zxcs.zip Open in urlscan Pro
2606:4700:3035::6815:5721 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://zxcs.zip/
Effective URL:
https://zxcs.zip/
Submission: On October 27 via manual (October 27th 2023, 9:20:49 am UTC) from CZ — Scanned from DE

Summary HTTP 117 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 27 IPs in 9 countries across 22 domains to perform 117 HTTP transactions. The main IP is 2606:4700:3035::6815:5721, located in United States and belongs to CLOUDFLARENET, US. The main domain is zxcs.zip.
TLS certificate: Issued by GTS CA 1P5 on September 23rd 2023. Valid for: 3 months.

This is the only time zxcs.zip was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	2606:4700:303... 2606:4700:3035::6815:5721	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:46::60 2620:1ec:46::60	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	240e:974:eb00... 240e:974:eb00:20a::128	38283 (CHINANET-...) (CHINANET-SCIDC-AS-AP CHINANET SiChuan Telecom Internet Data Center)
1	182.84.110.35 182.84.110.35	4134 (CHINANET-...) (CHINANET-BACKBONE No.31)
8	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
4 11	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c04::9d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
4	4.227.249.197 4.227.249.197	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
3 32	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
8	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2004	15169 (GOOGLE) (GOOGLE)
1 2	46.228.164.11 46.228.164.11	56396 (AMOBEE) (AMOBEE)
1 6	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
1 1	35.204.158.49 35.204.158.49	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
1 1	2a05:d018:d29... 2a05:d018:d29:3605:290e:3f93:cc5a:81f7	16509 (AMAZON-02) (AMAZON-02)
2 2	37.157.2.230 37.157.2.230	198622 (ADFORM) (ADFORM)
1	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	213.202.235.8 213.202.235.8	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 2	68.219.88.97 68.219.88.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
117	27

4 2606:4700:3035::6815:5721 (United States)

ASN13335 (CLOUDFLARENET, US)

zxcs.zip	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:46::60 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 240e:974:eb00:20a::128 (China)

ASN38283 (CHINANET-SCIDC-AS-AP CHINANET SiChuan Telecom Internet Data Center, CN)

lf9-cdn-tos.bytecdntp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 182.84.110.35 (China)

ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN)

search-operate.cdn.bcebos.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany) 4 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 4.227.249.197 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

u.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn1.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 46.228.164.11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.194 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.158.49 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.158.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3605:290e:3f93:cc5a:81f7 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.2.230 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.202.235.8 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

at.bahn.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.219.88.97 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
48	googlesyndication.com 3 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 97 tpc.googlesyndication.com — Cisco Umbrella Rank: 149	593 KB
19	gstatic.com fonts.gstatic.com www.gstatic.com encrypted-tbn1.gstatic.com	720 KB
18	doubleclick.net 5 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 stats.g.doubleclick.net — Cisco Umbrella Rank: 78 cm.g.doubleclick.net — Cisco Umbrella Rank: 245	178 KB
9	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1181 www.googleadservices.com — Cisco Umbrella Rank: 145	601 B
8	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 827 u.clarity.ms — Cisco Umbrella Rank: 7536 c.clarity.ms — Cisco Umbrella Rank: 1405	28 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 212	305 KB
4	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3040 www.google.com — Cisco Umbrella Rank: 2	1 KB
4	zxcs.zip zxcs.zip	97 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	3 KB
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 599	1 KB
2	turn.com 1 redirects ad.turn.com — Cisco Umbrella Rank: 851 r.turn.com — Cisco Umbrella Rank: 4121	869 B
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 236	763 B
1	bahn.de at.bahn.de — Cisco Umbrella Rank: 121114	1 KB
1	criteo.com dis.criteo.com — Cisco Umbrella Rank: 597	363 B
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 492	714 B
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 5683	553 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 353	149 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 795	718 B
1	google.de www.google.de — Cisco Umbrella Rank: 6862	408 B
1	bcebos.com search-operate.cdn.bcebos.com — Cisco Umbrella Rank: 59596	170 KB
1	bytecdntp.com lf9-cdn-tos.bytecdntp.com — Cisco Umbrella Rank: 260662	88 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	91 KB
117	22

	Domain	Requested by
32	tpc.googlesyndication.com	3 redirects googleads.g.doubleclick.net zxcs.zip pagead2.googlesyndication.com tpc.googlesyndication.com
16	pagead2.googlesyndication.com	zxcs.zip pagead2.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com tpc.googlesyndication.com
11	googleads.g.doubleclick.net	4 redirects pagead2.googlesyndication.com
8	www.googleadservices.com	zxcs.zip
8	fonts.gstatic.com	zxcs.zip fonts.googleapis.com
7	www.gstatic.com	googleads.g.doubleclick.net
6	cm.g.doubleclick.net	1 redirects googleads.g.doubleclick.net
5	www.googletagservices.com	googleads.g.doubleclick.net
4	encrypted-tbn1.gstatic.com	zxcs.zip
4	u.clarity.ms	www.clarity.ms
4	zxcs.zip	zxcs.zip
3	fonts.googleapis.com	googleads.g.doubleclick.net
2	c.clarity.ms	1 redirects
2	c1.adform.net	2 redirects
2	www.google.com	googleads.g.doubleclick.net tpc.googlesyndication.com
2	region1.analytics.google.com	www.googletagmanager.com
2	www.clarity.ms	zxcs.zip www.clarity.ms
1	c.bing.com	1 redirects
1	at.bahn.de	zxcs.zip
1	dis.criteo.com	googleads.g.doubleclick.net
1	pr-bh.ybp.yahoo.com	1 redirects
1	ads.travelaudience.com	1 redirects
1	match.adsrvr.org	googleads.g.doubleclick.net
1	um.simpli.fi	1 redirects
1	r.turn.com	zxcs.zip
1	ad.turn.com	1 redirects
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.google.de	zxcs.zip
1	stats.g.doubleclick.net	www.googletagmanager.com
1	search-operate.cdn.bcebos.com	zxcs.zip
1	lf9-cdn-tos.bytecdntp.com	zxcs.zip
1	www.googletagmanager.com	zxcs.zip
117	32

This site contains links to these domains. Also see Links.

Domain
tieba.baidu.com
zxcs.wiki

Subject Issuer	Validity	Valid
zxcs.zip GTS CA 1P5	`2023-09-23` - `2023-12-22`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-09` - `2024-01-01`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-09` - `2024-01-01`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-08-29` - `2024-08-29`	a year	crt.sh
*.bytecdntp.com RapidSSL TLS RSA CA G1	`2023-06-30` - `2024-06-28`	a year	crt.sh
a.bdydns.com Baidu, Inc. DV CA	`2023-04-17` - `2024-04-27`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-09` - `2024-01-01`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-10-09` - `2024-01-01`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-10-09` - `2024-01-01`	3 months	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 06	`2023-02-13` - `2024-02-08`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-09` - `2024-01-01`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-09` - `2024-01-01`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-09` - `2024-01-01`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-10-09` - `2024-01-01`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2023-12-23`	3 months	crt.sh
at.bahn.de GeoTrust TLS RSA CA G1	`2022-12-14` - `2024-01-07`	a year	crt.sh

This page contains 17 frames:

Primary Page: https://zxcs.zip/
Frame ID: 920ABB42E0A1E10AA00690CC414E798A
Requests: 32 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20190131/zrt_lookup.html
Frame ID: F3D1B082DF6337C6E7BCD18BE0A96428
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9057438522091178&output=html&adk=1812271804&adf=3025194257&lmt=1698391240&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=356x675_l%7C356x675_r&format=0x0&url=https%3A%2F%2Fzxcs.zip%2F&ea=0&pra=5&wgl=1&easpi=1&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698398440014&bpp=5&bdt=390&idt=190&shv=r20231025&mjsv=m202310240101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=644374820674&frm=20&pv=2&ga_vid=1081970136.1698398440&ga_sid=1698398440&ga_hid=1614577809&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079085%2C44795922%2C44805932%2C44806738%2C31078297%2C44803793%2C31079156%2C44806140&oid=2&pvsid=1621301523287289&tmod=1987348811&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=210
Frame ID: 582E7E11512BC4E45343F581D576833D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9057438522091178&output=html&h=280&adk=2168583236&adf=457980074&pi=t.aa~a.3496337176~rp.4&daaos=1698376559984&w=1160&fwrn=4&fwrnh=100&lmt=1698391241&rafmt=1&to=qs&pwprc=8917504642&format=1160x280&url=https%3A%2F%2Fzxcs.zip%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698398441488&bpp=2&bdt=1864&idt=2&shv=r20231025&mjsv=m202310240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db1e7c9a2cd1c6548-2297abe015e30019%3AT%3D1698398440%3ART%3D1698398440%3AS%3DALNI_MYdxtAbQXJw1R7iCwUf69ytlQAivQ&gpic=UID%3D00000caa15c302ca%3AT%3D1698398440%3ART%3D1698398440%3AS%3DALNI_MbVsL2L-ozq8DGcVCgIhm9WnFkBRg&prev_fmts=0x0&nras=2&correlator=644374820674&frm=20&pv=1&ga_vid=1081970136.1698398440&ga_sid=1698398440&ga_hid=1614577809&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=220&ady=3654&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079085%2C44795922%2C44805932%2C44806738%2C31078297%2C44803793%2C31079156%2C44806140&oid=2&pvsid=1621301523287289&tmod=1987348811&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=oLKNovyhoM&p=https%3A//zxcs.zip&dtd=10
Frame ID: 8DE280B1DE13A247C8E670AB444CDCD7
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1
Frame ID: BDE0126A908B9B6C2AE74D3E1D1B6F15
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1
Frame ID: 29B20E0B8CAB6394D1C06885F9E0EB0F
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1
Frame ID: 5C903095C840A4B8A2F461C60070FE58
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1
Frame ID: 03CBF46A95F167D8FD8F0695DA2A988D
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/load_preloaded_resource_fy2021.js
Frame ID: C161A0D67AFC5FD4EDE8A4FA4F9912F0
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/9qemsZs9kbLqAx5V3XgDphQAvLyKuqTQONNcKdPC_g4.js
Frame ID: 4F6555B7C4D01FB739F9F9BEE4BB8471
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/9qemsZs9kbLqAx5V3XgDphQAvLyKuqTQONNcKdPC_g4.js
Frame ID: 52601CDC764409A17B676657839E58C9
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/9qemsZs9kbLqAx5V3XgDphQAvLyKuqTQONNcKdPC_g4.js
Frame ID: 0EF417846B2C8D99F2B1E32DB6F89BFA
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 59C0838198782C2ACB4F3B0E2E1D0D9E
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/9qemsZs9kbLqAx5V3XgDphQAvLyKuqTQONNcKdPC_g4.js
Frame ID: D00AC017806D037E52B9933876D9B60E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/9qemsZs9kbLqAx5V3XgDphQAvLyKuqTQONNcKdPC_g4.js
Frame ID: 9FEA887233420843FC0ED762D5AF414A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 79E3EFE460F193FD4DF272FBB2AE438D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 4ADD4B410C41F4F6B46AF61A5D2A3355
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

知轩藏书-藏尽网络中最好的精校小说

Page URL History Show full URLs

http://zxcs.zip/ HTTP 307
https://zxcs.zip/ Page URL

Detected technologies

Laravel (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

117
Requests

89 %
HTTPS

61 %
IPv6

22
Domains

32
Subdomains

27
IPs

9
Countries

2276 kB
Transfer

5294 kB
Size

27
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://tieba.baidu.com/home/main?id=tb.1.c6de0c90.SQiF5iZ1ueI4ZOa5EWmPfQ?t=1589023331&fr=pb
Title: @Anonymous般若

Search URL Search Domain Scan URL

URL: https://zxcs.wiki/
Title: zxcs.wiki

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://zxcs.zip/ HTTP 307
https://zxcs.zip/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 55

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDr3ZqF_gEQgAgYgAgyCFFyRh2Ouq9r HTTP 301
https://tpc.googlesyndication.com/simgad/624907996767536446

Request Chain 65

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgOC0ltalchDQDxj0AzIIj3tbY2gNjgA HTTP 301
https://tpc.googlesyndication.com/simgad/1346107328707569771

Request Chain 69

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgOC0ltalchDQDxj0AzIIj3tbY2gNjgA HTTP 301
https://tpc.googlesyndication.com/simgad/1346107328707569771

