xh-JSHZZ53qH3axKIuIZSiZj0I_MBYf8w58RvEEU6HsQ9vbrUbHk6lkJgB-eSuZs9ikQE9-S-s9qXrTVSizK5EE5uYnJbBPd_9mE_aETMogQsCq41IKc3slXop8Zcdaqu961uRwWAxgr3Vm9rIZY2pF5KGY0hn7Lz7bd6HBoPnxj4fFMDZ9KTeXx7zGRiXu6RgAb30dyH8dPYh-4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1R7VDzkGvkXMHPoHTvCVvLQn9Png%2526client%253Dca-pub-8819204778002912%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&ancestorOrigins=https%3A%2F%2Fjibundedekirukogao.dt25.net&random=767827920894&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Tue, 20 Apr 2021 23:44:56 +0200

GET
H/1.1

200
OK

request.php Show response
hal90003.redintelligence.net/ Frame 7847
Redirect Chain

https://hal90003.redintelligence.net/request.php?zone=xxvlvujily3i&nw=20&renderingType=javascript&namespace=aa6be00a6f&subid=&uid=0bd250b055c7e8e1&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90003.redintelligence.net/request.php?zone=xxvlvujily3i&nw=20&renderingType=javascript&namespace=aa6be00a6f&subid=&uid=0bd250b055c7e8e1&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

612 B
931 B

160ms
93ms

Script
application/x-javascript

138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90003.redintelligence.net/request.php?zone=xxvlvujily3i&nw=20&renderingType=javascript&namespace=aa6be00a6f&subid=&uid=0bd250b055c7e8e1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=250x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D378898750164188957%26mt_id%3D6622325%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D0862607f-5968-4401-abd2-fed2dc19fb70%26mt_cid%3D0862607f-5968-4401-abd2-fed2dc19fb70%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCI8QMaFl_YISfAtCNgQfRr7SQCc-HjptcwIbZgsYCwI23ARABIABglYr4gZQHggEXY2EtcHViLTg4MTkyMDQ3NzgwMDI5MTLIAQmoAwGqBLkBT9C-FtjfEIOM7khG1uGGy70LZrI8gm_dL7QFBUUZ6eHz6fCYc-ZbmZc5j4HpiC8obaxCtkCaHnWcHT4vqEzR8NIzFGJB4urmTsYmcm8MPI23c1_mZ1gIychHMdjzBUgIxzExxszEDd4PDa8wkFtkO8hRNMj7K7rnIvfS23uzZAg0THzLMJcXyEMuEmNcIgwEE-CGbcamy1gwcXkolAvx2bsf8F-JhdX2WJJI78OmtrvlBgeigdegxPaABr_MxM6a-eOXgAGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_22j8Ry4eprH31PLjjPBIoGKjTCNA%2526client%253Dca-pub-8819204778002912%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&ancestorOrigins=https%3A%2F%2Fjibundedekirukogao.dt25.net&random=763374436369&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=250&slotname=3379513183&adk=3419604076&adf=2457737313&pi=t.ma~as.3379513183&w=250&lmt=1570747697&psa=0&format=250x250&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696012&bpp=1&bdt=311&idt=1&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=907&ady=176&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&xpc=lDtErgvsIY&p=https%3A//jibundedekirukogao.dt25.net&dtd=5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 Ketsch, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: c6b4784e07a9bf2df2a97e36c4f7f90ac4531d5fcc8ab8a160057a22f5a6e66b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Apr 2021 22:44:56 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 39848900003759900951399011571003
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 325
Expires: Tue, 20 Apr 2021 23:44:56 +0200

Redirect headers

Pragma: no-cache
Date: Tue, 20 Apr 2021 22:44:56 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=xxvlvujily3i&nw=20&renderingType=javascript&namespace=aa6be00a6f&subid=&uid=0bd250b055c7e8e1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=250x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D378898750164188957%26mt_id%3D6622325%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D0862607f-5968-4401-abd2-fed2dc19fb70%26mt_cid%3D0862607f-5968-4401-abd2-fed2dc19fb70%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCI8QMaFl_YISfAtCNgQfRr7SQCc-HjptcwIbZgsYCwI23ARABIABglYr4gZQHggEXY2EtcHViLTg4MTkyMDQ3NzgwMDI5MTLIAQmoAwGqBLkBT9C-FtjfEIOM7khG1uGGy70LZrI8gm_dL7QFBUUZ6eHz6fCYc-ZbmZc5j4HpiC8obaxCtkCaHnWcHT4vqEzR8NIzFGJB4urmTsYmcm8MPI23c1_mZ1gIychHMdjzBUgIxzExxszEDd4PDa8wkFtkO8hRNMj7K7rnIvfS23uzZAg0THzLMJcXyEMuEmNcIgwEE-CGbcamy1gwcXkolAvx2bsf8F-JhdX2WJJI78OmtrvlBgeigdegxPaABr_MxM6a-eOXgAGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_22j8Ry4eprH31PLjjPBIoGKjTCNA%2526client%253Dca-pub-8819204778002912%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&ancestorOrigins=https%3A%2F%2Fjibundedekirukogao.dt25.net&random=763374436369&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Tue, 20 Apr 2021 23:44:56 +0200

GET
H/1.1

200
OK

request.php Show response
hal90001.redintelligence.net/ Frame D9EF
Redirect Chain

https://hal90001.redintelligence.net/request.php?zone=kfm7pdl6j5sw&nw=20&renderingType=javascript&namespace=b8769fd653&subid=&uid=b34b69839b131938&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90001.redintelligence.net/request.php?zone=kfm7pdl6j5sw&nw=20&renderingType=javascript&namespace=b8769fd653&subid=&uid=b34b69839b131938&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

2 KB
1 KB

145ms
78ms

Script
application/x-javascript

46.4.10.49
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90001.redintelligence.net/request.php?zone=kfm7pdl6j5sw&nw=20&renderingType=javascript&namespace=b8769fd653&subid=&uid=b34b69839b131938&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D4990584769642530090%26mt_id%3D8675613%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Df607607f-5968-4401-9c10-34363f649f56%26mt_cid%3Df607607f-5968-4401-9c10-34363f649f56%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC4621aFl_YK-4BJKHgAf5zKPYA8-HjptcwIbZgsYCwI23ARABIABglYr4gZQHggEXY2EtcHViLTg4MTkyMDQ3NzgwMDI5MTLIAQmoAwGqBLgBT9BbbdsTdbexBCfAA4iUsxiC1q-YPxCEc863I6kMITm9UWb7XT4XWxIEKSexBq3Zm5ySlpfkmwu_X5ztkbjTXyKou1wmNkOUyzmCfP9fdo3U0-xAwfoVpIkPEvkMoXY82HwdFBLGCxbtmx2PWXJguPcLG5mVvB7VuWanbOgcHM73wZbw0Kkswu6CmVyCeUjiN7EqrjXINxrp9m0q2YAChTZn1O0Knivk8tl2uvO9wFlVKO6VRYc8JoAG-pm04aTW17RHoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAQ%2526num%253D1%2526sig%253DAOD64_2Hh-7eZ482h1hhpaBCxYwVfjGSyg%2526client%253Dca-pub-8819204778002912%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&ancestorOrigins=https%3A%2F%2Fjibundedekirukogao.dt25.net&random=1951759475273&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=90&slotname=9366493185&adk=2171484123&adf=2334505472&pi=t.ma~as.9366493185&w=728&lmt=1570747697&psa=0&format=728x90&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696050&bpp=4&bdt=350&idt=4&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250%2C250x250%2C160x600&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=1431&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=IcKvSntUZu&p=https%3A//jibundedekirukogao.dt25.net&dtd=7
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.49 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.49.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: cbb04e83f849e21e6af06b134d990fc0df170e2e6746b7afa8d35d409b3426c7

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Apr 2021 22:44:56 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 86004800003811902179195011571001
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 725
Expires: Tue, 20 Apr 2021 23:44:56 +0200