Request Chain 71

https://googleads.g.doubleclick.net/pagead/adview?ai=CIWt06IA7ZYCtD4LEgAfxqI6IB72Npq9v582vrL8OitGj7b4BEAEgnbm_MWCVqpSCoAegAbC6odcDyAEJqQK00IIZf7mxPqgDAcgDywSqBLMBT9DR646DMAY7YZMtEViD3eNWR2m2GG6Yo4U-Qly7rEPieWwUEEZPVCcN7oIybYtQtZZA2CHwb81LiDnYq2ZehYY9qjCkCKvrVjELn9AEXKCDsfSKYS1b-Rq-j2dxVKRNfEI6R3oSMU541FMYBFRNZanIVUecWYK3__hmxx-Rq5er1fYUodQHR8duqPB3b7PJlgQpJSHWoXBiW0MlPk3cGcShvFzQfqEfjVVDvvoVspTCCDvABPmcqargA4gF-MTU6DaSBQQIBBgBkgUECAUYBKAGLoAHxfetPqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6a-G9gHAPIHBBD0qwbSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6mgk8aHR0cHM6Ly93d3cua2F5YWsuZGUvc2VtaS9nZG50ZXh0L2ZsaWdodF9nZW5lcmFsL2FueS9kZS5odG1sgAoByAsBogwMKgoKCOS0sQLutbEC2BMMiBQC0BUBgBcBshccChoIABIUcHViLTkwNTc0Mzg1MjIwOTExNzgYAA&sigh=et1KmG8aFsE&uach_m=[UACH]&ase=2&nis=4&cid=CAQSTADICaaNvypBB6X5Kxz7KxwehB4ldMezLiMLq5onqWmSYcoqrGZlZuNY_aB8-1iYi30OHYiDaBwzbchJ8qTpD1-r7Tk3ULcfoyxMZ8IYAQ&template_id=494&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%22319853610336059022%22,%22debug_reporting%22:true,%22destination%22:%22https://kayak.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22988306736%22],%224%22:[%2210-27%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2216014177759545898321%22}&andc=true

Request Chain 75

https://googleads.g.doubleclick.net/pagead/adview?ai=C_yxM6IA7Zf6sD4LEgAfxqI6IB6CMuNBzs4iK57EQ29keEAEgnbm_MWCVqpSCoAegAaKg7_MDyAEJqQK00IIZf7mxPqgDAcgDywSqBLUBT9AdBHoWrS6Q2VLYMmvF-L1wJAE1EMyXZ8kgd4ukbEj6m1PjwxXWkp4LkyDkL_X3eds_7A1HLlNLNG-7RgmY2s6v3L2pbrAWs5HtfxRioJUakbRh_ic5gCUKNTVHCPOC6WtX09xwMVFdKSfaZaQ43tnG7g4Xnb8hsN8ZRsxCJEIOCz3FekFPDNpc-CmLkyQ3i_ub_H9XPFNPT1l3jMPfdcka24tXoxygCKFTCm3SfEDdomQEIMAEl-2jwpAEiAXElZoTkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB8bfkAyoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAemvhvYBwDyBwQQmfgN0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOpoJTWh0dHBzOi8vd3d3LndhbGJ1c2NoLmRlLz93aWQ9ZGVfYmEmY2FtcGFpZ249ZGVfYmEvMC9zbS9nZG4vd2JrL3diay8yODAxMjAyMi8wgAoByAsBogwMKgoKCOS0sQLutbEC2BMLiBQH0BUBmBYBgBcBshccChoIABIUcHViLTkwNTc0Mzg1MjIwOTExNzgYAA&sigh=NRDuwXgoqtw&uach_m=[UACH]&ase=2&nis=4&cid=CAQSTADICaaNvypBB6X5Kxz7KxwehB4ldMezLiMLq5onqWmSYcoqrGZlZuNY_aB8-1iYi30OHYiDaBwzbchJ8qTpD1-r7Tk3ULcfoyxMZ8IYAQ&template_id=494&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2214325970442175567778%22,%22debug_reporting%22:true,%22destination%22:%22https://walbusch.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221048301602%22],%224%22:[%2210-27%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%229372790325306767345%22}&andc=true

Request Chain 76

https://googleads.g.doubleclick.net/pagead/adview?ai=CkDMc6IA7Zf-sD4LEgAfxqI6IB6CMuNBzs4iK57EQ29keEAEgnbm_MWCVqpSCoAegAaKg7_MDyAEJqQK00IIZf7mxPqgDAcgDywSqBLUBT9DycBBqZ2nHdxyhwAqnE3_R37lbdGsCkm0_dnzXzokeTagjULOkB-29BmLuFSUEB8x1p8ItG3_uVh3PmD2k3zIGxYDnnA4aI3IXOILKI4YB5Q7ujbZKCh7rVvaeLukFw0UW7KchMTUKk6oROoY9f7z3fHTNLZ5vUcWT1-Bzk0Xk8yLoD4hQTDT9mVaJPG5q_GnQS8KlX-t8cYBlMSPzsFYdI79R3MmGjvsdJ1u3Ullqn44hccAEl-2jwpAEiAXElZoTkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB8bfkAyoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAemvhvYBwDyBwQQjPIR0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOpoJTWh0dHBzOi8vd3d3LndhbGJ1c2NoLmRlLz93aWQ9ZGVfYmEmY2FtcGFpZ249ZGVfYmEvMC9zbS9nZG4vd2JrL3diay8yODAxMjAyMi8wgAoByAsBogwMKgoKCOS0sQLutbEC2BMLiBQH0BUBmBYBgBcBshccChoIABIUcHViLTkwNTc0Mzg1MjIwOTExNzgYAA&sigh=afW65zD9p3c&uach_m=[UACH]&ase=2&nis=4&cid=CAQSTADICaaNvypBB6X5Kxz7KxwehB4ldMezLiMLq5onqWmSYcoqrGZlZuNY_aB8-1iYi30OHYiDaBwzbchJ8qTpD1-r7Tk3ULcfoyxMZ8IYAQ&template_id=494&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2213915004494830754726%22,%22debug_reporting%22:true,%22destination%22:%22https://walbusch.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221048301602%22],%224%22:[%2210-27%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%226381546955196852833%22}&andc=true

Request Chain 93

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEIdKi8gxiitgAiStEbZ9Kgw&google_cver=1&google_push=AXcoOmTbUN3-mBJqsy__CtlJrQbbAnko7L8hEVCgtMqgInHCQmatoy1sVbcbRg7QrBXN2m5OTn6pkqGgI20pS26Q3ZAnbAUc7BdwwzE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MjM3NTUxMDAyMzkyNzM2OTAwMA==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEE1ZRwKmrM1jAT7toLgvsHs&google_cver=1

Request Chain 94

https://um.simpli.fi/gp_match?google_gid=CAESEAuODQnyW_ZKNniLtJOzlVQ&google_cver=1&google_push=AXcoOmQgHql_uUqTSAnB2AhPlpl4y6UQAQ2PvwCKCAHlWG-0h2BKuAL7upm_G8DzqP_GHxNSXLoqYi8nPzpNtQYDZSwLJsH6eNj805I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=843DAD13BDA1477C9C53FC774CD0DFAF&google_push=AXcoOmQgHql_uUqTSAnB2AhPlpl4y6UQAQ2PvwCKCAHlWG-0h2BKuAL7upm_G8DzqP_GHxNSXLoqYi8nPzpNtQYDZSwLJsH6eNj805I

Request Chain 96

https://ads.travelaudience.com/google_pixel?google_gid=CAESEIhE9DGRhUfc1Sj8NNQXmls&google_cver=1&google_push=AXcoOmSsS3LhEWY9Qc3Mq2dzLhGOXRJs21Sij4-EyQpwplUniDt86ar4Qsj5KuimyLdveBIswip-PRLfSIzjUfjkmq3bfTiaZ83LFA HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=o9hU9Ui5SjIJhCCW_iyIJA&google_push=AXcoOmSsS3LhEWY9Qc3Mq2dzLhGOXRJs21Sij4-EyQpwplUniDt86ar4Qsj5KuimyLdveBIswip-PRLfSIzjUfjkmq3bfTiaZ83LFA

Request Chain 97

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEEqL-vqcmSoHeKQ-InOjN-8&google_cver=1&google_push=AXcoOmR8-0_r0R_UhvOeD4x62MTYKo5U6DykAo08U5FGS61h4uOhgcWCtFiP9KQUiK0pUnBXTXkvoTFUc0tLCmbM7qehbR9nHFY0iJ0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmR8-0_r0R_UhvOeD4x62MTYKo5U6DykAo08U5FGS61h4uOhgcWCtFiP9KQUiK0pUnBXTXkvoTFUc0tLCmbM7qehbR9nHFY0iJ0&google_hm=eS1CVVE5MmNsRTJwRVhCUVcxWXBIUDhZa01UaWQwRlljMn5B

Request Chain 98

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEFLF0rAKycKAiWnt2tMVYfk&google_cver=1&google_push=AXcoOmQTNd2qjjJMnNjEK5IixMTChBuQGiVjcVznlbRBR8mQoX3fTfQk1Ha98sIxsPD8IjMyCJYyAiruZho6qWrJwqT3ExhycDGrrwI HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEFLF0rAKycKAiWnt2tMVYfk&google_cver=1&google_push=AXcoOmQTNd2qjjJMnNjEK5IixMTChBuQGiVjcVznlbRBR8mQoX3fTfQk1Ha98sIxsPD8IjMyCJYyAiruZho6qWrJwqT3ExhycDGrrwI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mzk1NDkyNjQ0NjcxNjk2NTE1OQ&google_push=AXcoOmQTNd2qjjJMnNjEK5IixMTChBuQGiVjcVznlbRBR8mQoX3fTfQk1Ha98sIxsPD8IjMyCJYyAiruZho6qWrJwqT3ExhycDGrrwI

Request Chain 103

https://googleads.g.doubleclick.net/pagead/adview?ai=CGwHQ6YA7ZYW7H8aB-gaf37SIBMiazKpzysW8zJsSgZK6jPEKEAEgnbm_MWCVgoCAoAegAdPdmpMDyAEJqQK00IIZf7mxPqgDAcgDywSqBLwBT9DKch_IbUFDILeAOVC8vaBo5BvgcPmvJYgmd8NT_Z5hmZLmIV1IG4edXGt8I8KtVm9m47nLqsMj60iA2wOc1X9QpIFGvCxzQPhqHAR6oTKge1tN718Vs4baR3U_QSeyXQwSYYdv-QFpNNaXMoElTZiyrXTqHnmYS0i2M93Wr-MUvAa7pRvWby1RsInsyypaQ38PKFVzP_zRdmOar0ZegEaSgOHR6wYgrRNpn1tC_cxOswo9wJ6z91pnKdHABKH8qeOiBIgFhJTz_EiSBQQIBBgBkgUECAUYBKAGLoAHlaLlbKgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEENbNCNIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqaCZ8CaHR0cHM6Ly93d3cuYmFobi5kZS8_ZGJrYW5hbF8wMDE9TDAxX1MwMV9EMDAxX0tTRTAwMDFfRzEwMDM4XzAxMjFfRlZfU0FMRV9CQ0FSX0JhaG5DYXJkLWFsd2F5cy1vbi1Hb29nbGVfR0ROMV9HRE4tTGViZW5zZXJlaWduaXNzZS1Ba3Rpb24tMTAtMjAyMy1SZXNwb25zaXZlLUFkX0xaMDEmZXh0UHJvdklkPTUmZXh0UHU9MTQwNTgtZ2F3JmV4dExpPTE5NTg5Mjg2NDA0JmV4dENyPTE0Njc3NDA2NDY3My02NzYwNTc2NzY2MTMmZXh0U2k9enhjcy56aXAmZXh0VGc9JmtleXdvcmQ9JmV4dEFQPSZleHRNVD2ACgHICwHYEwKIFAHQFQGYFgGAFwGyFxwKGggAEhRwdWItOTA1NzQzODUyMjA5MTE3OBgA&sigh=zuBDDfUdMI4&uach_m=[UACH]&ase=2&nis=4&cid=CAQSPADICaaNrBuKDVbl0hJ540wqD1dF6m0t_oA1eIZW0PfV-Ja4GH7gmMzW8YzjIkmhmwgDi8fyPCepPCWiBBgB&template_id=5000&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%229549655196370209660%22,%22debug_reporting%22:true,%22destination%22:%22https://bahn.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22845590227%22],%224%22:[%2210-27%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%224912446979559993345%22}&andc=true

Request Chain 112

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=6BEFFCF5EBCC4BF2962C9B71464D1716&RedC=c.clarity.ms&MXFR=2E95CF60A61F639B23C2DCD7A21F6D6E HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=6BEFFCF5EBCC4BF2962C9B71464D1716&MUID=21619D5E81916A3425AE8EE9803D6B4C

117 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
zxcs.zip/
Redirect Chain

http://zxcs.zip/
https://zxcs.zip/

566 KB
35 KB

972ms
847ms

Document
text/html

2606:4700:3035::6815:5721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zxcs.zip/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::6815:5721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da51410f0e5b1eac7c8a6f94a62aee6b6cd41c1342f3b1d3a40bcd00b64e932f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, private
cf-cache-status: DYNAMIC
cf-ray: 81c9dd425b6a382e-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 27 Oct 2023 09:20:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZjgR2hArR%2FMhQf9bprVZstrEuDOgXg6a4SNEf5nFSiVMfEf5Q61Ggp5qe5Y2iOxpHeii%2Bgq8pxGggxg9QbufbNI%2BEgjrWhL05uP%2FSDFyx76r6Ib1ixp0nsF9bRUUf%2BX1%2F7aSdES86A%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://zxcs.zip/
Non-Authoritative-Reason: HSTS

GET
H2 200 styles.5b6dbb217fbccec0bd0f.css
zxcs.zip/static/angular/ 38 KB
5 KB 20ms
19ms Stylesheet
text/css 2606:4700:3035::6815:5721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zxcs.zip/static/angular/styles.5b6dbb217fbccec0bd0f.css

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::6815:5721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59c29f5c0d165fc28fa10a822c89126f860a621c755debaf4482f31bd8f73510

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zxcs.zip/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 09:20:39 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 36041
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 24 May 2023 14:25:44 GMT
server: cloudflare
etag: W/"646e1e68-96b9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6FFSfpF%2FiNvcGIQmvs%2FuG9pNPxDeZ80p6HrmyroGTuZqw6A6PDEYNImStKToJBvOPNqDRXzFvDKz2GmzGB3cRq22EHQua64ycUxyN%2ByNKszGwUsxPx4M9kPL%2B9OND6dRiIas%2BGbfYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 81c9dd47ab1b382e-FRA
expires: Fri, 27 Oct 2023 11:19:58 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 276 KB
91 KB 59ms
33ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-58XH0DYFV5

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9deaf2761de1b420131bd114ca883f9201f1885af0026411a20af5a8d1176c45

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zxcs.zip/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 09:20:39 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 93284
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 27 Oct 2023 09:20:39 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 144 KB
50 KB 85ms
60ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9057438522091178

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b2139433c1fc368d2af422d33d1d4551bd41cea76610ed78426d5f4a41cd10e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zxcs.zip/
Origin: https://zxcs.zip
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 09:20:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51023
x-xss-protection: 0
server: cafe
etag: 14604917968788690657
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 27 Oct 2023 09:20:39 GMT

GET
H2 200 hma2fxuaur Show response
www.clarity.ms/tag/ 650 B
1013 B 147ms
104ms Script
application/x-javascript 2620:1ec:46::60
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/hma2fxuaur?ref=bwt
Requested by: Host: zxcs.zip
URL: https://zxcs.zip/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:46::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 92b65406db3453d981a5ddd1b23fa812dba8e76122f455dae4249225913376dd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zxcs.zip/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

expires: -1
date: Fri, 27 Oct 2023 09:20:40 GMT
x-azure-ref: 20231027T092039Z-mtc7fwte0p5ud6en8r935kp1g400000001kg00000001bxhm
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 650
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H3 200 logo.png
zxcs.zip/images/ 6 KB
7 KB 39ms
38ms Image
image/png 2606:4700:3035::6815:5721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zxcs.zip/images/logo.png

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:5721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

577f4e3946265cf647accc359c42b6b23c6776d1f76f66546ca7a8440abf9f74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zxcs.zip/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 09:20:39 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1363982
alt-svc: h3=":443"; ma=86400
content-length: 6342
last-modified: Thu, 25 May 2023 07:20:05 GMT
server: cloudflare
etag: "646f0c25-18c6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y0S7PeiQlcV2tIbLWlzxlh3JJhEkEVWDyyVDA2NiSDldrhlMX%2FxWC8JrCBbo9Xau%2B9sGINai6QNEKFx66Yqjhihsf%2BqnW7N%2BDZ3H%2FJye1DIUYpKUMEfwUd5zG9BTBWIuQtzRT%2FWnsw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 81c9dd495f773678-FRA
expires: Fri, 10 Nov 2023 14:27:37 GMT

GET
H2 200 jquery.min.js Show response
lf9-cdn-tos.bytecdntp.com/cdn/expire-1-M/jquery/3.6.0/ 87 KB
88 KB 4011ms
370ms Script
application/javascript 240e:974:eb00:20a::128
CHINANET-SCIDC-AS...

General

Check archive.org

Show headers Download Go to

Full URL: https://lf9-cdn-tos.bytecdntp.com/cdn/expire-1-M/jquery/3.6.0/jquery.min.js
Requested by: Host: zxcs.zip
URL: https://zxcs.zip/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 240e:974:eb00:20a::128 , China, ASN38283 (CHINANET-SCIDC-AS-AP CHINANET SiChuan Telecom Internet Data Center, CN),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zxcs.zip/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

x-ser: BC150_dx-lt-yd-jiangsu-huaian-8-cache-6, BC175_dx-lt-yd-anhui-huainan-6-cache-3, BC86_dx-sichuan-chengdu-30-cache-2
date: Fri, 27 Oct 2023 09:20:43 GMT
x-tt-trace-tag: id=09;cdn-cache=hit;type=static
x-cache: HIT from BC86_dx-sichuan-chengdu-30-cache-2(baishan)
server-timing: cdn-cache;desc=HIT,edge;dur=3
content-length: 89501
last-modified: Sun, 24 Apr 2022 19:10:58 GMT
server: nginx
x-tt-logid: 20230802050055D9F85152EE288677C075
etag: "6265a0c2-15d9d"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
x-response-cinfo: 2a01:4a0:5a::8
accept-ranges: bytes
timing-allow-origin: *
x-response-cache: edge_hit
expires: Fri, 27 Oct 2023 22:40:49 GMT

GET
H3 200 mio-logo-sprite.7a0afcb5bbfe71a9a330.png
zxcs.zip/static/angular/ 49 KB
49 KB 23ms
22ms Image
image/png 2606:4700:3035::6815:5721
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zxcs.zip/static/angular/mio-logo-sprite.7a0afcb5bbfe71a9a330.png

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:5721 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c9a7a0f6ff4ac0c0ae7e7df4468c049558f6d24c43d2cc07880af52358de2d45

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zxcs.zip/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 09:20:39 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1115009
alt-svc: h3=":443"; ma=86400
content-length: 50117
last-modified: Wed, 24 May 2023 14:25:44 GMT
server: cloudflare
etag: "646e1e68-c3c5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FmIML5808IAa86dRlmp0nAn4x4tsHNerO7Ox7u%2FV9n1cfuE4imb0aKeb%2BlHz%2FlIqPHPVuXLn%2Ba5%2Fk6olqR7rWT0z%2BlNAIW9gr7Qw8K7gD6aYy%2F3%2BbCSyryh6wVkXhaFTkV1rB%2FK%2FdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 81c9dd495f893678-FRA
expires: Mon, 13 Nov 2023 11:37:10 GMT

GET
H2 200 32247fbef75a5085cc444c5a9e2c75ff.png
search-operate.cdn.bcebos.com/ 169 KB
170 KB 4194ms
241ms Image
image/png 182.84.110.35
CHINANET-BACKBONE...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://search-operate.cdn.bcebos.com/32247fbef75a5085cc444c5a9e2c75ff.png
Requested by: Host: zxcs.zip
URL: https://zxcs.zip/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 182.84.110.35 , China, ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN),
Reverse DNS
Software: JSP3/2.0.14 /
Resource Hash: c6bbc7c755dc0cae3e5678b2e774b4c3aad4b71afe635d79b24ca1a2fcadc878

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zxcs.zip/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

ohc-file-size: 173071
date: Fri, 27 Oct 2023 09:20:43 GMT
content-md5: MiR/vvdaUIXMRExanix1/w==
age: 95205
x-cache-status: HIT
x-bce-storage-class: STANDARD
content-length: 173071
ohc-cache-hit: srct69 [2], xiangyix69 [2]
last-modified: Mon, 19 Jun 2023 07:42:30 GMT
server: JSP3/2.0.14
etag: "32247fbef75a5085cc444c5a9e2c75ff"
x-bce-request-id: 739887bd-1d5c-4aca-9922-14f160b367c7
content-type: image/png
access-control-allow-origin: *
x-bce-debug-id: WI/c8C+Te6dWd8DkMaKeyWFg9m8YeQqoii5kZIfE0MuGf0AjaBcy0MiL6d41FXyI2y9NH7+7PpL1+DVTXQUdXw==
accept-ranges: bytes
ohc-global-saved-time: Wed, 25 Oct 2023 13:57:06 GMT
x-bce-content-crc32: 1354181468
expires: Sat, 28 Oct 2023 13:57:06 GMT

GET
H2 200 L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vqPQA.woff
fonts.gstatic.com/s/robotomono/v22/ 46 KB
46 KB 56ms
26ms Font
font/woff 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotomono/v22/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vqPQA.woff

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66268f925b139bd3074492eff60e272912655e1fd7fb7c945d45df98df5c9b6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zxcs.zip/
Origin: https://zxcs.zip
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 03:24:03 GMT
x-content-type-options: nosniff
age: 21396
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47300
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 18:53:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 26 Oct 2024 03:24:03 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v30/ 11 KB
11 KB 37ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zxcs.zip/
Origin: https://zxcs.zip
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 19:15:47 GMT
x-content-type-options: nosniff
age: 137092
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11028
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 24 Oct 2024 19:15:47 GMT

GET
H2 200 flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.woff2
fonts.gstatic.com/s/materialicons/v140/ 126 KB
126 KB 39ms
9ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.woff2

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a4dbc62fa335e411b94a532be091c58c0c0c4fa731339f11722577d3cf6443b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zxcs.zip/
Origin: https://zxcs.zip
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 21:36:18 GMT
x-content-type-options: nosniff
age: 474261
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 128616
x-xss-protection: 0
last-modified: Tue, 07 Mar 2023 19:52:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 20 Oct 2024 21:36:18 GMT

GET
H2 200 4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrw2IKlh.woff
fonts.gstatic.com/s/googlesans/v46/ 184 KB
184 KB 63ms
34ms Font
font/woff 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v46/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrw2IKlh.woff

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f80ece93c4b29644d039399a38cd7811fff89db54f158257699446c4d4912566

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zxcs.zip/
Origin: https://zxcs.zip
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 06:35:00 GMT
x-content-type-options: nosniff
age: 269139
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 187964
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 17:04:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 23 Oct 2024 06:35:00 GMT

GET
H2 200 5aUu9-KzpRiLCAt4Unrc-xIKmCU5mE4.woff
fonts.gstatic.com/s/googlesanstext/v21/ 58 KB
58 KB 77ms
48ms Font
font/woff 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesanstext/v21/5aUu9-KzpRiLCAt4Unrc-xIKmCU5mE4.woff

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fb411d36931280c47980d36123edeab46f9bb6975eaa1f601da32d136f22404

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zxcs.zip/
Origin: https://zxcs.zip
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 08:17:23 GMT
x-content-type-options: nosniff
age: 522196
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 59316
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:21:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 20 Oct 2024 08:17:23 GMT

GET
H2 200 KFOmCnqEu92Fr1Me5g.woff
fonts.gstatic.com/s/roboto/v30/ 64 KB
64 KB 50ms
33ms Font
font/woff 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Me5g.woff

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41533d5c6eab361631aa3cf8bf7b8a2e6babfcc42a1aa950b2b0cd80c109b8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zxcs.zip/
Origin: https://zxcs.zip
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 19:49:57 GMT
x-content-type-options: nosniff
age: 135042
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65456
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:25:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 24 Oct 2024 19:49:57 GMT

GET
H2 200 KFOkCnqEu92Fr1Mu51xIIzIXKMny.woff2
fonts.gstatic.com/s/roboto/v30/ 12 KB
13 KB 39ms
25ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzIXKMny.woff2

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1af0ee2e409d753adfedb8a11628be961881ad5139d1a9252fcc4984cbce5f2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zxcs.zip/
Origin: https://zxcs.zip
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 02:03:26 GMT
x-content-type-options: nosniff
age: 544633
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12684
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 20 Oct 2024 02:03:26 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310240101/ 395 KB
134 KB 89ms
68ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310240101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9057438522091178&plah=zxcs.zip

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9057438522091178

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

717000c458219e645440e0cbb36fdcde0b4c8179cd1ed2f966d6323770730f57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zxcs.zip/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 09:20:40 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137226
x-xss-protection: 0
server: cafe
etag: 12358335785680688075
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 27 Oct 2023 09:20:40 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231025/r20190131/ Frame F3D1 10 KB
5 KB 33ms
10ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231025/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9057438522091178

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ad1270333ea16969313802add43789e0558cd75e2bf91e768bcf3937f091a001

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zxcs.zip/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 49828
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4480
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 26 Oct 2023 19:30:12 GMT
etag: 4569948109300706969
expires: Thu, 09 Nov 2023 19:30:12 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
region1.analytics.google.com/g/ 0
249 B 68ms
11ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-58XH0DYFV5&gtm=45je3ap0v9119398281&_p=1614577809&_gaz=1&gcd=11l1l1l1l1&cid=1081970136.1698398440&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1698398440&sct=1&seg=0&dl=https%3A%2F%2Fzxcs.zip%2F&dt=%E7%9F%A5%E8%BD%A9%E8%97%8F%E4%B9%A6-%E8%97%8F%E5%B0%BD%E7%BD%91%E7%BB%9C%E4%B8%AD%E6%9C%80%E5%A5%BD%E7%9A%84%E7%B2%BE%E6%A0%A1%E5%B0%8F%E8%AF%B4&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-58XH0DYFV5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zxcs.zip/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Oct 2023 09:20:40 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://zxcs.zip
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
249 B 82ms
21ms Ping
text/plain 2a00:1450:400c:c04::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-58XH0DYFV5&cid=1081970136.1698398440&gtm=45je3ap0v9119398281&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-58XH0DYFV5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c04::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zxcs.zip/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Oct 2023 09:20:40 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://zxcs.zip
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 59ms
33ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-58XH0DYFV5&cid=1081970136.1698398440&gtm=45je3ap0v9119398281&aip=1&z=379383149