Redirect headers

Pragma: no-cache
Date: Tue, 20 Apr 2021 22:44:56 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=kfm7pdl6j5sw&nw=20&renderingType=javascript&namespace=b8769fd653&subid=&uid=b34b69839b131938&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D4990584769642530090%26mt_id%3D8675613%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Df607607f-5968-4401-9c10-34363f649f56%26mt_cid%3Df607607f-5968-4401-9c10-34363f649f56%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC4621aFl_YK-4BJKHgAf5zKPYA8-HjptcwIbZgsYCwI23ARABIABglYr4gZQHggEXY2EtcHViLTg4MTkyMDQ3NzgwMDI5MTLIAQmoAwGqBLgBT9BbbdsTdbexBCfAA4iUsxiC1q-YPxCEc863I6kMITm9UWb7XT4XWxIEKSexBq3Zm5ySlpfkmwu_X5ztkbjTXyKou1wmNkOUyzmCfP9fdo3U0-xAwfoVpIkPEvkMoXY82HwdFBLGCxbtmx2PWXJguPcLG5mVvB7VuWanbOgcHM73wZbw0Kkswu6CmVyCeUjiN7EqrjXINxrp9m0q2YAChTZn1O0Knivk8tl2uvO9wFlVKO6VRYc8JoAG-pm04aTW17RHoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAQ%2526num%253D1%2526sig%253DAOD64_2Hh-7eZ482h1hhpaBCxYwVfjGSyg%2526client%253Dca-pub-8819204778002912%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&ancestorOrigins=https%3A%2F%2Fjibundedekirukogao.dt25.net&random=1951759475273&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Tue, 20 Apr 2021 23:44:56 +0200

GET
H/1.1 200
OK request_content.php Show response
hal900024.redintelligence.net/ Frame 553D 3 KB
2 KB 110ms
38ms Document
text/html 138.201.84.252
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900024.redintelligence.net/request_content.php?s=55870000003079102179201011571024&a=3661f9ea
Requested by: Host: hal900024.redintelligence.net
URL: https://hal900024.redintelligence.net/request.php?zone=tojuhhm84f1g&nw=20&renderingType=javascript&namespace=6f0277911c&subid=&uid=81efc620651ef228&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D7296427774574111200%26mt_id%3D8675608%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D6724607f-5968-4701-a611-30f2a2a94ceb%26mt_cid%3D6724607f-5968-4701-a611-30f2a2a94ceb%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCRxnfaFl_YKv7A6C5x_APksaBwAHPh46bXMCG2YLGAsCNtwEQASAAYJWK-IGUB4IBF2NhLXB1Yi04ODE5MjA0Nzc4MDAyOTEyyAEJqAMBqgSzAU_QyMRGYvrF_MpacyQ5sBZe0aZ9xpSfeI5nTtI3ozvQMX-xh-JSHZZ53qH3axKIuIZSiZj0I_MBYf8w58RvEEU6HsQ9vbrUbHk6lkJgB-eSuZs9ikQE9-S-s9qXrTVSizK5EE5uYnJbBPd_9mE_aETMogQsCq41IKc3slXop8Zcdaqu961uRwWAxgr3Vm9rIZY2pF5KGY0hn7Lz7bd6HBoPnxj4fFMDZ9KTeXx7zGRiXu6RgAb30dyH8dPYh-4BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1R7VDzkGvkXMHPoHTvCVvLQn9Png%2526client%253Dca-pub-8819204778002912%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&ancestorOrigins=https%3A%2F%2Fjibundedekirukogao.dt25.net&random=767827920894&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.252 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.252.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 632129e2f75ded5e9f1acfc4431c510992df953d0fed770edf6be996e1343745

Request headers

Host: hal900024.redintelligence.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: 8lcfmzhxc8d6_uid=d6d93e6224bfd685
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

Date: Tue, 20 Apr 2021 22:44:56 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 20 Apr 2021 23:44:56 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1338
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 807D 43 B
703 B 120ms
57ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2846679&v=14098&q=409715&r=296283&pref1=55870000003079102179201011571024&pv=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Apr 2021 22:44:56 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 63B2 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 20 Apr 2021 16:59:40 GMT
expires: Wed, 21 Apr 2021 16:59:40 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 20716
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 807D 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9f171fb9e3e50f34ad165fb83a476039d6daeae2456840ead841a51d1884a717

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK request_content.php Show response
hal90003.redintelligence.net/ Frame 1F4B 3 KB
2 KB 103ms
35ms Document
text/html 138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90003.redintelligence.net/request_content.php?s=39848900003759900951399011571003&a=87de865e
Requested by: Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request.php?zone=xxvlvujily3i&nw=20&renderingType=javascript&namespace=aa6be00a6f&subid=&uid=0bd250b055c7e8e1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=250x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=&gdpr_consent=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D378898750164188957%26mt_id%3D6622325%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D0862607f-5968-4401-abd2-fed2dc19fb70%26mt_cid%3D0862607f-5968-4401-abd2-fed2dc19fb70%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCI8QMaFl_YISfAtCNgQfRr7SQCc-HjptcwIbZgsYCwI23ARABIABglYr4gZQHggEXY2EtcHViLTg4MTkyMDQ3NzgwMDI5MTLIAQmoAwGqBLkBT9C-FtjfEIOM7khG1uGGy70LZrI8gm_dL7QFBUUZ6eHz6fCYc-ZbmZc5j4HpiC8obaxCtkCaHnWcHT4vqEzR8NIzFGJB4urmTsYmcm8MPI23c1_mZ1gIychHMdjzBUgIxzExxszEDd4PDa8wkFtkO8hRNMj7K7rnIvfS23uzZAg0THzLMJcXyEMuEmNcIgwEE-CGbcamy1gwcXkolAvx2bsf8F-JhdX2WJJI78OmtrvlBgeigdegxPaABr_MxM6a-eOXgAGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_22j8Ry4eprH31PLjjPBIoGKjTCNA%2526client%253Dca-pub-8819204778002912%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&ancestorOrigins=https%3A%2F%2Fjibundedekirukogao.dt25.net&random=763374436369&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 Ketsch, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 2ce8ea2d989289901a4476bfb34ad6d1c533c4659c3e0dce37f222266314e10d

Request headers

Host: hal90003.redintelligence.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: 8lcfmzhxc8d6_uid=8bc5466d21ab9c9e
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

Date: Tue, 20 Apr 2021 22:44:56 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 20 Apr 2021 23:44:56 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1215
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK request_content.php Show response
hal90001.redintelligence.net/ Frame 7034 3 KB
2 KB 104ms
35ms Document
text/html 46.4.10.49
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90001.redintelligence.net/request_content.php?s=86004800003811902179195011571001&a=fe15110c
Requested by: Host: hal90001.redintelligence.net
URL: https://hal90001.redintelligence.net/request.php?zone=kfm7pdl6j5sw&nw=20&renderingType=javascript&namespace=b8769fd653&subid=&uid=b34b69839b131938&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D4990584769642530090%26mt_id%3D8675613%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Df607607f-5968-4401-9c10-34363f649f56%26mt_cid%3Df607607f-5968-4401-9c10-34363f649f56%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC4621aFl_YK-4BJKHgAf5zKPYA8-HjptcwIbZgsYCwI23ARABIABglYr4gZQHggEXY2EtcHViLTg4MTkyMDQ3NzgwMDI5MTLIAQmoAwGqBLgBT9BbbdsTdbexBCfAA4iUsxiC1q-YPxCEc863I6kMITm9UWb7XT4XWxIEKSexBq3Zm5ySlpfkmwu_X5ztkbjTXyKou1wmNkOUyzmCfP9fdo3U0-xAwfoVpIkPEvkMoXY82HwdFBLGCxbtmx2PWXJguPcLG5mVvB7VuWanbOgcHM73wZbw0Kkswu6CmVyCeUjiN7EqrjXINxrp9m0q2YAChTZn1O0Knivk8tl2uvO9wFlVKO6VRYc8JoAG-pm04aTW17RHoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG9gHANIIBwiA4YAQEAH6CwIIAYAMAQ%2526num%253D1%2526sig%253DAOD64_2Hh-7eZ482h1hhpaBCxYwVfjGSyg%2526client%253Dca-pub-8819204778002912%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&ancestorOrigins=https%3A%2F%2Fjibundedekirukogao.dt25.net&random=1951759475273&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.49 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.49.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: feb0add6a3bace505507b4f1c2a591e5466cbb74d3b2f9abd4a8098ea2e084dd