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zxcs.zip/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Oct 2023 09:20:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.13/ 59 KB
25 KB 45ms
43ms Script
application/javascript 2620:1ec:46::60
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.13/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/hma2fxuaur?ref=bwt
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:46::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 74e69ccf2f5cb32c175e328707c515fc9116ddd5cb3c92882d9bd53d3a742d63

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zxcs.zip/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 09:20:40 GMT
content-encoding: br
last-modified: Tue, 17 Oct 2023 11:58:02 GMT
etag: W/"0x8DBCF0850CC9F3D"
vary: Accept-Encoding
x-azure-ref: 20231027T092040Z-mtc7fwte0p5ud6en8r935kp1g400000001kg00000001bxma
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 6acae9a4-801e-0077-7193-07fb4f000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 383 B
601 B 84ms
18ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=zxcs.zip&callback=_gfp_s_&client=ca-pub-9057438522091178

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310240101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9057438522091178&plah=zxcs.zip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fed7167a7db0ff3b8ffd2f761dcc24e1d42a994f4e523a9350905bac6abe6b96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zxcs.zip/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 09:20:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 250
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 582E 667 KB
111 KB 1191ms
1190ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9057438522091178&output=html&adk=1812271804&adf=3025194257&lmt=1698391240&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=356x675_l%7C356x675_r&format=0x0&url=https%3A%2F%2Fzxcs.zip%2F&ea=0&pra=5&wgl=1&easpi=1&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698398440014&bpp=5&bdt=390&idt=190&shv=r20231025&mjsv=m202310240101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=644374820674&frm=20&pv=2&ga_vid=1081970136.1698398440&ga_sid=1698398440&ga_hid=1614577809&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079085%2C44795922%2C44805932%2C44806738%2C31078297%2C44803793%2C31079156%2C44806140&oid=2&pvsid=1621301523287289&tmod=1987348811&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=210

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

64e5b1ae3c535a408129ed8fc7a726fe9b99aa555d8384c9f7061cd381578fa6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zxcs.zip/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 112981
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 27 Oct 2023 09:20:41 GMT
expires: Fri, 27 Oct 2023 09:20:41 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H/1.1 204
No Content collect Show response
u.clarity.ms/ 0
288 B 478ms
285ms XHR
text/plain 4.227.249.197
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://u.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.13/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 4.227.249.197 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://zxcs.zip/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://zxcs.zip
Date: Fri, 27 Oct 2023 09:20:40 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310240101/ 159 KB
54 KB 101ms
101ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310240101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

afa8185a5df90cecb7cf8d7f1d271f4c39bf66c89d309bb10821ce605b104267

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zxcs.zip/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 09:20:41 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55377
x-xss-protection: 0
server: cafe
etag: 15543330316501856959
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 27 Oct 2023 09:20:41 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8DE2 135 KB
43 KB 503ms
502ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9057438522091178&output=html&h=280&adk=2168583236&adf=457980074&pi=t.aa~a.3496337176~rp.4&daaos=1698376559984&w=1160&fwrn=4&fwrnh=100&lmt=1698391241&rafmt=1&to=qs&pwprc=8917504642&format=1160x280&url=https%3A%2F%2Fzxcs.zip%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698398441488&bpp=2&bdt=1864&idt=2&shv=r20231025&mjsv=m202310240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db1e7c9a2cd1c6548-2297abe015e30019%3AT%3D1698398440%3ART%3D1698398440%3AS%3DALNI_MYdxtAbQXJw1R7iCwUf69ytlQAivQ&gpic=UID%3D00000caa15c302ca%3AT%3D1698398440%3ART%3D1698398440%3AS%3DALNI_MbVsL2L-ozq8DGcVCgIhm9WnFkBRg&prev_fmts=0x0&nras=2&correlator=644374820674&frm=20&pv=1&ga_vid=1081970136.1698398440&ga_sid=1698398440&ga_hid=1614577809&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=220&ady=3654&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079085%2C44795922%2C44805932%2C44806738%2C31078297%2C44803793%2C31079156%2C44806140&oid=2&pvsid=1621301523287289&tmod=1987348811&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=oLKNovyhoM&p=https%3A//zxcs.zip&dtd=10

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0f1321baf7fab66a2c6cd9bc66f4a5e7263a4824f619eb1d552f287e99443929

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zxcs.zip/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 44483
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 27 Oct 2023 09:20:41 GMT
expires: Fri, 27 Oct 2023 09:20:41 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/ Frame BDE0 10 KB
4 KB 8ms
7ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ad1270333ea16969313802add43789e0558cd75e2bf91e768bcf3937f091a001

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zxcs.zip/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 49826
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4480
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 26 Oct 2023 19:30:15 GMT
etag: 4569948109300706969
expires: Thu, 09 Nov 2023 19:30:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/ Frame 29B2 10 KB
4 KB 7ms
7ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ad1270333ea16969313802add43789e0558cd75e2bf91e768bcf3937f091a001

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zxcs.zip/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 49826
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4480
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 26 Oct 2023 19:30:15 GMT
etag: 4569948109300706969
expires: Thu, 09 Nov 2023 19:30:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/ Frame 5C90 10 KB
4 KB 9ms
7ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ad1270333ea16969313802add43789e0558cd75e2bf91e768bcf3937f091a001

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zxcs.zip/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 49826
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4480
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 26 Oct 2023 19:30:15 GMT
etag: 4569948109300706969
expires: Thu, 09 Nov 2023 19:30:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/ Frame 03CB 10 KB
4 KB 8ms
8ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ad1270333ea16969313802add43789e0558cd75e2bf91e768bcf3937f091a001

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zxcs.zip/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 49826
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4480
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 26 Oct 2023 19:30:15 GMT
etag: 4569948109300706969
expires: Thu, 09 Nov 2023 19:30:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame BDE0 4 KB
1 KB 66ms
18ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 27 Oct 2023 09:20:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 27 Oct 2023 09:01:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 27 Oct 2023 09:20:41 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame BDE0 205 B
650 B 55ms
7ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 02:28:25 GMT
x-content-type-options: nosniff
age: 24736
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 26 Oct 2024 02:28:25 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame BDE0 604 B
695 B 55ms
8ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 11:17:16 GMT
x-content-type-options: nosniff
age: 79405
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 25 Oct 2024 11:17:16 GMT

GET
H2 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231025/r20110914/elements/html/ Frame BDE0 15 KB
7 KB 51ms
5ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231025/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

25bb559beb57a681fbcd6b749ea0c17ecf3939efc5127ac756520f819f0c8f9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 16:58:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 58938
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6638
x-xss-protection: 0
server: cafe
etag: 5714928435844906340
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Nov 2023 16:58:23 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231025/r20110914/elements/html/ Frame BDE0 20 KB
9 KB 50ms
4ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231025/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3f5676a86af87439536dd10d678b3d458eee7d107a4a9bb0bac62752cc738fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 16:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 60316
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8598
x-xss-protection: 0
server: cafe
etag: 10300645532664441910
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Nov 2023 16:35:25 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/ Frame 29B2 2 KB
879 B 41ms
12ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d66ca23a7be1d8803307f937a250d0f90959f1289862b8e870d6795000f2b731

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 16:14:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61563
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 798
x-xss-protection: 0
server: cafe
etag: 15713038447858168282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Nov 2023 16:14:38 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231025/r20110914/ Frame 29B2 23 KB
9 KB 38ms
11ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231025/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

45edbc85483b4cde24376ffc1a6b93969f8e51cd2e73547f84824c8f54fb79f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 16:14:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61563
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9137
x-xss-protection: 0
server: cafe
etag: 5200559654007170660
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Nov 2023 16:14:38 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/ Frame 29B2 3 KB
1 KB 36ms
10ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 16:14:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61563
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Nov 2023 16:14:38 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/ Frame 29B2 20 KB
8 KB 32ms
7ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a198f092051a356c1e62c1296f628da5732045abafbd974eb7fff157e14ff042

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 16:14:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61563
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8426
x-xss-protection: 0
server: cafe
etag: 17696348727749479825
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Nov 2023 16:14:38 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 29B2 195 KB
62 KB 75ms
22ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b101340991fbebde5f9270261516148091e118c9d5e61dc617c27718b74dee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 09:20:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62779
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698233972131352"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 Oct 2023 09:20:41 GMT

GET
H2 200 ac1dbca482530a26bafc7a8c1241173a.js Show response
www.gstatic.com/mysidia/ Frame 29B2 36 KB
15 KB 36ms
13ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ac1dbca482530a26bafc7a8c1241173a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cddb42bd69440699ae8fe758dac4d5f52911fa67b2a7a637d5d1bcfa2d88b0d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 17:04:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231388
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15099
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 16:29:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 22 Jan 2024 17:04:13 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/ Frame 5C90 2 KB
859 B 24ms
12ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d66ca23a7be1d8803307f937a250d0f90959f1289862b8e870d6795000f2b731

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 16:14:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61563
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 798
x-xss-protection: 0
server: cafe
etag: 15713038447858168282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Nov 2023 16:14:38 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231025/r20110914/ Frame 5C90 23 KB
9 KB 20ms
12ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231025/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

45edbc85483b4cde24376ffc1a6b93969f8e51cd2e73547f84824c8f54fb79f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 16:14:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61563
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9137
x-xss-protection: 0
server: cafe
etag: 5200559654007170660
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Nov 2023 16:14:38 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/ Frame 5C90 3 KB
1 KB 20ms
13ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 16:14:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61563
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Nov 2023 16:14:38 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/ Frame 5C90 20 KB
8 KB 17ms
11ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a198f092051a356c1e62c1296f628da5732045abafbd974eb7fff157e14ff042

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 16:14:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61563
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8426
x-xss-protection: 0
server: cafe
etag: 17696348727749479825
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Nov 2023 16:14:38 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5C90 195 KB
61 KB 69ms
35ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b101340991fbebde5f9270261516148091e118c9d5e61dc617c27718b74dee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 09:20:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62779
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698233972131352"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 Oct 2023 09:20:41 GMT

GET
H2 200 ac1dbca482530a26bafc7a8c1241173a.js Show response
www.gstatic.com/mysidia/ Frame 5C90 36 KB
15 KB 14ms
8ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ac1dbca482530a26bafc7a8c1241173a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cddb42bd69440699ae8fe758dac4d5f52911fa67b2a7a637d5d1bcfa2d88b0d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 17:04:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231388
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15099
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 16:29:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 22 Jan 2024 17:04:13 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 03CB 4 KB
728 B 24ms
19ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 27 Oct 2023 09:20:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 27 Oct 2023 07:53:01 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 27 Oct 2023 09:20:41 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/ Frame 03CB 2 KB
859 B 13ms
12ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d66ca23a7be1d8803307f937a250d0f90959f1289862b8e870d6795000f2b731

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 16:14:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61563
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 798
x-xss-protection: 0
server: cafe
etag: 15713038447858168282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Nov 2023 16:14:38 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231025/r20110914/ Frame 03CB 23 KB
9 KB 12ms
0ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231025/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

45edbc85483b4cde24376ffc1a6b93969f8e51cd2e73547f84824c8f54fb79f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 16:14:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61563
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9137
x-xss-protection: 0
server: cafe
etag: 5200559654007170660
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Nov 2023 16:14:38 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/ Frame 03CB 3 KB
1 KB 22ms
10ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 16:14:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61563
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Nov 2023 16:14:38 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/ Frame 03CB 20 KB
8 KB 20ms
8ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a198f092051a356c1e62c1296f628da5732045abafbd974eb7fff157e14ff042

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 16:14:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61563
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8426
x-xss-protection: 0
server: cafe
etag: 17696348727749479825
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Nov 2023 16:14:38 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 03CB 195 KB
61 KB 55ms
32ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b101340991fbebde5f9270261516148091e118c9d5e61dc617c27718b74dee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 09:20:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62779
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698233972131352"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 Oct 2023 09:20:41 GMT

GET
H2 200 ac1dbca482530a26bafc7a8c1241173a.js Show response
www.gstatic.com/mysidia/ Frame 03CB 36 KB
15 KB 16ms
7ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ac1dbca482530a26bafc7a8c1241173a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cddb42bd69440699ae8fe758dac4d5f52911fa67b2a7a637d5d1bcfa2d88b0d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 17:04:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231388
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15099
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 16:29:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 22 Jan 2024 17:04:13 GMT

GET
DATA 200
OK truncated
/ Frame 03CB 287 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 605b14697226eeb0be6b2c11db8206b70f4c8681c3f921e4ceca4793ce1a95ce

Request headers

Referer
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3

200

624907996767536446
tpc.googlesyndication.com/simgad/ Frame 03CB
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDr3ZqF_gEQgAgYgAgyCFFyRh2Ouq9r
https://tpc.googlesyndication.com/simgad/624907996767536446

8 KB
8 KB

8ms
7ms

Image
image/png

2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/624907996767536446

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

484ec1c347c17d7d3b98d5058aa5d90bb5c7315f3a67f44611e902de4be50831

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 07:46:12 GMT
x-content-type-options: nosniff
age: 524069
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8502
x-xss-protection: 0
last-modified: Tue, 09 Apr 2019 09:00:52 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 20 Oct 2024 07:46:12 GMT

Redirect headers

date: Fri, 27 Oct 2023 01:09:28 GMT
x-content-type-options: nosniff
server: cafe
age: 29473
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/624907996767536446
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 26 Nov 2023 01:09:28 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/ Frame C161 2 KB
825 B 7ms
7ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d66ca23a7be1d8803307f937a250d0f90959f1289862b8e870d6795000f2b731