Request headers

Host: hal90001.redintelligence.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: 8lcfmzhxc8d6_uid=8bc5466d21ab9c9e
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

Date: Tue, 20 Apr 2021 22:44:56 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 20 Apr 2021 23:44:56 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1339
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame D9EF 43 B
703 B 108ms
55ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2846676&v=14098&q=409715&r=296283&pref1=86004800003811902179195011571001&pv=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Apr 2021 22:44:56 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 81F4 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 20 Apr 2021 16:59:40 GMT
expires: Wed, 21 Apr 2021 16:59:40 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 20716
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 7847 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 83cf20e87226a01ae29c020d5536bd54069133f79cc63ae4b41c1c91ccb568b8

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 63B2
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitULTb7iqIc2eRsyfI4OzkDohEdHkF9VyIRr9vrB...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUg5WmFBQUFBVDdneURoaw&google_push=AQvitULTb7iqIc2eRsyfI4OzkDohEdHkF9VyIRr9vrB-0jyqU6LO8pogwDEcW8cPtFWFQ4qN78PjNlyloMCuKANky8ezOy5FT4zg

170 B
188 B

48ms
47ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUg5WmFBQUFBVDdneURoaw&google_push=AQvitULTb7iqIc2eRsyfI4OzkDohEdHkF9VyIRr9vrB-0jyqU6LO8pogwDEcW8cPtFWFQ4qN78PjNlyloMCuKANky8ezOy5FT4zg

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Apr 2021 22:44:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUg5WmFBQUFBVDdneURoaw&google_push=AQvitULTb7iqIc2eRsyfI4OzkDohEdHkF9VyIRr9vrB-0jyqU6LO8pogwDEcW8cPtFWFQ4qN78PjNlyloMCuKANky8ezOy5FT4zg
Date: Tue, 20 Apr 2021 22:44:56 GMT
Server: Apache
Connection: keep-alive
Content-Length: 391
Content-Type: text/html; charset=iso-8859-1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 63B2
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEJ-N0dgfY_lcJAHHVDUYDdY&google_cver=1&google_push=AQvitUIqCliJcBh_zY1Q8tkzbH9IOTp8BnouEqZbEt4cMPTyBIKdyPey2b5yTfwW_BVC2oQ1V0WJebgzy1-ikJNRQI1EhY3US4eK8A
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUIqCliJcBh_zY1Q8tkzbH9IOTp8BnouEqZbEt4cMPTyBIKdyPey2b5yTfwW_BVC2oQ1V0WJebgzy1-ikJNRQI1EhY3US4eK8A&google_hm=Q0FFU0VKLU4wZGdmWV9...

170 B
188 B

70ms
46ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUIqCliJcBh_zY1Q8tkzbH9IOTp8BnouEqZbEt4cMPTyBIKdyPey2b5yTfwW_BVC2oQ1V0WJebgzy1-ikJNRQI1EhY3US4eK8A&google_hm=Q0FFU0VKLU4wZGdmWV9sY0pBSEhWRFVZRGRZ

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Apr 2021 22:44:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 20 Apr 2021 22:44:56 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUIqCliJcBh_zY1Q8tkzbH9IOTp8BnouEqZbEt4cMPTyBIKdyPey2b5yTfwW_BVC2oQ1V0WJebgzy1-ikJNRQI1EhY3US4eK8A&google_hm=Q0FFU0VKLU4wZGdmWV9sY0pBSEhWRFVZRGRZ
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 63B2
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAQvitULRS4a7MHB3bT61aNa_xE_6DBm4AI7iGpVTbxnIBXf-aQHnvuhQamWbDcQXCHxjoV3kog3NpFiU37gJ0nqEouJFhYHVDzu76g&google_gid=CAESEMjAedLS5GayyC7expB1tgY&g...
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCOiy_YMGEgUI6AcQAEIASnJnb29nbGVfcHVzaD1BUXZpdFVMUlM0YTdNSEIzYlQ2MWFOYV94RV82REJtNEFJN2lHcFZUYnhuSUJYZi1hUUhudnVoUWFtV2JEY1FYQ0h4am9WM2tvZzNOcEZpVTM3Z0owbn...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwcWtPLW5WczlPeHo5cHVEd09YeVhOcVFDOG1LNkZFakNmNVdseTRGRUtIOA==&google_push

170 B
188 B

74ms
46ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwcWtPLW5WczlPeHo5cHVEd09YeVhOcVFDOG1LNkZFakNmNVdseTRGRUtIOA==&google_push

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Apr 2021 22:44:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 20 Apr 2021 22:44:56 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwcWtPLW5WczlPeHo5cHVEd09YeVhOcVFDOG1LNkZFakNmNVdseTRGRUtIOA==&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 63B2 43 B
609 B 79ms
34ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESELYzGHNXys9Us6xyT_Ct0_o&google_push=AQvitULyhLQb1h2cjmZUjTlhPs09sv3AuSaOXBgu6CJBtcozW_wGg-3RlU0ayuMa1HSQrfdmpxLbOTxcXqiXBMV4CV7uU6DWibiu5w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=600&slotname=3613768783&adk=94595765&adf=282678229&pi=t.ma~as.3613768783&w=160&lmt=1570747697&psa=0&format=160x600&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696043&bpp=1&bdt=343&idt=1&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250%2C250x250&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=427&ady=374&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=UoXFPF44NY&p=https%3A//jibundedekirukogao.dt25.net&dtd=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Apr 2021 22:44:56 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 63B2
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESECoPLfQHqL4-PPp90sX7xU4&google_cver=1&google_push=AQvitUK0EAR2CouJjjr22izeC_t05763a2FG4Siz_H0tIaOPfzAjKWIPoVLvVrKgPhvZKNEE6P50VtqrKoZnSLefEWfQ0rEFnNU9Aw
https://rtb.openx.net/sync/dds?google_gid=CAESECoPLfQHqL4-PPp90sX7xU4&google_cver=1&google_push=AQvitUK0EAR2CouJjjr22izeC_t05763a2FG4Siz_H0tIaOPfzAjKWIPoVLvVrKgPhvZKNEE6P50VtqrKoZnSLefEWfQ0rEFnNU9A...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUK0EAR2CouJjjr22izeC_t05763a2FG4Siz_H0tIaOPfzAjKWIPoVLvVrKgPhvZKNEE6P50VtqrKoZnSLefEWfQ0rEFnNU9Aw&google_hm=qpr4joJcz2sBaLERSJCsrw==

170 B
188 B

74ms
46ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUK0EAR2CouJjjr22izeC_t05763a2FG4Siz_H0tIaOPfzAjKWIPoVLvVrKgPhvZKNEE6P50VtqrKoZnSLefEWfQ0rEFnNU9Aw&google_hm=qpr4joJcz2sBaLERSJCsrw==

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Apr 2021 22:44:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 20 Apr 2021 22:44:56 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUK0EAR2CouJjjr22izeC_t05763a2FG4Siz_H0tIaOPfzAjKWIPoVLvVrKgPhvZKNEE6P50VtqrKoZnSLefEWfQ0rEFnNU9Aw&google_hm=qpr4joJcz2sBaLERSJCsrw==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: d4mrsnr2bokanvjo4mh6kbortijhcm5i

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 63B2
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENbA6W61xhEf_pNRmNP2Yrs&google_cver=1&google_push=AQvitULEClVUzLmG0ofJZ-Wy5n1BneSpkPt2ziZjPPc2cGkOGQMAB40AqkuHzpyWkli7bXrMWVp...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05RTTdIQ1MtMTItS01QMA==&google_push=AQvitULEClVUzLmG0ofJZ-Wy5n1BneSpkPt2ziZjPPc2cGkOGQMAB40AqkuHzpyWkli7bXrMWVp7Ll8AHNt4eg0zLsAvYfMMhavt

170 B
188 B

84ms
45ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05RTTdIQ1MtMTItS01QMA==&google_push=AQvitULEClVUzLmG0ofJZ-Wy5n1BneSpkPt2ziZjPPc2cGkOGQMAB40AqkuHzpyWkli7bXrMWVp7Ll8AHNt4eg0zLsAvYfMMhavt

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Apr 2021 22:44:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05RTTdIQ1MtMTItS01QMA==&google_push=AQvitULEClVUzLmG0ofJZ-Wy5n1BneSpkPt2ziZjPPc2cGkOGQMAB40AqkuHzpyWkli7bXrMWVp7Ll8AHNt4eg0zLsAvYfMMhavt
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Expires: 0

GET
H2 200 trk
ag.innovid.com/ Frame 63B2 43 B
296 B 67ms
21ms Image
image/gif 2a05:d01c:1d8:8102:5642:8a73:6264:9a1f
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEHXBqu4ulumhhLOxfydc2KA&google_cver=1&google_push=AQvitULX9pcYrfCn8Ox9ppj3MDWYS3ep2X6hgZ-TbYxvsQlpUgtWEHecW2v32-cFMNkjD3eRtrgAZxKhV30tQ020cNkYMELg8BH0Qw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=600&slotname=3613768783&adk=94595765&adf=282678229&pi=t.ma~as.3613768783&w=160&lmt=1570747697&psa=0&format=160x600&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696043&bpp=1&bdt=343&idt=1&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250%2C250x250&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=427&ady=374&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=UoXFPF44NY&p=https%3A//jibundedekirukogao.dt25.net&dtd=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8102:5642:8a73:6264:9a1f London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Apr 2021 22:44:56 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 0
expires: -1

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 63B2 0
40 B 92ms
32ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I8OdA_shLjwPpQN6RKipGeAooHcFlE29dZ47rUkcfcVZ44T1f4ITXCoZ3xli7fd9xu-so0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:44:56 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2F87 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 20 Apr 2021 16:59:40 GMT
expires: Wed, 21 Apr 2021 16:59:40 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 20716
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame D9EF 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89049f5d5aa36cd9aa0b4ad24492bf8d4ee17a8b7a09699299f5bf70de3b5a3b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

kl_kis_160x600px.jpg
cdn.contentspread.net/24i/advertiser/3839/creativesup/ Frame 553D
Redirect Chain

https://www.awin1.com/cshow.php?s=2846679&v=14098&q=409715&r=296283&pref1=55870000003079102179201011571024&pv=0
https://cdn.contentspread.net/24i/advertiser/3839/creativesup/kl_kis_160x600px.jpg

37 KB
37 KB

1104ms
43ms

Image
image/jpeg

85.114.131.235
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/advertiser/3839/creativesup/kl_kis_160x600px.jpg
Requested by: Host: hal900024.redintelligence.net
URL: https://hal900024.redintelligence.net/request_content.php?s=55870000003079102179201011571024&a=3661f9ea
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.114.131.235 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: srv21039.dus4.fastwebserver.de
Software: nginx /
Resource Hash: fd5b911c1009c6ac2de1c897afe02381a0b7aacbca10d70c589239c03f03e0cf

Request headers

Referer: https://hal900024.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Apr 2021 22:44:57 GMT
Last-Modified: Mon, 29 Mar 2021 07:44:27 GMT
Server: nginx
ETag: "6061855b-936d"
Content-Type: image/jpeg
Connection: close
Accept-Ranges: bytes
Content-Length: 37741

Redirect headers

Date: Tue, 20 Apr 2021 22:44:56 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://cdn.contentspread.net/24i/advertiser/3839/creativesup/kl_kis_160x600px.jpg
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK viewability Show response
hal900024.redintelligence.net/ Frame 553D 0
150 B 115ms
40ms Script
text/html 138.201.84.252
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900024.redintelligence.net/viewability?s=55870000003079102179201011571024&a=94d442e9&vb=m
Requested by: Host: hal900024.redintelligence.net
URL: https://hal900024.redintelligence.net/request_content.php?s=55870000003079102179201011571024&a=3661f9ea
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.252 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.252.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hal900024.redintelligence.net/request_content.php?s=55870000003079102179201011571024&a=3661f9ea
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Apr 2021 22:44:56 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 553D 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK addDoubleBorder.js Show response
cdn.contentspread.net/24i/tools/js/ Frame 553D 851 B
1 KB 139ms
45ms Script
application/javascript 85.114.131.235
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.contentspread.net/24i/tools/js/addDoubleBorder.js
Requested by: Host: hal900024.redintelligence.net
URL: https://hal900024.redintelligence.net/request_content.php?s=55870000003079102179201011571024&a=3661f9ea
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.114.131.235 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: srv21039.dus4.fastwebserver.de
Software: nginx /
Resource Hash: abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107

Request headers

Referer: https://hal900024.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Apr 2021 22:44:56 GMT
Last-Modified: Tue, 03 May 2016 20:54:50 GMT
Server: nginx
ETag: "5729101a-353"
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 851

GET
H2 200 dpixel
cms.quantserve.com/ Frame 81F4 35 B
462 B 25ms
8ms Image
image/gif 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEBs-_R6AxX8JUKFlYZ4EwJM&google_cver=1&google_push=AQvitUJfFqh3ybHQq1eGQfE0q9HwrSWfz2ZAzCnJBYEa4bMjzRQu5ZBJeeRw2oVKUt5fPCyJiWxIFhH4OZPRn_AFzGkUjz9eW7b8

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Apr 2021 22:44:56 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 81F4
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAQvitUJAXOCYc-jE5jMop0hRAYrEsN6HSOwdEFuKyaeEmvlcHua_mQWvLFVQ2GnsJUu5co2NhSDeyGmKSrZP4KxNsogr_qjSO91Fmw&google_gid=CAESEJ4xG-V99P6x-7zOjDgiNPo&g...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=&google_push

170 B
329 B

40ms
40ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=&google_push

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Apr 2021 22:44:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 20 Apr 2021 22:44:56 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 81F4 43 B
390 B 38ms
37ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEGXxU8h0Ts9XdRIr2HsQL2I&google_push=AQvitUI3Dw_ZebjD6pUKxA3HBNNk7aXTCdArgqDp4eq2Y3fQGcZB9AjXcR27i1jPvB-CEdsC51zBtb4sXsqv-Wz0CQApFgBng0HoBA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=250&slotname=3379513183&adk=3419604076&adf=2457737313&pi=t.ma~as.3379513183&w=250&lmt=1570747697&psa=0&format=250x250&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696012&bpp=1&bdt=311&idt=1&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=907&ady=176&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&xpc=lDtErgvsIY&p=https%3A//jibundedekirukogao.dt25.net&dtd=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Apr 2021 22:44:56 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 81F4
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEB5-uyUsQ0r9G6m9JJTX3PU&google_cver=1&google_push=AQvitUJIz_7TBmS9MfyNM7CVGVFYbTzy0mpmQN8a1XgmLaEbfQUaGWiQ_ZmiH_zhmck-6OkMgtnN43-XdIUSSJuJlYqQ4gPZZnoN
https://rtb.openx.net/sync/dds?google_gid=CAESEB5-uyUsQ0r9G6m9JJTX3PU&google_cver=1&google_push=AQvitUJIz_7TBmS9MfyNM7CVGVFYbTzy0mpmQN8a1XgmLaEbfQUaGWiQ_ZmiH_zhmck-6OkMgtnN43-XdIUSSJuJlYqQ4gPZZnoN&...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJIz_7TBmS9MfyNM7CVGVFYbTzy0mpmQN8a1XgmLaEbfQUaGWiQ_ZmiH_zhmck-6OkMgtnN43-XdIUSSJuJlYqQ4gPZZnoN&google_hm=JY6RE71kysQrH5HogbgD_Q==