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 16:14:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61563
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 798
x-xss-protection: 0
server: cafe
etag: 15713038447858168282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Nov 2023 16:14:38 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231025/r20110914/ Frame C161 23 KB
9 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231025/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

45edbc85483b4cde24376ffc1a6b93969f8e51cd2e73547f84824c8f54fb79f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 16:14:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61563
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9137
x-xss-protection: 0
server: cafe
etag: 5200559654007170660
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Nov 2023 16:14:38 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/ Frame C161 3 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 16:14:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61563
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Nov 2023 16:14:38 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/ Frame C161 20 KB
8 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a198f092051a356c1e62c1296f628da5732045abafbd974eb7fff157e14ff042

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 16:14:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61563
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8426
x-xss-protection: 0
server: cafe
etag: 17696348727749479825
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Nov 2023 16:14:38 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame C161 195 KB
61 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b101340991fbebde5f9270261516148091e118c9d5e61dc617c27718b74dee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 09:20:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62779
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698233972131352"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 Oct 2023 09:20:41 GMT

GET
H3 200 ac1dbca482530a26bafc7a8c1241173a.js Show response
www.gstatic.com/mysidia/ Frame C161 36 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ac1dbca482530a26bafc7a8c1241173a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cddb42bd69440699ae8fe758dac4d5f52911fa67b2a7a637d5d1bcfa2d88b0d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 17:04:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231388
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15099
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 16:29:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 22 Jan 2024 17:04:13 GMT

GET
DATA 200
OK truncated
/ Frame 03CB 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0fe8f716b1e16cc459da6d808d71130aed3859ec42cd4513637925c551a9520f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 29B2 24 KB
24 KB 73ms
22ms Image
image/jpeg 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcRudA9BFgWco9TfKlQECawwkWfLKx_trJeD_m2pzvOiyX5oLsYA7RIAuQstbg&usqp=CAI

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ac3ecbe77b97d16e49c4c9cfa63409c359db51cfbf3e456ace0b4ebba8bada7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 16:34:15 GMT
x-content-type-options: nosniff
age: 60386
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Fri, 08 Sep 2023 03:26:26 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Fri, 25 Oct 2024 16:34:15 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 29B2 30 KB
31 KB 59ms
9ms Image
image/jpeg 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcSj9VzH8qqMnurJhei7ARJO8Nxb4Zq13b0VC_TZxF5tduaG69qE7X8UuRHh2g&usqp=CAI

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cb53de448fee2f83bd80fce0f7246607e3b9d1b1998bd8586e83ba46233ab88c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 15:58:58 GMT
x-content-type-options: nosniff
age: 321703
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30863
x-xss-protection: 0
last-modified: Fri, 17 Nov 2023 03:13:56 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Tue, 22 Oct 2024 15:58:58 GMT

GET
H3

200

1346107328707569771
tpc.googlesyndication.com/simgad/ Frame 29B2
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgOC0ltalchDQDxj0AzIIj3tbY2gNjgA
https://tpc.googlesyndication.com/simgad/1346107328707569771

37 KB
37 KB

13ms
12ms

Image
image/png

2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1346107328707569771

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ae1ec1f50cc124c44c86edc7db295207440b50c5bed347f717b5661ab8d7580

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 20 Oct 2023 20:34:41 GMT
x-content-type-options: nosniff
age: 564360
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38328
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 08:23:55 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 19 Oct 2024 20:34:41 GMT

Redirect headers

date: Thu, 26 Oct 2023 22:07:46 GMT
x-content-type-options: nosniff
server: cafe
age: 40375
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/1346107328707569771
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 25 Nov 2023 22:07:46 GMT

GET
DATA 200
OK truncated
/ Frame 29B2 207 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 74d758d77387c832900c1039434f33f3fbe1b127e5246489627d6124a2dd2116

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 5C90 24 KB
24 KB 59ms
20ms Image
image/jpeg 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcRudA9BFgWco9TfKlQECawwkWfLKx_trJeD_m2pzvOiyX5oLsYA7RIAuQstbg&usqp=CAI

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ac3ecbe77b97d16e49c4c9cfa63409c359db51cfbf3e456ace0b4ebba8bada7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 16:34:15 GMT
x-content-type-options: nosniff
age: 60386
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Fri, 08 Sep 2023 03:26:26 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Fri, 25 Oct 2024 16:34:15 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 5C90 30 KB
30 KB 56ms
18ms Image
image/jpeg 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcSj9VzH8qqMnurJhei7ARJO8Nxb4Zq13b0VC_TZxF5tduaG69qE7X8UuRHh2g&usqp=CAI

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cb53de448fee2f83bd80fce0f7246607e3b9d1b1998bd8586e83ba46233ab88c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 15:58:58 GMT
x-content-type-options: nosniff
age: 321703
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30863
x-xss-protection: 0
last-modified: Fri, 17 Nov 2023 03:13:56 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Tue, 22 Oct 2024 15:58:58 GMT

GET
H3

200

1346107328707569771
tpc.googlesyndication.com/simgad/ Frame 5C90
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgOC0ltalchDQDxj0AzIIj3tbY2gNjgA
https://tpc.googlesyndication.com/simgad/1346107328707569771

37 KB
37 KB

11ms
9ms

Image
image/png

2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1346107328707569771

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ae1ec1f50cc124c44c86edc7db295207440b50c5bed347f717b5661ab8d7580

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 20 Oct 2023 20:34:41 GMT
x-content-type-options: nosniff
age: 564360
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38328
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 08:23:55 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 19 Oct 2024 20:34:41 GMT

Redirect headers

date: Thu, 26 Oct 2023 22:07:46 GMT
x-content-type-options: nosniff
server: cafe
age: 40375
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/1346107328707569771
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 25 Nov 2023 22:07:46 GMT

GET
DATA 200
OK truncated
/ Frame 5C90 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b7bdadc88a9289c7c4a5732086655b1bc78468c337bac9d1fa57116f6cc0ebe

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 03CB
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CIWt06IA7ZYCtD4LEgAfxqI6IB72Npq9v582vrL8OitGj7b4BEAEgnbm_MWCVqpSCoAegAbC6odcDyAEJqQK00IIZf7mxPqgDAcgDywSqBLMBT9DR646DMAY7YZMtEViD3eNWR2m2GG6Yo4U...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%22319853610336059022%22,%22debug_reporting%22:true,%22destination%22:%22https://kayak.de%22,%22event_report_window%22:%22259...

0
0

59ms
40ms

Fetch
text/css

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%22319853610336059022%22,%22debug_reporting%22:true,%22destination%22:%22https://kayak.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22988306736%22],%224%22:[%2210-27%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2216014177759545898321%22}&andc=true

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 09:20:42 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"319853610336059022","debug_reporting":true,"destination":"https://kayak.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["988306736"],"4":["10-27"],"6":["true"]},"priority":"500","source_event_id":"16014177759545898321"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 27 Oct 2023 09:20:42 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 27 Oct 2023 09:20:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"319853610336059022","debug_reporting":true,"destination":"https://kayak.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["988306736"],"4":["10-27"],"6":["true"]},"priority":"500","source_event_id":"16014177759545898321"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 9qemsZs9kbLqAx5V3XgDphQAvLyKuqTQONNcKdPC_g4.js Show response
pagead2.googlesyndication.com/bg/ Frame 4F65 38 KB
15 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/9qemsZs9kbLqAx5V3XgDphQAvLyKuqTQONNcKdPC_g4.js

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6a7a6b19b3d91b2ea031e55dd7803a61400bcbc8abaa4d038d35c29d3c2fe0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 16:28:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 147141
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15015
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 24 Oct 2024 16:28:20 GMT

GET
H3 200 9qemsZs9kbLqAx5V3XgDphQAvLyKuqTQONNcKdPC_g4.js Show response
pagead2.googlesyndication.com/bg/ Frame 5260 38 KB
15 KB 12ms
10ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/9qemsZs9kbLqAx5V3XgDphQAvLyKuqTQONNcKdPC_g4.js

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6a7a6b19b3d91b2ea031e55dd7803a61400bcbc8abaa4d038d35c29d3c2fe0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 16:28:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 147141
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15015
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 24 Oct 2024 16:28:20 GMT

GET
H3 200 9qemsZs9kbLqAx5V3XgDphQAvLyKuqTQONNcKdPC_g4.js Show response
pagead2.googlesyndication.com/bg/ Frame 0EF4 38 KB
15 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/9qemsZs9kbLqAx5V3XgDphQAvLyKuqTQONNcKdPC_g4.js

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6a7a6b19b3d91b2ea031e55dd7803a61400bcbc8abaa4d038d35c29d3c2fe0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 16:28:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 147141
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15015
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 24 Oct 2024 16:28:20 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 29B2
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=C_yxM6IA7Zf6sD4LEgAfxqI6IB6CMuNBzs4iK57EQ29keEAEgnbm_MWCVqpSCoAegAaKg7_MDyAEJqQK00IIZf7mxPqgDAcgDywSqBLUBT9AdBHoWrS6Q2VLYMmvF-L1wJAE1EMyXZ8kgd4u...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2214325970442175567778%22,%22debug_reporting%22:true,%22destination%22:%22https://walbusch.de%22,%22event_report_window%22:%...

0
0

44ms
43ms

Fetch
text/css

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2214325970442175567778%22,%22debug_reporting%22:true,%22destination%22:%22https://walbusch.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221048301602%22],%224%22:[%2210-27%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%229372790325306767345%22}&andc=true

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 09:20:42 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"14325970442175567778","debug_reporting":true,"destination":"https://walbusch.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1048301602"],"4":["10-27"],"6":["true"]},"priority":"500","source_event_id":"9372790325306767345"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 27 Oct 2023 09:20:42 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 27 Oct 2023 09:20:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"14325970442175567778","debug_reporting":true,"destination":"https://walbusch.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1048301602"],"4":["10-27"],"6":["true"]},"priority":"500","source_event_id":"9372790325306767345"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 5C90
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CkDMc6IA7Zf-sD4LEgAfxqI6IB6CMuNBzs4iK57EQ29keEAEgnbm_MWCVqpSCoAegAaKg7_MDyAEJqQK00IIZf7mxPqgDAcgDywSqBLUBT9DycBBqZ2nHdxyhwAqnE3_R37lbdGsCkm0_dnz...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2213915004494830754726%22,%22debug_reporting%22:true,%22destination%22:%22https://walbusch.de%22,%22event_report_window%22:%...

0
0

43ms
42ms

Fetch
text/css

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2213915004494830754726%22,%22debug_reporting%22:true,%22destination%22:%22https://walbusch.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221048301602%22],%224%22:[%2210-27%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%226381546955196852833%22}&andc=true

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 09:20:42 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"13915004494830754726","debug_reporting":true,"destination":"https://walbusch.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1048301602"],"4":["10-27"],"6":["true"]},"priority":"500","source_event_id":"6381546955196852833"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 27 Oct 2023 09:20:42 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 27 Oct 2023 09:20:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"13915004494830754726","debug_reporting":true,"destination":"https://walbusch.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1048301602"],"4":["10-27"],"6":["true"]},"priority":"500","source_event_id":"6381546955196852833"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame 8DE2 14 KB
1 KB 24ms
16ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9057438522091178&output=html&h=280&adk=2168583236&adf=457980074&pi=t.aa~a.3496337176~rp.4&daaos=1698376559984&w=1160&fwrn=4&fwrnh=100&lmt=1698391241&rafmt=1&to=qs&pwprc=8917504642&format=1160x280&url=https%3A%2F%2Fzxcs.zip%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698398441488&bpp=2&bdt=1864&idt=2&shv=r20231025&mjsv=m202310240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db1e7c9a2cd1c6548-2297abe015e30019%3AT%3D1698398440%3ART%3D1698398440%3AS%3DALNI_MYdxtAbQXJw1R7iCwUf69ytlQAivQ&gpic=UID%3D00000caa15c302ca%3AT%3D1698398440%3ART%3D1698398440%3AS%3DALNI_MbVsL2L-ozq8DGcVCgIhm9WnFkBRg&prev_fmts=0x0&nras=2&correlator=644374820674&frm=20&pv=1&ga_vid=1081970136.1698398440&ga_sid=1698398440&ga_hid=1614577809&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=220&ady=3654&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079085%2C44795922%2C44805932%2C44806738%2C31078297%2C44803793%2C31079156%2C44806140&oid=2&pvsid=1621301523287289&tmod=1987348811&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=oLKNovyhoM&p=https%3A//zxcs.zip&dtd=10

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 27 Oct 2023 09:20:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 27 Oct 2023 08:54:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 27 Oct 2023 09:20:42 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/ Frame 8DE2 2 KB
825 B 18ms
12ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d66ca23a7be1d8803307f937a250d0f90959f1289862b8e870d6795000f2b731

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 16:14:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61564
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 798
x-xss-protection: 0
server: cafe
etag: 15713038447858168282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Nov 2023 16:14:38 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231025/r20110914/ Frame 8DE2 23 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231025/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