170 B
188 B

58ms
46ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJIz_7TBmS9MfyNM7CVGVFYbTzy0mpmQN8a1XgmLaEbfQUaGWiQ_ZmiH_zhmck-6OkMgtnN43-XdIUSSJuJlYqQ4gPZZnoN&google_hm=JY6RE71kysQrH5HogbgD_Q==

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Apr 2021 22:44:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 20 Apr 2021 22:44:56 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJIz_7TBmS9MfyNM7CVGVFYbTzy0mpmQN8a1XgmLaEbfQUaGWiQ_ZmiH_zhmck-6OkMgtnN43-XdIUSSJuJlYqQ4gPZZnoN&google_hm=JY6RE71kysQrH5HogbgD_Q==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: epa1ov2cl0s9jtngc4ls2e0u2j71oof0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 81F4
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=XQvD4BhCRpaPBCfJjNt7mQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

33ms
33ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=XQvD4BhCRpaPBCfJjNt7mQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJhemp0GqaE_Rs9CVlJExOitC_aUT5PAwoYYES8BGa0HtQTI6qCx0C2WEa5Tvevd6pXwBZTvS0nSD5E-STuMLEegSS-3COEMg

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Apr 2021 22:44:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=XQvD4BhCRpaPBCfJjNt7mQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJhemp0GqaE_Rs9CVlJExOitC_aUT5PAwoYYES8BGa0HtQTI6qCx0C2WEa5Tvevd6pXwBZTvS0nSD5E-STuMLEegSS-3COEMg
Date: Tue, 20 Apr 2021 22:44:55 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 81F4
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEA32TYsI1NckL-KYdcwpY-w&google_cver=1&google_push=AQvitUK8zC17VPAbyPtuw4pDC-SaQpjZyc9Ws2xdLU7ibvu_oQJliXRY7_q_4zdER71KrwDDEmF...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05RTTdIRFAtMjUtNE85VQ==&google_push=AQvitUK8zC17VPAbyPtuw4pDC-SaQpjZyc9Ws2xdLU7ibvu_oQJliXRY7_q_4zdER71KrwDDEmFtaqv4-Uuo_-DkbPk0YoXkOyygxQ

170 B
188 B

51ms
46ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05RTTdIRFAtMjUtNE85VQ==&google_push=AQvitUK8zC17VPAbyPtuw4pDC-SaQpjZyc9Ws2xdLU7ibvu_oQJliXRY7_q_4zdER71KrwDDEmFtaqv4-Uuo_-DkbPk0YoXkOyygxQ

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Apr 2021 22:44:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05RTTdIRFAtMjUtNE85VQ==&google_push=AQvitUK8zC17VPAbyPtuw4pDC-SaQpjZyc9Ws2xdLU7ibvu_oQJliXRY7_q_4zdER71KrwDDEmFtaqv4-Uuo_-DkbPk0YoXkOyygxQ
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Expires: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 81F4
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDM3DEcOwvqcEogFfiWfQv4&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDM3DEcOwvqcEogFfiWfQv4&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YH9ZaPZoSzxBU7whEDPRtgAABJEAAAIB&google_gid=CAESEDM3DEcOwvqcEogFfiWfQv4&google_push=AQvitUIuQuXghPynBlU6LAaNV7c8xTlzQTdQma-RGkGwZFEvLeZ...

170 B
188 B

34ms
34ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YH9ZaPZoSzxBU7whEDPRtgAABJEAAAIB&google_gid=CAESEDM3DEcOwvqcEogFfiWfQv4&google_push=AQvitUIuQuXghPynBlU6LAaNV7c8xTlzQTdQma-RGkGwZFEvLeZyPOJ8oh8UqwhpFzlhdmg3ZtFtU_57szemloK2oh6u6nl4HDbRWg&google_cver=1

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Apr 2021 22:44:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 20 Apr 2021 22:44:57 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YH9ZaPZoSzxBU7whEDPRtgAABJEAAAIB&google_gid=CAESEDM3DEcOwvqcEogFfiWfQv4&google_push=AQvitUIuQuXghPynBlU6LAaNV7c8xTlzQTdQma-RGkGwZFEvLeZyPOJ8oh8UqwhpFzlhdmg3ZtFtU_57szemloK2oh6u6nl4HDbRWg&google_cver=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 462
Expires: Tue, 20 Apr 2021 22:44:57 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 81F4 0
227 B 39ms
32ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I9-sWeTOgYqm_C6BkyrpM_MtjNE65htWrE6TXRvQ8zpclQjMBLgKygtLvDQACCm83N3yIy

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:44:56 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 dpixel
cms.quantserve.com/ Frame 2F87 35 B
463 B 16ms
7ms Image
image/gif 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEMoKke6KQ679yMkRmU9EFhk&google_cver=1&google_push=AQvitUIt6oVQWiiOi-vLAtYElTrv2OULQYXG2GtK5Mqi9t-8v0DUzl8GRi1x85AGfQ0PYWYY6wSkFRcAhpjIJXfZRPp1jHe0gRs

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Apr 2021 22:44:56 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2F87
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitUJVGM_pN7k9U7ffLYGY-fV9GPRi2OlR0Ink1QP...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUg5WmFBQUFBRWh0WFc5Vg&google_push=AQvitUJVGM_pN7k9U7ffLYGY-fV9GPRi2OlR0Ink1QPN2cTJiiuyz381U0mUZ5L7Y2f0choViZez7X17WVluJKr54DRPMgIfN-Wu

170 B
188 B

34ms
34ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUg5WmFBQUFBRWh0WFc5Vg&google_push=AQvitUJVGM_pN7k9U7ffLYGY-fV9GPRi2OlR0Ink1QPN2cTJiiuyz381U0mUZ5L7Y2f0choViZez7X17WVluJKr54DRPMgIfN-Wu

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Apr 2021 22:44:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUg5WmFBQUFBRWh0WFc5Vg&google_push=AQvitUJVGM_pN7k9U7ffLYGY-fV9GPRi2OlR0Ink1QPN2cTJiiuyz381U0mUZ5L7Y2f0choViZez7X17WVluJKr54DRPMgIfN-Wu
Date: Tue, 20 Apr 2021 22:44:56 GMT
Server: Apache
Connection: keep-alive
Content-Length: 391
Content-Type: text/html; charset=iso-8859-1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2F87
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEOEEmrjPN3Xa9z4E1_2RPkc&google_cver=1&google_push=AQvitUJTVjrCvSPcq94K9bp2tqjl9RdXW_WmZqNqGkn85th9ixBIyWyxbsh9yOlo8QEbfrGGG7PVVeO77rtMth0bSDkaYUp9SJWN
https://rtb.openx.net/sync/dds?google_gid=CAESEOEEmrjPN3Xa9z4E1_2RPkc&google_cver=1&google_push=AQvitUJTVjrCvSPcq94K9bp2tqjl9RdXW_WmZqNqGkn85th9ixBIyWyxbsh9yOlo8QEbfrGGG7PVVeO77rtMth0bSDkaYUp9SJWN&...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJTVjrCvSPcq94K9bp2tqjl9RdXW_WmZqNqGkn85th9ixBIyWyxbsh9yOlo8QEbfrGGG7PVVeO77rtMth0bSDkaYUp9SJWN&google_hm=F4MW6HkuzBAQ2aZKpo1s2w==

170 B
188 B

45ms
44ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJTVjrCvSPcq94K9bp2tqjl9RdXW_WmZqNqGkn85th9ixBIyWyxbsh9yOlo8QEbfrGGG7PVVeO77rtMth0bSDkaYUp9SJWN&google_hm=F4MW6HkuzBAQ2aZKpo1s2w==