45edbc85483b4cde24376ffc1a6b93969f8e51cd2e73547f84824c8f54fb79f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 16:14:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61564
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9137
x-xss-protection: 0
server: cafe
etag: 5200559654007170660
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Nov 2023 16:14:38 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/ Frame 8DE2 3 KB
1 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 16:14:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61564
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Nov 2023 16:14:38 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/ Frame 8DE2 20 KB
8 KB 19ms
14ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a198f092051a356c1e62c1296f628da5732045abafbd974eb7fff157e14ff042

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Thu, 26 Oct 2023 16:14:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61564
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8426
x-xss-protection: 0
server: cafe
etag: 17696348727749479825
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Nov 2023 16:14:38 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 8DE2 0
0 47ms
14ms Image
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS2S4-ofEdpbY8_5pQWIXGgtfW5rtZNiTs4f37CVOvvcPVZGVC9JXTI5yzxyKNHPUlBuu1dQEPwdFLYBHi6GyczcF9Ufg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9057438522091178&output=html&h=280&adk=2168583236&adf=457980074&pi=t.aa~a.3496337176~rp.4&daaos=1698376559984&w=1160&fwrn=4&fwrnh=100&lmt=1698391241&rafmt=1&to=qs&pwprc=8917504642&format=1160x280&url=https%3A%2F%2Fzxcs.zip%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698398441488&bpp=2&bdt=1864&idt=2&shv=r20231025&mjsv=m202310240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db1e7c9a2cd1c6548-2297abe015e30019%3AT%3D1698398440%3ART%3D1698398440%3AS%3DALNI_MYdxtAbQXJw1R7iCwUf69ytlQAivQ&gpic=UID%3D00000caa15c302ca%3AT%3D1698398440%3ART%3D1698398440%3AS%3DALNI_MbVsL2L-ozq8DGcVCgIhm9WnFkBRg&prev_fmts=0x0&nras=2&correlator=644374820674&frm=20&pv=1&ga_vid=1081970136.1698398440&ga_sid=1698398440&ga_hid=1614577809&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=220&ady=3654&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079085%2C44795922%2C44805932%2C44806738%2C31078297%2C44803793%2C31079156%2C44806140&oid=2&pvsid=1621301523287289&tmod=1987348811&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=oLKNovyhoM&p=https%3A//zxcs.zip&dtd=10
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8DE2 187 KB
59 KB 57ms
51ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e155284926ba010442d774fd493ff925a0256bd427f54596b1244791a3fa170

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 09:20:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60190
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698233972131352"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 Oct 2023 09:20:42 GMT

GET
H3 200 ac1dbca482530a26bafc7a8c1241173a.js Show response
www.gstatic.com/mysidia/ Frame 8DE2 36 KB
15 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ac1dbca482530a26bafc7a8c1241173a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cddb42bd69440699ae8fe758dac4d5f52911fa67b2a7a637d5d1bcfa2d88b0d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 17:04:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231389
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15099
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 16:29:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 22 Jan 2024 17:04:13 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 71ms
41ms Preflight
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 27 Oct 2023 09:20:42 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 59C0 1 KB
643 B 7ms
6ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 61125
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 26 Oct 2023 16:21:57 GMT
etag: 48472445140208031
expires: Fri, 27 Oct 2023 16:21:57 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 9qemsZs9kbLqAx5V3XgDphQAvLyKuqTQONNcKdPC_g4.js Show response
pagead2.googlesyndication.com/bg/ Frame D00A 38 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/9qemsZs9kbLqAx5V3XgDphQAvLyKuqTQONNcKdPC_g4.js

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6a7a6b19b3d91b2ea031e55dd7803a61400bcbc8abaa4d038d35c29d3c2fe0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 16:28:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 147142
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15015
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 24 Oct 2024 16:28:20 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/1479266101162459432/ Frame 8DE2 47 KB
47 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1479266101162459432/14763004658117789537?w=600&h=314&tw=1&q=75

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b92794ce9026f408c0485245f24dab3fd78f18ac7363ecd3154ab820a83bbbe6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 23:03:08 GMT
x-content-type-options: nosniff
age: 296254
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47742
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 23:24:29 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 22 Oct 2024 23:03:08 GMT

GET
DATA 200
OK truncated
/ Frame 8DE2 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 8DE2 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0c621d2b55c16da9ae860a2a03aeaeb42bdddae0e3b52516be1fcd7319370957

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/svg+xml

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 42ms
41ms Preflight
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 27 Oct 2023 09:20:42 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 42ms
41ms Preflight
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 27 Oct 2023 09:20:42 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 59C0
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEIdKi8gxiitgAiStEbZ9Kgw&google_cver=1&google_push=AXcoOmTbUN3-mBJqsy__CtlJrQbbAnko7L8hEVCgtMqgInHCQmatoy1sVbcbRg7QrBXN2m5OTn6pkqGgI20pS26Q3ZAnbAUc7BdwwzE
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MjM3NTUxMDAyMzkyNzM2OTAwMA==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEE1ZRwKmrM1jAT7toLgvsHs&google_cver=1

43 B
398 B

28ms
14ms

Image
image/gif

46.228.164.11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEE1ZRwKmrM1jAT7toLgvsHs&google_cver=1
Requested by: Host: zxcs.zip
URL: https://zxcs.zip/
Protocol: H2
Server: 46.228.164.11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 27 Oct 2023 09:20:42 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Fri, 27 Oct 2023 09:20:42 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEE1ZRwKmrM1jAT7toLgvsHs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 59C0
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEAuODQnyW_ZKNniLtJOzlVQ&google_cver=1&google_push=AXcoOmQgHql_uUqTSAnB2AhPlpl4y6UQAQ2PvwCKCAHlWG-0h2BKuAL7upm_G8DzqP_GHxNSXLoqYi8nPzpNtQYDZSwLJsH6eNj805I
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=843DAD13BDA1477C9C53FC774CD0DFAF&google_push=AXcoOmQgHql_uUqTSAnB2AhPlpl4y6UQAQ2PvwCKCAHlWG-0h2BKuAL7upm_G8DzqP_GHxNSXLoqYi8nPzpNtQY...

170 B
232 B

18ms
17ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=843DAD13BDA1477C9C53FC774CD0DFAF&google_push=AXcoOmQgHql_uUqTSAnB2AhPlpl4y6UQAQ2PvwCKCAHlWG-0h2BKuAL7upm_G8DzqP_GHxNSXLoqYi8nPzpNtQYDZSwLJsH6eNj805I

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Oct 2023 09:20:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 27 Oct 2023 09:20:42 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=843DAD13BDA1477C9C53FC774CD0DFAF&google_push=AXcoOmQgHql_uUqTSAnB2AhPlpl4y6UQAQ2PvwCKCAHlWG-0h2BKuAL7upm_G8DzqP_GHxNSXLoqYi8nPzpNtQYDZSwLJsH6eNj805I
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Thu, 26 Oct 2023 09:20:42 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 59C0 70 B
149 B 105ms
31ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEOUiiLbf81wv6TKP4YdEQ1A&google_cver=1&google_push=AXcoOmRKafZpiBmvmHNO5CJ9Og5EJQ4TaJhqTRGAtDyWO_yvHGmmUUi0j9Tx4XuW_pc31IiCZ9rUp6Xhr3-_ueEwg3keLatJp_B9BUo
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9057438522091178&output=html&h=280&adk=2168583236&adf=457980074&pi=t.aa~a.3496337176~rp.4&daaos=1698376559984&w=1160&fwrn=4&fwrnh=100&lmt=1698391241&rafmt=1&to=qs&pwprc=8917504642&format=1160x280&url=https%3A%2F%2Fzxcs.zip%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698398441488&bpp=2&bdt=1864&idt=2&shv=r20231025&mjsv=m202310240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db1e7c9a2cd1c6548-2297abe015e30019%3AT%3D1698398440%3ART%3D1698398440%3AS%3DALNI_MYdxtAbQXJw1R7iCwUf69ytlQAivQ&gpic=UID%3D00000caa15c302ca%3AT%3D1698398440%3ART%3D1698398440%3AS%3DALNI_MbVsL2L-ozq8DGcVCgIhm9WnFkBRg&prev_fmts=0x0&nras=2&correlator=644374820674&frm=20&pv=1&ga_vid=1081970136.1698398440&ga_sid=1698398440&ga_hid=1614577809&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=220&ady=3654&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079085%2C44795922%2C44805932%2C44806738%2C31078297%2C44803793%2C31079156%2C44806140&oid=2&pvsid=1621301523287289&tmod=1987348811&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=oLKNovyhoM&p=https%3A//zxcs.zip&dtd=10
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 09:20:42 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 59C0
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEIhE9DGRhUfc1Sj8NNQXmls&google_cver=1&google_push=AXcoOmSsS3LhEWY9Qc3Mq2dzLhGOXRJs21Sij4-EyQpwplUniDt86ar4Qsj5KuimyLdveBIswip-PRLfSIzjUfjk...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=o9hU9Ui5SjIJhCCW_iyIJA&google_push=AXcoOmSsS3LhEWY9Qc3Mq2dzLhGOXRJs21Sij4-EyQpwplUniDt86ar4Qsj5KuimyLdveBIswip-PRLfSIzjUfjkmq3bfTiaZ83LFA

170 B
329 B

18ms
17ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=o9hU9Ui5SjIJhCCW_iyIJA&google_push=AXcoOmSsS3LhEWY9Qc3Mq2dzLhGOXRJs21Sij4-EyQpwplUniDt86ar4Qsj5KuimyLdveBIswip-PRLfSIzjUfjkmq3bfTiaZ83LFA

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Oct 2023 09:20:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 27 Oct 2023 09:20:42 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=o9hU9Ui5SjIJhCCW_iyIJA&google_push=AXcoOmSsS3LhEWY9Qc3Mq2dzLhGOXRJs21Sij4-EyQpwplUniDt86ar4Qsj5KuimyLdveBIswip-PRLfSIzjUfjkmq3bfTiaZ83LFA
x-host: tde-deliveryengine-production-5bf79cd4ff-qvdxf
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 59C0
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEEqL-vqcmSoHeKQ-InOjN-8&google_cver=1&google_push=AXcoOmR8-0_r0R_UhvOeD4x62MTYKo5U6DykAo08U5FGS61h4uOhgcWCtFiP9KQUiK0pUnBXTXkvoTFUc0tLCmbM7qehbR9...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmR8-0_r0R_UhvOeD4x62MTYKo5U6DykAo08U5FGS61h4uOhgcWCtFiP9KQUiK0pUnBXTXkvoTFUc0tLCmbM7qehbR9nHFY0iJ0&google_hm=eS1CVVE5MmNsRTJwRVh...

170 B
188 B

19ms
19ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmR8-0_r0R_UhvOeD4x62MTYKo5U6DykAo08U5FGS61h4uOhgcWCtFiP9KQUiK0pUnBXTXkvoTFUc0tLCmbM7qehbR9nHFY0iJ0&google_hm=eS1CVVE5MmNsRTJwRVhCUVcxWXBIUDhZa01UaWQwRlljMn5B

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Oct 2023 09:20:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 27 Oct 2023 09:20:42 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmR8-0_r0R_UhvOeD4x62MTYKo5U6DykAo08U5FGS61h4uOhgcWCtFiP9KQUiK0pUnBXTXkvoTFUc0tLCmbM7qehbR9nHFY0iJ0&google_hm=eS1CVVE5MmNsRTJwRVhCUVcxWXBIUDhZa01UaWQwRlljMn5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 59C0
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEFLF0rAKycKAiWnt2tMVYfk&google_cver=1&google_push=AXcoOmQTNd2qjjJMnNjEK5IixMTChBuQGiVjcVznlbRBR8mQoX3fTfQk1Ha98sIxsPD8IjMyCJYyAiru...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEFLF0rAKycKAiWnt2tMVYfk&google_cver=1&google_push=AXcoOmQTNd2qjjJMnNjEK5IixMTChBuQGiVjcVznlbRBR8mQoX3fTfQk1Ha98sIxsPD8IjMyCJY...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mzk1NDkyNjQ0NjcxNjk2NTE1OQ&google_push=AXcoOmQTNd2qjjJMnNjEK5IixMTChBuQGiVjcVznlbRBR8mQoX3fTfQk1Ha98sIxsPD8IjMyCJYyAi...

170 B
188 B

18ms
17ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mzk1NDkyNjQ0NjcxNjk2NTE1OQ&google_push=AXcoOmQTNd2qjjJMnNjEK5IixMTChBuQGiVjcVznlbRBR8mQoX3fTfQk1Ha98sIxsPD8IjMyCJYyAiruZho6qWrJwqT3ExhycDGrrwI

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Oct 2023 09:20:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 27 Oct 2023 09:20:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mzk1NDkyNjQ0NjcxNjk2NTE1OQ&google_push=AXcoOmQTNd2qjjJMnNjEK5IixMTChBuQGiVjcVznlbRBR8mQoX3fTfQk1Ha98sIxsPD8IjMyCJYyAiruZho6qWrJwqT3ExhycDGrrwI
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 59C0 43 B
363 B 63ms
13ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmTU_ilh_aPfIxmoTAC1_cXjEReI-A-UKYH4HUyqehYpdOky_pOWJ5Tb7dfhovidgy-vc1ktvAyVQdVdL1uGLlUO4Z2q0mOgURY&google_gid=CAESEA2_nnRKJJ3PtqHhrv3EgIc&google_cver=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Oct 2023 09:20:41 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 195066
expires: Fri, 27 Oct 2023 00:00:00 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 59C0 0
130 B 53ms
14ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JtwvUmGHoD-uYrzC5HVGj5dyfDYzBGOzZrEwjLS5S37wPIDZhTjEmgNk3HuQnbCrasu4Zv

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 09:20:42 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame 8DE2 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4f966f6c341daa9a48c1fcca4a2cde62d4bc5aaca3cdd2e805ad32680f2071db

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 8DE2 33 KB
33 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 09:09:18 GMT
x-content-type-options: nosniff
age: 259884
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 23 Oct 2024 09:09:18 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 8DE2
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CGwHQ6YA7ZYW7H8aB-gaf37SIBMiazKpzysW8zJsSgZK6jPEKEAEgnbm_MWCVgoCAoAegAdPdmpMDyAEJqQK00IIZf7mxPqgDAcgDywSqBLwBT9DKch_IbUFDILeAOVC8vaBo5BvgcPmvJYg...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%229549655196370209660%22,%22debug_reporting%22:true,%22destination%22:%22https://bahn.de%22,%22event_report_window%22:%22259...