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Apr 2021 22:44:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 20 Apr 2021 22:44:56 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJTVjrCvSPcq94K9bp2tqjl9RdXW_WmZqNqGkn85th9ixBIyWyxbsh9yOlo8QEbfrGGG7PVVeO77rtMth0bSDkaYUp9SJWN&google_hm=F4MW6HkuzBAQ2aZKpo1s2w==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: 9ou8ju1hv3np5tpnnl7b89q3vl41j9pg

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2F87
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=3FfJ0p2vQ6KkYELRzjp8yA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

33ms
33ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=3FfJ0p2vQ6KkYELRzjp8yA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKty2jFofy94564ZwV4g8SFzlSZnPEzmn1gH9mHUjWvwt7hNX8GVlwlLKfIkY_RkwzRRkP75RPBXNwLTJG0ipxNq7cV26Kf

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Apr 2021 22:44:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=3FfJ0p2vQ6KkYELRzjp8yA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKty2jFofy94564ZwV4g8SFzlSZnPEzmn1gH9mHUjWvwt7hNX8GVlwlLKfIkY_RkwzRRkP75RPBXNwLTJG0ipxNq7cV26Kf
Date: Tue, 20 Apr 2021 22:44:55 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2F87
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESELUvDMxgtFb6Ohtao-7EPlw&google_cver=1&google_push=AQvitULxkpqpQNi0xXj-wA5N1yctEFI8L6AQZ0HHNdqAbcKxXfHr-abK93YKf58_En5SbdgriJ0...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05RTTdIRUctNS02MFJL&google_push=AQvitULxkpqpQNi0xXj-wA5N1yctEFI8L6AQZ0HHNdqAbcKxXfHr-abK93YKf58_En5SbdgriJ0fLjvO8Vok0sG7juFOUKtKL118

170 B
188 B

34ms
33ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05RTTdIRUctNS02MFJL&google_push=AQvitULxkpqpQNi0xXj-wA5N1yctEFI8L6AQZ0HHNdqAbcKxXfHr-abK93YKf58_En5SbdgriJ0fLjvO8Vok0sG7juFOUKtKL118

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Apr 2021 22:44:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05RTTdIRUctNS02MFJL&google_push=AQvitULxkpqpQNi0xXj-wA5N1yctEFI8L6AQZ0HHNdqAbcKxXfHr-abK93YKf58_En5SbdgriJ0fLjvO8Vok0sG7juFOUKtKL118
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Expires: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2F87
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPUOQFoxbYFB3sRzNoRcgnM&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPUOQFoxbYFB3sRzNoRcgnM&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YH9ZaPZoSzxBU7whEDPRuAAABFoAAAIB&google_push=AQvitUKdTGWjb2PIGREhRaTrGE-mjHJcs1ycXpREPjxQbXLCWC4fPCUeExP_aOr6AOAsItJh9Wwc7jREnshBJcR2PH...

170 B
188 B

33ms
32ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YH9ZaPZoSzxBU7whEDPRuAAABFoAAAIB&google_push=AQvitUKdTGWjb2PIGREhRaTrGE-mjHJcs1ycXpREPjxQbXLCWC4fPCUeExP_aOr6AOAsItJh9Wwc7jREnshBJcR2PHY0hJhmca0&google_gid=CAESEPUOQFoxbYFB3sRzNoRcgnM&google_cver=1

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Apr 2021 22:44:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 20 Apr 2021 22:44:57 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YH9ZaPZoSzxBU7whEDPRuAAABFoAAAIB&google_push=AQvitUKdTGWjb2PIGREhRaTrGE-mjHJcs1ycXpREPjxQbXLCWC4fPCUeExP_aOr6AOAsItJh9Wwc7jREnshBJcR2PHY0hJhmca0&google_gid=CAESEPUOQFoxbYFB3sRzNoRcgnM&google_cver=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 459
Expires: Tue, 20 Apr 2021 22:44:57 GMT

GET
H2 200 trk
ag.innovid.com/ Frame 2F87 43 B
295 B 22ms
21ms Image
image/gif 2a05:d01c:1d8:8102:5642:8a73:6264:9a1f
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESELZkuspz77LQh41lB8ny8S4&google_cver=1&google_push=AQvitUKoWdZERC46DTeLhrm7YV7kuqCKWEySsnedgF1b6OTKExNDZR1-6hUx1D3GMdESA8UCULfpGX0p3VV6yN5YiFw8jmJwXro
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8819204778002912&output=html&h=90&slotname=9366493185&adk=2171484123&adf=2334505472&pi=t.ma~as.9366493185&w=728&lmt=1570747697&psa=0&format=728x90&url=https%3A%2F%2Fjibundedekirukogao.dt25.net%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1618958696050&bpp=4&bdt=350&idt=4&shv=r20210415&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd20ea468cc06fb18-22b9958fecc7008e%3AT%3D1618958695%3ART%3D1618958695%3AS%3DALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A&prev_fmts=0x0%2C250x250%2C250x250%2C160x600&prev_slotnames=9751991989&nras=1&correlator=1261708783428&frm=20&pv=1&ga_vid=1247542356.1618958696&ga_sid=1618958696&ga_hid=114093923&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=1431&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736525%2C31060711%2C44740079%2C31060829&oid=3&pvsid=467619183612514&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=IcKvSntUZu&p=https%3A//jibundedekirukogao.dt25.net&dtd=7
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8102:5642:8a73:6264:9a1f London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Apr 2021 22:44:56 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 0
expires: -1

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 2F87 0
49 B 32ms
31ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JP94Q6Bqqpde4SnMylZn03wvIRCHlhzqdaR-wP66GHX3NOLu9S76Xgc_m5MTup2GuGo7J6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:44:56 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK S-250x250.gif
cdn.contentspread.net/24i/content/soberfb/DE/ Frame 1F4B 64 KB
64 KB 1212ms
45ms Image
image/gif 85.114.131.235
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/content/soberfb/DE/S-250x250.gif
Requested by: Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request_content.php?s=39848900003759900951399011571003&a=87de865e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.114.131.235 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: srv21039.dus4.fastwebserver.de
Software: nginx /
Resource Hash: e05b9834df0231f80a8574f9737b6b0157a98d4a0f86d460912076738f8abb2b

Request headers

Referer: https://hal90003.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Apr 2021 22:44:58 GMT
Last-Modified: Mon, 23 Jul 2018 15:19:52 GMT
Server: nginx
ETag: "5b55f218-10074"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 65652

GET
H/1.1 200
OK viewability Show response
hal90003.redintelligence.net/ Frame 1F4B 0
150 B 353ms
35ms Script
text/html 138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90003.redintelligence.net/viewability?s=39848900003759900951399011571003&a=d464b00f&vb=m
Requested by: Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request_content.php?s=39848900003759900951399011571003&a=87de865e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 Ketsch, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hal90003.redintelligence.net/request_content.php?s=39848900003759900951399011571003&a=87de865e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Apr 2021 22:44:57 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 1F4B 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1

200
OK

kl_kts_728x90px.gif
cdn.contentspread.net/24i/advertiser/3839/creativesup/ Frame 7034
Redirect Chain

https://www.awin1.com/cshow.php?s=2846676&v=14098&q=409715&r=296283&pref1=86004800003811902179195011571001&pv=0
https://cdn.contentspread.net/24i/advertiser/3839/creativesup/kl_kts_728x90px.gif

26 KB
26 KB

1079ms
43ms

Image
image/gif

85.114.131.235
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/advertiser/3839/creativesup/kl_kts_728x90px.gif
Requested by: Host: hal90001.redintelligence.net
URL: https://hal90001.redintelligence.net/request_content.php?s=86004800003811902179195011571001&a=fe15110c
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.114.131.235 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: srv21039.dus4.fastwebserver.de
Software: nginx /
Resource Hash: 1506a76dcd6d608d22a2318266a6c9260639b5a5bb0729ec5df390784a708b28

Request headers

Referer: https://hal90001.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Apr 2021 22:44:57 GMT
Last-Modified: Mon, 29 Mar 2021 07:44:29 GMT
Server: nginx
ETag: "6061855d-679b"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 26523

Redirect headers

Date: Tue, 20 Apr 2021 22:44:56 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://cdn.contentspread.net/24i/advertiser/3839/creativesup/kl_kts_728x90px.gif
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK viewability Show response
hal90001.redintelligence.net/ Frame 7034 0
150 B 1121ms
37ms Script
text/html 46.4.10.49
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90001.redintelligence.net/viewability?s=86004800003811902179195011571001&a=e56aae47&vb=m
Requested by: Host: hal90001.redintelligence.net
URL: https://hal90001.redintelligence.net/request_content.php?s=86004800003811902179195011571001&a=fe15110c
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.49 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.49.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hal90001.redintelligence.net/request_content.php?s=86004800003811902179195011571001&a=fe15110c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Apr 2021 22:44:57 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 7034 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK addDoubleBorder.js Show response
cdn.contentspread.net/24i/tools/js/ Frame 7034 851 B
1 KB 175ms
26ms Script
application/javascript 85.114.131.235
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.contentspread.net/24i/tools/js/addDoubleBorder.js
Requested by: Host: hal90001.redintelligence.net
URL: https://hal90001.redintelligence.net/request_content.php?s=86004800003811902179195011571001&a=fe15110c
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.114.131.235 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: srv21039.dus4.fastwebserver.de
Software: nginx /
Resource Hash: abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107

Request headers

Referer: https://hal90001.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Apr 2021 22:44:57 GMT
Last-Modified: Tue, 03 May 2016 20:54:50 GMT
Server: nginx
ETag: "5729101a-353"
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 851

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 807D 42 B
64 B 52ms
39ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssFEo5wOx67a9k7Megb_iFlQzEG-P7u7dha7voIb5Ni0T4kQmPNRWVHX5UC9LNWFryxECeUGGNNIKE2mZ6EGC__mwDcz0QzcA&sig=Cg0ArKJSzDoDl3OMCZjwEAE&cid=CAASF-Rone6LAOdFRG6Z9Xbv2iHzovmzqgle&id=lidar2&mcvt=1001&p=374,427,974,587&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20210419&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=94595765&rs=2&met=mue&la=0&cr=0&osd=1&vs=4&rst=1618958696047&dlt=111&rpt=1&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Apr 2021 22:44:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7847 42 B
64 B 39ms
39ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssI8S47D_vnRx_LciCOzxFZR1bA1Z9vloE8qkWNYDvuZFXMvmc5Zf1c42vmzRy9jDrstK49o6wqs2-E6KWIzddXz7p4a4QoDg&sig=Cg0ArKJSzFxSrzcY4TuqEAE&cid=CAASF-Roc7JnAZZnC_qlG3qmEo8U6oVS_6Un&id=lidar2&mcvt=1000&p=176,907,426,1157&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210419&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=3419604076&rs=2&met=mue&la=0&cr=0&osd=1&vs=4&rst=1618958696018&dlt=110&rpt=2&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Apr 2021 22:44:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900024.redintelligence.net/ Frame 553D 0
150 B 109ms
37ms Script
text/html 138.201.84.252
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900024.redintelligence.net/viewability?s=55870000003079102179201011571024&a=94d442e9&vb=v
Requested by: Host: hal900024.redintelligence.net
URL: https://hal900024.redintelligence.net/request_content.php?s=55870000003079102179201011571024&a=3661f9ea
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.252 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.252.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hal900024.redintelligence.net/request_content.php?s=55870000003079102179201011571024&a=3661f9ea
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Apr 2021 22:44:58 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK viewability Show response
hal90003.redintelligence.net/ Frame 1F4B 0
150 B 36ms
35ms Script
text/html 138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90003.redintelligence.net/viewability?s=39848900003759900951399011571003&a=d464b00f&vb=v
Requested by: Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request_content.php?s=39848900003759900951399011571003&a=87de865e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 Ketsch, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hal90003.redintelligence.net/request_content.php?s=39848900003759900951399011571003&a=87de865e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Apr 2021 22:44:57 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
6 KB 17ms
17ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210415&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7cc888acbf0d7b083f3b4365298a8e4e296256149d4c307be167d555900336c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://jibundedekirukogao.dt25.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 20 Apr 2021 22:44:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6501
x-xss-protection: 0

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://jibundedekirukogao.dt25.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:44:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Tue, 20 Apr 2021 22:44:58 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 69B2 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://jibundedekirukogao.dt25.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://jibundedekirukogao.dt25.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Tue, 20 Apr 2021 21:04:19 GMT
expires: Wed, 20 Apr 2022 21:04:19 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 6039
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 8BD5 783 B
531 B 24ms
24ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

691eea53ca2d993aae025238a5878ee837722e8bb41c64f295c1f675af4c2f49

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-2Cozpgs8+ma9aLGN4IClQQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://jibundedekirukogao.dt25.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://jibundedekirukogao.dt25.net/

Response headers

expires: Tue, 20 Apr 2021 22:44:58 GMT
date: Tue, 20 Apr 2021 22:44:58 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-2Cozpgs8+ma9aLGN4IClQQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Ru4asw80RDg-wKj4k1IJyVIDrNjFP7NKP7NQDOdNnzM.js Show response
pagead2.googlesyndication.com/bg/ Frame 69B2 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ru4asw80RDg-wKj4k1IJyVIDrNjFP7NKP7NQDOdNnzM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

46ee1ab30f3444383ec0a8f8935209c95203acd8c53fb34a3fb3500ce74d9f33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 22:09:43 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 08 Apr 2021 09:18:00 GMT
server: sffe
age: 2115
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5687
x-xss-protection: 0
expires: Wed, 20 Apr 2022 22:09:43 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 39ms
39ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210415&jk=467619183612514&bg=!rq2lrenNAAZUuIlwVLg7ACkAdvg8WmaXNpONs4CsjIdJ1Gz1OFMoHzbxlZE7xkP5XsnZUsul4v5XwQIAAABZUgAAAApoAQcKAHJ1T0SqBL-9kLQqN9o9Q7Q_KQAcPx9ktkckOYP8Ra31vM_iOC2i2ZGaO1MT1fn1NpzePEwWkBwVlypps7Ikq6xLx6P7lyGryqn5IrZ_JuEub5-TT5qIg3MbNOO9hjmfp5wtVNRUb1HiYsApCBptlWlALoWZAd-hMTcaxdGTLy-TwwQlFknld8WgxjCZZvau7jg75LZEzRKuQ-0AcgA7okLGIiI4vrRXFqQFTWO884JvrSf6jMsv_FDtFhC9itFE_nnXBASxCv0GPbYbzQJYnHviH1KmEQuJxC5mVpdEVRrjXWiG251GVy5v8yFwHf7wSPX4qjbjBDg4rG3FQRGL0KNRboIL9Y_LiFFy-zDYBcVUeaINy5cnBgjIUq1zTX7wzhnFKXUaDk7_NpXBQnphGF9nLdTrF9_Je5O8vffbCHpLJLZ6fBRi8FWGWCU2C5lLoYSezeToJgCqC7BPecobCmoU6cSEojppNtGLuk4DmC7CtqwowA3PFY5tCN6TQkbwR9W5ixxlWOr9ZW9GB4mumlg9yTu_u-xN-GcDQN6kfM6LgKrAzthvyVyE5-JQf4Iuu-_3gDZhte2_Z6kUO0iyj0wkc7GuKQGwGdYLBkfFfeYtDoExARdDq843c_c6QhgneppnVu7flBOj0FaKERG7b2BC5TYKey8t3ZVYfk-XiF_qshJuJoiMqAsIqHJSDB8Bw5a7bleblrAnnBknAOAFLzi89ztbYw6j1_9zULbWuPTSzNwSWqgPM6qsvfC2TObqRxS3ES_VhcWKzFo6QycI5hd4_Iylhw