0
0

42ms
42ms

Fetch
text/css

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%229549655196370209660%22,%22debug_reporting%22:true,%22destination%22:%22https://bahn.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22845590227%22],%224%22:[%2210-27%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%224912446979559993345%22}&andc=true

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 09:20:42 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"9549655196370209660","debug_reporting":true,"destination":"https://bahn.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["845590227"],"4":["10-27"],"6":["true"]},"priority":"500","source_event_id":"4912446979559993345"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 27 Oct 2023 09:20:42 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 27 Oct 2023 09:20:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"9549655196370209660","debug_reporting":true,"destination":"https://bahn.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["845590227"],"4":["10-27"],"6":["true"]},"priority":"500","source_event_id":"4912446979559993345"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK ai.aspx
at.bahn.de/ Frame 8DE2 43 B
1 KB 93ms
22ms Image
image/gif 213.202.235.8
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://at.bahn.de/ai.aspx?extProvId=5&extPu=14058-gaw&extLi=19589286404&cb=2234292658&cbvp=2

Requested by

Host: zxcs.zip
URL: https://zxcs.zip/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.202.235.8 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Date: Fri, 27 Oct 2023 09:20:42 GMT
X-Content-Type-Options: nosniff
P3P: policyref="https://at.bahn.de/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Fr, 27 Okt 2023 09:20:42 GMT
X-ET-Code: 0
Accept-CH: sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://googleads.g.doubleclick.net
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1053
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 9qemsZs9kbLqAx5V3XgDphQAvLyKuqTQONNcKdPC_g4.js Show response
pagead2.googlesyndication.com/bg/ Frame 9FEA 38 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/9qemsZs9kbLqAx5V3XgDphQAvLyKuqTQONNcKdPC_g4.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6a7a6b19b3d91b2ea031e55dd7803a61400bcbc8abaa4d038d35c29d3c2fe0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 16:28:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 147142
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15015
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 24 Oct 2024 16:28:20 GMT

OPTIONS
H3 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 44ms
42ms Preflight
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 27 Oct 2023 09:20:42 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H/1.1 204
No Content collect Show response
u.clarity.ms/ 0
288 B 93ms
92ms XHR
text/plain 4.227.249.197
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://u.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.13/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 4.227.249.197 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://zxcs.zip/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://zxcs.zip
Date: Fri, 27 Oct 2023 09:20:42 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 03CB 42 B
108 B 49ms
48ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsva5zrCK75ESoFjMMSzSdPD6215M_YFUO4aPazzvl9CvZ7zI-yzjla11WPhVK5S5AT1CYEw9wJgNslNLPSRy4TM7P71Il46kL_2wMdxZpTjaz2xYchZdBDn7b9D94t4ZJ6i_qWun4BUEpHg&sai=AMfl-YQ_QwrhCTGmaO8zsPwfPJL35ey-1drRzhM6KsBRLn7T6dJYLOqZgiue9Tn59IjUDEe1U5uiV3Ef47wiVHa-kFsH6suW1pD11HddVyeKIGyRcRAAv6Oas9KJuXFsjFsHXxcda9x8ypnBJmTPGg&sig=Cg0ArKJSzFwtjwQNAI9PEAE&cid=CAQSTADICaaNvypBB6X5Kxz7KxwehB4ldMezLiMLq5onqWmSYcoqrGZlZuNY_aB8-1iYi30OHYiDaBwzbchJ8qTpD1-r7Tk3ULcfoyxMZ8IYAQ&id=lidar2&mcvt=1000&p=0,0,124,1005&mtos=122,794,1000,1053,1053&tos=122,672,206,53,0&v=20231025&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1698398441600&rpt=356&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=8&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Oct 2023 09:20:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5C90 42 B
174 B 46ms
46ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstdeMDcwlVVIPoTXJp3X-HgKkPB3-h7Nilg6f_qNGt-QHrqCyscg17mzzykpe3qL9Nja5hM-L1b9ob3AzYXoZcxnw59eCK0WjuxrSpo243itS9MOUGggJ66DDtdJOaBh96tM49ZrB2bu4Eg&sai=AMfl-YRec13kRJ1M3n8sDznSo7oehlDfexOyOA6ZhOv2moEji4EXdRnpdYetPA1EWq_-BwDlEPem6di-vu5lgxfEHqQ6s9BVpBsLhhYHGRCMptSyl_n7fA3iWrr3hMNflsI2Gj6YAgfPu9XHjHXCmw&sig=Cg0ArKJSzKRFvPdUlzeuEAE&cid=CAQSTADICaaNvypBB6X5Kxz7KxwehB4ldMezLiMLq5onqWmSYcoqrGZlZuNY_aB8-1iYi30OHYiDaBwzbchJ8qTpD1-r7Tk3ULcfoyxMZ8IYAQ&id=lidar2&mcvt=1003&p=0,0,600,200&mtos=1003,1003,1003,1003,1003&tos=1003,0,0,0,0&v=20231025&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1698398441599&rpt=341&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=8&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Oct 2023 09:20:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 29B2 42 B
108 B 45ms
45ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv25truswiucwyV6L8V3joXXwiB01LKLALz2ui6bRn_fBYGeXpczIcnn3YuPw1PD4DRs2w1_xKT65iQerwxwPhAbaLBJcit4N6I0eTyanm0Z6qVMQRb739PSM-whUvZQht832KB74zcfMtX&sai=AMfl-YSBzCIRd942JN4eZuNnNVlcU2-tYFvgeYSiWYpYVzVNZjfVRUPCj1MJDTAT8uqVbX9VD0fxljex77YGlBRhy18o6ndKWh3lCd7hdrxn91-Y3I6x2w1VtvaJig5ltYkbEou-Ln6ekJvzNznBXA&sig=Cg0ArKJSzB1ztb4keB1WEAE&cid=CAQSTADICaaNvypBB6X5Kxz7KxwehB4ldMezLiMLq5onqWmSYcoqrGZlZuNY_aB8-1iYi30OHYiDaBwzbchJ8qTpD1-r7Tk3ULcfoyxMZ8IYAQ&id=lidar2&mcvt=1005&p=0,0,600,200&mtos=1005,1005,1005,1005,1005&tos=1005,0,0,0,0&v=20231025&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271803&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1698398441596&rpt=331&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=8&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Oct 2023 09:20:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 204
No Content collect Show response
u.clarity.ms/ 0
288 B 97ms
96ms XHR
text/plain 4.227.249.197
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://u.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.13/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 4.227.249.197 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://zxcs.zip/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://zxcs.zip
Date: Fri, 27 Oct 2023 09:20:44 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=6BEFFCF5EBCC4BF2962C9B71464D1716&RedC=c.clarity.ms&MXFR=2E95CF60A61F639B23C2DCD7A21F6D6E
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=6BEFFCF5EBCC4BF2962C9B71464D1716&MUID=21619D5E81916A3425AE8EE9803D6B4C

42 B
467 B

27ms
27ms

Image
image/gif

68.219.88.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=6BEFFCF5EBCC4BF2962C9B71464D1716&MUID=21619D5E81916A3425AE8EE9803D6B4C
Protocol: H2
Server: 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zxcs.zip/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Oct 2023 09:20:44 GMT
last-modified: Wed, 30 Aug 2023 19:01:41 GMT
server: Microsoft-IIS/10.0
etag: "8d59566974dbd91:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Fri, 27 Oct 2023 09:20:44 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EFE87817DF124C04958168459BB8319A Ref B: FRA31EDGE0107 Ref C: 2023-10-27T09:20:44Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=6BEFFCF5EBCC4BF2962C9B71464D1716&MUID=21619D5E81916A3425AE8EE9803D6B4C
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 59ms
59ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231025&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d72f93afed4a28b6e178e603b289e56bd5f7babf490ffb4ebe02ace4ded68af2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zxcs.zip/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 09:20:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12064
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 61ms
59ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zxcs.zip/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 09:20:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 27 Oct 2023 09:20:44 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 79E3 13 KB
5 KB 15ms
9ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zxcs.zip/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 11984
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 27 Oct 2023 06:01:00 GMT
expires: Sat, 26 Oct 2024 06:01:00 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 4ADD 829 B
1 KB 22ms
17ms Document
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d35f6d0ef7398978872510c8119bf56aeec302f57489e5d3ffa3318ac0a2646f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Hgr1X0pcEZaNh0kccA0C7A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://zxcs.zip/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-Hgr1X0pcEZaNh0kccA0C7A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 27 Oct 2023 09:20:44 GMT
expires: Fri, 27 Oct 2023 09:20:44 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4ADD 0
0 40ms
40ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231025&jk=1621301523287289&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

GET
H3 200 mSNSQAl__hw8z5PwJ1hA32amL2zkBniEArBt9BN1XWc.js Show response
pagead2.googlesyndication.com/bg/ Frame 79E3 38 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mSNSQAl__hw8z5PwJ1hA32amL2zkBniEArBt9BN1XWc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

99235240097ffe1c3ccf93f0275840df66a62f6ce406788402b06df413755d67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 06:01:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11984
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15010
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 26 Oct 2024 06:01:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 79E3 0
10 B 7ms
6ms Image
text/plain 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?CSLI3g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date: Fri, 27 Oct 2023 09:20:44 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 45ms
44ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231025&jk=1621301523287289&bg=!UlGlUR7NAAbo5yKYyOc7ADQBe5WfOLnCFjgzASUSBrVWFffj66FlSU1A_D0WyHigksUpvcUJjxHPRmeZwgyzVaEkA106AgAAAE5SAAAAA2gBB5kCvLQvHXkd0l8cK_cyR4Dr9OmRxSxbnNVWKOllQ8ety3iytwDEvL5AmWeZQFUYNKdyXmVRTCCo0658Dc7v1w0KpJMj8C1Fv9Yb9K6UrMNTW-XNqGU47eT0etrw3R45bhvpSmpRhJKfZ60UmC9iYFPxj3I76dQgMoNqhymlF5PVaGZqgmE9OQvXlX0fhBAJaXwWaJS5mTZh6Qb13kgdw4iuYGuPTD68f8Teh9_PNH8I2W_62qfT_kNuv_PiFasOwzBk1ALik5_9HaQ8_ReuoQnPyclyLOIAa_tuQ5w0d1KIBwK9SRHJ2Ymid_APSr61odNJc57VqVZTdoFtmCqwANp5h_f7B0PsHDSxA8EPHP9pF1LrQBCT0Fq_NcqK04SYiknvU7LhAzNx1RtI7Z-CFvG9-R668zp7XxHAzpZa7MV3s7BbT6t03zz_-K6pfufKZdB_slJVi26dICjbeFuIphVaXNAcBg4R-5gMrjB814edHMNT8YB7fzmcG4sbNsHW1WymHqtWfQzloe54gVfZC0XxuQyypBB7D35A50Gi_T7fJWaEd6o7lso5zy90wptcbu_OA5SbZjRC2ef3ZeW8Xe5eHD4csCvUggAn8HmDLLC_4OYBOs4KwGNyEiH57Lw0WQknRQGoGxufn_L51UF3XQc4HH8uEF2ycxsUpWO1U8O9mthZuUokWYCQsqUAvo3yrz8D3rcvylB-mrScXX8J8b0eni2RF2YNfpplZLUgM5yLM13Fj3xehG9g0USLN6gk3766xe9POX6SkPd57g_9w27KCG_VE1qfZWYQoigWy94Agwkw9t1xCE__lBWpbY9rGeTEs615NMaYd5S2OU3x2OeFbWjx5DLlbkpnZ8VDZR5crPykKe_CVdExFVRQAjGYPekAofnHvG74yX5D4yvPqSxbXzXJPV-2qEnoBls15UU
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zxcs.zip/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 15ms
14ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-58XH0DYFV5&gtm=45je3ap0v9119398281&_p=1614577809&gcd=11l1l1l1l1&cid=1081970136.1698398440&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEI&sid=1698398440&sct=1&seg=0&dl=https%3A%2F%2Fzxcs.zip%2F&dt=%E7%9F%A5%E8%BD%A9%E8%97%8F%E4%B9%A6-%E8%97%8F%E5%B0%BD%E7%BD%91%E7%BB%9C%E4%B8%AD%E6%9C%80%E5%A5%BD%E7%9A%84%E7%B2%BE%E6%A0%A1%E5%B0%8F%E8%AF%B4&_s=2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-58XH0DYFV5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://zxcs.zip/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 27 Oct 2023 09:20:46 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://zxcs.zip
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 204
No Content collect Show response
u.clarity.ms/ 0
288 B 96ms
95ms XHR
text/plain 4.227.249.197
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://u.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.13/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 4.227.249.197 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://zxcs.zip/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://zxcs.zip
Date: Fri, 27 Oct 2023 09:20:47 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81