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://jibundedekirukogao.dt25.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Apr 2021 22:44:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

61 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 03:04:14	Name: IDE Value: AHWqTUlUx9YZbsbkZ3Wrr6g-g4yKLMiLAHaFyplc9fU0BicY-HDNsv94AyVywkbDXfQ
.redintelligence.net/	1970-01-19 19:52:14	Name: 8lcfmzhxc8d6_uid Value: 8bc5466d21ab9c9e
.dt25.net/	1970-01-20 03:04:14	Name: __gads Value: ID=d20ea468cc06fb18-22b9958fecc7008e:T=1618958695:RT=1618958695:S=ALNI_MbKwHj-5HWsXS8ssVKR7bsD_uZx9A
.dt25.net/	1969-12-31 23:59:59	Name: gadsTest Value: test

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
ag.innovid.com
cdn.contentspread.net
cm.g.doubleclick.net
cms.quantserve.com
d.agkn.com
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal90001.redintelligence.net
hal900024.redintelligence.net
hal90003.redintelligence.net
id.rlcdn.com
image6.pubmatic.com
jibundedekirukogao.dt25.net
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.everesttech.net
pixel.mathtag.com
pixel.rubiconproject.com
rtb.openx.net
ssum-sec.casalemedia.com
tags.mathtag.com
tpc.googlesyndication.com
www.awin1.com
www.google.com
www.googletagservices.com
104.111.239.217
138.201.63.117
138.201.84.245
138.201.84.252
142.250.185.130
142.250.185.98
184.30.20.207
185.29.135.190
185.64.190.78
210.188.201.43
23.218.208.246
2620:116:800d:21:5a23:9c4e:e774:96c1
2a00:1450:4001:80f::2001
2a00:1450:4001:813::2002
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2004
2a05:d01c:1d8:8102:5642:8a73:6264:9a1f
3.120.24.152
34.246.227.69
34.98.67.61
35.186.253.211
35.244.174.68
46.4.10.49
69.173.144.139
85.114.131.235
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ba2c7aa4cc7b01640f18e41e148ea35e82aa19fe1474a4649e20b4ab03a80fd
0d56e5efcd431a52574d86313c4fa77d45a95b4c8456528966c99535c815e9d5
1506a76dcd6d608d22a2318266a6c9260639b5a5bb0729ec5df390784a708b28
166a4ec3cb90d525f7f744c7616c01b36bebd6dcecd486c8f5be14ccc0a7b3da
167c433f4f52bf52b6d84f4941c810f72dea47c2db6d82b17efa6cfe3855a186
1a0ac2a3a3c0169bbe335a8075500254a2771928031924123e78844a5ee3897c
1acb84ad79a9555c1810d4791a7dd32ea3fcdc0adce2f7cb99f369ecdb21fe6e
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
231064110361844d6320331a5c35979c2a492a546604d97181eb6cf7aa4ae1cd
27aae4e83e21c485cb1250724c46c65aa676556f64b97ee762ab377cfcf1a4c4
2cac4ee6205a0d95fc3fff343576fcad096223030cd3efc54938cf9904b587a0
2ce8ea2d989289901a4476bfb34ad6d1c533c4659c3e0dce37f222266314e10d
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
32feae1eaa46d369fe0a42d46b7e90a05cce2cdb8dc87c4dde67315e0d2a26f0
36e919f0513f552e7e796f66fde18b1b2e19625b054e96b7089cc2d31edbb0f1
3710d76ed137904196e68411fa784229749f004a0b4b16cfc191bbc273244f57
374c8dbc4170be246f238b17dc43ab7ab5a56793a5d67b91e345dcb4f5aed18d
4100200983407896b68dba6990abd1f94c96da85961db6d94718fda3eb4c462c
46ee1ab30f3444383ec0a8f8935209c95203acd8c53fb34a3fb3500ce74d9f33
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
569b6922d0065eccd95ed7158c81b29291be3de77d42517ec7e8f548b1394741
570eb65eeda36596fbd65b7187972092ea068478cbad5f6dd3fc3149cd0ae572
61f3994bd79e8f77a3a8e7630d7ad11ea2b4d6ab5bcdefa5c4b8a5ca0e7dc82a
632129e2f75ded5e9f1acfc4431c510992df953d0fed770edf6be996e1343745
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
691eea53ca2d993aae025238a5878ee837722e8bb41c64f295c1f675af4c2f49
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
753e9b80177a17f66245005bf2efcf16ed975d36d066588f213ca79f646e8b17
7b6efeab19d4d63217545b21b431633d67960189397bfeec860dc9dfd4519744
7bb3aa3a3564bba9896b55384a5b7d3ed063a6706ab4db87213bdc62b69b4376
7cc888acbf0d7b083f3b4365298a8e4e296256149d4c307be167d555900336c6
802a3841836b708b7cbcbadb00aee09e22c660bff1c295150fdf033b46a547a3
83cf20e87226a01ae29c020d5536bd54069133f79cc63ae4b41c1c91ccb568b8
89049f5d5aa36cd9aa0b4ad24492bf8d4ee17a8b7a09699299f5bf70de3b5a3b
8e7e1c0ca7f4b5de4bf685edab1b4db31bff56e83fa2745700947fea85ff3095
92979cafefd4019ad1e8f1b2012125d62b48b3b2cbc4d765e9e5aaaf0bee688e
966c211fe65ffa6a9480283eeb514b5c85c4f88cf76946b843507571f05e262a
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9f171fb9e3e50f34ad165fb83a476039d6daeae2456840ead841a51d1884a717
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a
abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b69e5926f8a65ce3d1b3ecb26580f079be2800d61c3ec290764ebef05dccc403
b79bbb4dde997e5ab5ccdc54788dfa659df09699a19aabff4c1ad10a20735b86
b7e97db2449beb81c36bbebd147d2a85bce3a47c87f04ff93f23e432cd1c21f5
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c6b4784e07a9bf2df2a97e36c4f7f90ac4531d5fcc8ab8a160057a22f5a6e66b
cab74b4c1b5e1ffd31e4b19e6e20f56a7895cd7a301cbfd0ca901d26bf4622bd
cbb04e83f849e21e6af06b134d990fc0df170e2e6746b7afa8d35d409b3426c7
cbeda32f538a5c88837b4231b37ef6f0fec2f295a6a8f7c0dcf92a610afb821a
d365165afdcb6f4108f403153aa460fd81c69824524df90d8a9ed4853f82e49f
daff8dc77812d8005f48497891983924b94681969a67c9f71d4cadfa84683bf7
e05b9834df0231f80a8574f9737b6b0157a98d4a0f86d460912076738f8abb2b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f54415e29eb70befe2473a69a097e33e3f1e90376016243b2af5173f2c87bd23
fd5b911c1009c6ac2de1c897afe02381a0b7aacbca10d70c589239c03f03e0cf
fe1e7584549ffb9a486d75e5e0fd1a6a813eb02f2e8be09859a24218a9fd98f0
feb0add6a3bace505507b4f1c2a591e5466cbb74d3b2f9abd4a8098ea2e084dd

jibundedekirukogao.dt25.net Open in urlscan Pro 210.188.201.43 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

111 Requests

100 %HTTPS

30 %IPv6

21 Domains

28 Subdomains

21 IPs

5 Countries

528 kBTransfer

1159 kBSize

4 Cookies

4 Outgoing links

Redirected requests

111 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

jibundedekirukogao.dt25.net Open in urlscan Pro
210.188.201.43 Public Scan

Screenshot
Live screenshot

Full Image

111
Requests

100 %
HTTPS

30 %
IPv6

21
Domains

28
Subdomains

21
IPs

5
Countries

528 kB
Transfer

1159 kB
Size

4
Cookies

111 HTTP transactions
6 data transactions