Verdicts & Comments Add Verdict or Comment

45 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

27 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
zxcs.zip/	1970-01-20 15:46:45	Name: XSRF-TOKEN Value: eyJpdiI6Im1adVE0TTNhMkFXazhPNXF2alBmUEE9PSIsInZhbHVlIjoiZnRBZlA4aWs2OVBKN015NnNtNC9mYWVSRkFHcWpodHY0dUVIc1lWUEk1MldDbzc0VWdBYWwvNXo2SG9YMU5CZVVVRUJmdlR5em9GQXNkTG5ZWWVTYlJGR2hEQlJNam9qblZuOEM5eG96Nm54b2V1VklzOXEzMWkzSWlrSFQ0TXgiLCJtYWMiOiJlYWQ5OGQ2NjIyZWZhZDJiZWU3OTU0ZmYwYzM0M2NjM2JjN2RhYTQ0YzJiMDBmNjRlNTNkODVhZTIxMDNiZDEyIiwidGFnIjoiIn0%3D
zxcs.zip/	1970-01-20 15:46:45	Name: laravel_session Value: eyJpdiI6IjFBOXc5VzNsRFhOdW9VcVQvcXFCK1E9PSIsInZhbHVlIjoiWGF6STZubDVGWDZ5SDhZcWdralVTZVZnYm05N1Z6cGY0Tkh0ZS9uckVQSGYvVnI0MlpuZWFLclRTNHRvQVBRcWZKeDNIUlZicXdFdk9FbUJKYXZpUWJUMnRjYWxqZHFiZy9yanJBSUhGWWdMeWpiSjd2cVREV0dQd3BlYU5Fd1IiLCJtYWMiOiI2ZjkwYzY2Yjg5NGRiZmUwMGRiYzBjNDg0NWY5YWEzZDI1MjFkYTQ0NGMwYzRjZDEyNzA3MzU2OWM4NGI0ODNkIiwidGFnIjoiIn0%3D
www.clarity.ms/	1970-01-21 00:32:14	Name: CLID Value: f92ea7ac14954db283b472504d879100.20231027.20241026
.zxcs.zip/	1970-01-21 01:22:38	Name: _ga Value: GA1.1.1081970136.1698398440
.zxcs.zip/	1970-01-21 00:32:14	Name: _clck Value: 1sxn539\|2\|fg7\|0\|1395
.zxcs.zip/	1970-01-20 15:48:04	Name: _clsk Value: 1hw3q27\|1698398440763\|1\|1\|u.clarity.ms/collect
.zxcs.zip/	1970-01-21 01:08:14	Name: __gads Value: ID=ab556e010ab23a87:T=1698398440:RT=1698398440:S=ALNI_Ma1L1fGaSD4rbW8mQ3R1inPLvbbVg
.zxcs.zip/	1970-01-21 01:08:14	Name: __gpi Value: UID=00000caa1563bc07:T=1698398440:RT=1698398440:S=ALNI_MbFADVa-sBUm2lTCUbqMMYFE8qd4Q
.doubleclick.net/	1970-01-21 01:08:14	Name: IDE Value: AHWqTUngB-yp9req8M9PlEJnY1DDTx6RUGIOZBm0gT-6cA4Ksd1fxJmPMHk4MHNryD0
.googleadservices.com/	1970-01-20 17:56:14	Name: ar_debug Value: 1
.travelaudience.com/	1970-01-21 01:18:19	Name: _tracker Value: %7B%22UUID%22%3A%22A3D854F5-48B9-4A32-0984-2096FE2C8824%22%7D
.simpli.fi/	1970-01-21 00:33:40	Name: suid Value: 843DAD13BDA1477C9C53FC774CD0DFAF
.adform.net/	1970-01-20 16:31:16	Name: C Value: 1
.zxcs.zip/	1970-01-21 01:22:38	Name: _ga_58XH0DYFV5 Value: GS1.1.1698398440.1.0.1698398442.58.0.0
.adform.net/	1970-01-20 17:13:02	Name: uid Value: 3954926446716965159
.yahoo.com/	1970-01-21 00:32:36	Name: A3 Value: d=AQABBOqAO2UCEAvNkFgsRHTvl3Y0xJzyuNEFEgEBAQHSPGVFZQAAAAAA_eMAAA&S=AQAAAh4SDRHnMaQV3aR9qW42oBY
at.bahn.de/	1970-01-20 17:56:14	Name: exactag_new_gk Value: 6e3dd3d58fff4d0c823ed34de4315513%7C26.12.2023%2009%3A20%3A42
at.bahn.de/	1970-01-20 20:05:50	Name: exactag_new_uk Value: 4738c8206dc04fe896f644e3f7fbf3d9%7c
at.bahn.de/	1969-12-31 23:59:59	Name: session_session Value: 1a4d852d6d734ef4b0fd2376
.turn.com/	1970-01-20 20:05:50	Name: uid Value: 2375510023927369000
.bing.com/	1970-01-21 01:08:14	Name: MUID Value: 21619D5E81916A3425AE8EE9803D6B4C
.c.bing.com/	1970-01-20 15:56:43	Name: MR Value: 0
.c.bing.com/	1970-01-21 01:08:14	Name: SRM_B Value: 21619D5E81916A3425AE8EE9803D6B4C
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 01:08:14	Name: MUID Value: 21619D5E81916A3425AE8EE9803D6B4C
.c.clarity.ms/	1970-01-20 15:56:43	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 15:46:39	Name: ANONCHK Value: 0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20231025/r20110914/zrt_lookup.html?fsb=1#RS-3-&adk=1812271801&client=ca-pub-9057438522091178&fa=1&ifi=6&uci=a!6&btvi=4&xpc=srFMOEClUf&p=https%3A//zxcs.zip Message: The resource https://fonts.googleapis.com/css?family=Roboto%3A400%2C500 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.turn.com
ads.travelaudience.com
at.bahn.de
c.bing.com
c.clarity.ms
c1.adform.net
cm.g.doubleclick.net
dis.criteo.com
encrypted-tbn1.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
lf9-cdn-tos.bytecdntp.com
match.adsrvr.org
pagead2.googlesyndication.com
partner.googleadservices.com
pr-bh.ybp.yahoo.com
r.turn.com
region1.analytics.google.com
search-operate.cdn.bcebos.com
stats.g.doubleclick.net
tpc.googlesyndication.com
u.clarity.ms
um.simpli.fi
www.clarity.ms
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
zxcs.zip
142.250.185.194
142.250.186.130
178.250.1.9
182.84.110.35
2001:4860:4802:32::36
213.202.235.8
240e:974:eb00:20a::128
2606:4700:3035::6815:5721
2620:1ec:46::60
2620:1ec:c11::200
2a00:1450:4001:800::2002
2a00:1450:4001:802::200a
2a00:1450:4001:803::2004
2a00:1450:4001:806::2003
2a00:1450:4001:808::200e
2a00:1450:4001:80b::2002
2a00:1450:4001:80b::2008
2a00:1450:4001:813::2002
2a00:1450:4001:827::2003
2a00:1450:4001:828::2002
2a00:1450:4001:82b::2003
2a00:1450:4001:830::2001
2a00:1450:400c:c04::9d
2a05:d018:d29:3605:290e:3f93:cc5a:81f7
35.190.0.66
35.204.158.49
37.157.2.230
4.227.249.197
46.228.164.11
52.223.40.198
68.219.88.97
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c621d2b55c16da9ae860a2a03aeaeb42bdddae0e3b52516be1fcd7319370957
0f1321baf7fab66a2c6cd9bc66f4a5e7263a4824f619eb1d552f287e99443929
0fe8f716b1e16cc459da6d808d71130aed3859ec42cd4513637925c551a9520f
1af0ee2e409d753adfedb8a11628be961881ad5139d1a9252fcc4984cbce5f2d
25bb559beb57a681fbcd6b749ea0c17ecf3939efc5127ac756520f819f0c8f9b
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3f5676a86af87439536dd10d678b3d458eee7d107a4a9bb0bac62752cc738fb0
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
45edbc85483b4cde24376ffc1a6b93969f8e51cd2e73547f84824c8f54fb79f9
484ec1c347c17d7d3b98d5058aa5d90bb5c7315f3a67f44611e902de4be50831
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4a4dbc62fa335e411b94a532be091c58c0c0c4fa731339f11722577d3cf6443b
4b101340991fbebde5f9270261516148091e118c9d5e61dc617c27718b74dee1
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e155284926ba010442d774fd493ff925a0256bd427f54596b1244791a3fa170
4f966f6c341daa9a48c1fcca4a2cde62d4bc5aaca3cdd2e805ad32680f2071db
4fb411d36931280c47980d36123edeab46f9bb6975eaa1f601da32d136f22404
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
577f4e3946265cf647accc359c42b6b23c6776d1f76f66546ca7a8440abf9f74
59c29f5c0d165fc28fa10a822c89126f860a621c755debaf4482f31bd8f73510
5b7bdadc88a9289c7c4a5732086655b1bc78468c337bac9d1fa57116f6cc0ebe
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
605b14697226eeb0be6b2c11db8206b70f4c8681c3f921e4ceca4793ce1a95ce
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
64e5b1ae3c535a408129ed8fc7a726fe9b99aa555d8384c9f7061cd381578fa6
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
66268f925b139bd3074492eff60e272912655e1fd7fb7c945d45df98df5c9b6b
717000c458219e645440e0cbb36fdcde0b4c8179cd1ed2f966d6323770730f57
74d758d77387c832900c1039434f33f3fbe1b127e5246489627d6124a2dd2116
74e69ccf2f5cb32c175e328707c515fc9116ddd5cb3c92882d9bd53d3a742d63
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f
7ac3ecbe77b97d16e49c4c9cfa63409c359db51cfbf3e456ace0b4ebba8bada7
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
92b65406db3453d981a5ddd1b23fa812dba8e76122f455dae4249225913376dd
99235240097ffe1c3ccf93f0275840df66a62f6ce406788402b06df413755d67
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ae1ec1f50cc124c44c86edc7db295207440b50c5bed347f717b5661ab8d7580
9deaf2761de1b420131bd114ca883f9201f1885af0026411a20af5a8d1176c45
a198f092051a356c1e62c1296f628da5732045abafbd974eb7fff157e14ff042
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
ad1270333ea16969313802add43789e0558cd75e2bf91e768bcf3937f091a001
afa8185a5df90cecb7cf8d7f1d271f4c39bf66c89d309bb10821ce605b104267
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b2139433c1fc368d2af422d33d1d4551bd41cea76610ed78426d5f4a41cd10e3
b92794ce9026f408c0485245f24dab3fd78f18ac7363ecd3154ab820a83bbbe6
c6bbc7c755dc0cae3e5678b2e774b4c3aad4b71afe635d79b24ca1a2fcadc878
c9a7a0f6ff4ac0c0ae7e7df4468c049558f6d24c43d2cc07880af52358de2d45
cb53de448fee2f83bd80fce0f7246607e3b9d1b1998bd8586e83ba46233ab88c
cddb42bd69440699ae8fe758dac4d5f52911fa67b2a7a637d5d1bcfa2d88b0d3
d35f6d0ef7398978872510c8119bf56aeec302f57489e5d3ffa3318ac0a2646f
d66ca23a7be1d8803307f937a250d0f90959f1289862b8e870d6795000f2b731
d72f93afed4a28b6e178e603b289e56bd5f7babf490ffb4ebe02ace4ded68af2
da51410f0e5b1eac7c8a6f94a62aee6b6cd41c1342f3b1d3a40bcd00b64e932f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41533d5c6eab361631aa3cf8bf7b8a2e6babfcc42a1aa950b2b0cd80c109b8f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6a7a6b19b3d91b2ea031e55dd7803a61400bcbc8abaa4d038d35c29d3c2fe0e
f80ece93c4b29644d039399a38cd7811fff89db54f158257699446c4d4912566
f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390
fed7167a7db0ff3b8ffd2f761dcc24e1d42a994f4e523a9350905bac6abe6b96
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

zxcs.zip Open in urlscan Pro 2606:4700:3035::6815:5721 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

117 Requests

89 %HTTPS

61 %IPv6

22 Domains

32 Subdomains

27 IPs

9 Countries

2276 kBTransfer

5294 kBSize

27 Cookies

2 Outgoing links

Page URL History

Redirected requests

117 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

zxcs.zip Open in urlscan Pro
2606:4700:3035::6815:5721 Public Scan

Screenshot
Live screenshot

Full Image

117
Requests

89 %
HTTPS

61 %
IPv6

22
Domains

32
Subdomains

27
IPs

9
Countries

2276 kB
Transfer

5294 kB
Size

27
Cookies

117 HTTP transactions
7 data transactions