urlscan.io logo urlscan.io
SecurityTrails logo

safelink12345.icu Open in urlscan Pro
2606:4700:3031::ac43:c811  Public Scan

Go To Rescan Add Verdict Report
URL: https://safelink12345.icu/
Submission: On May 10 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 33 IPs in 4 countries across 32 domains to perform 244 HTTP transactions. The main IP is 2606:4700:3031::ac43:c811, located in United States and belongs to CLOUDFLARENET, US. The main domain is safelink12345.icu.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 10th 2022. Valid for: a year.
This is the only time safelink12345.icu was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
19 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
3 10 2a02:6b8::1:119 208722 (YNDX)
1 185.66.200.222 201702 (SKHOSTING-EU)
29 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 99.86.1.225 16509 (AMAZON-02)
2 2606:4700:303... 13335 (CLOUDFLAR...)
4 143.204.98.36 16509 (AMAZON-02)
2 2606:4700:303... 13335 (CLOUDFLAR...)
25 2a00:1450:400... 15169 (GOOGLE)
3 11 142.250.74.194 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 44.195.137.121 14618 (AMAZON-AES)
5 2a00:1450:400... 15169 (GOOGLE)
1 68 2a00:1450:400... 15169 (GOOGLE)
12 2a00:1450:400... 15169 (GOOGLE)
7 2a00:1450:400... 15169 (GOOGLE)
7 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
1 1 217.79.188.21 24961 (MYLOC-AS ...)
1 217.79.188.11 24961 (MYLOC-AS ...)
5 2a00:1450:400... 15169 (GOOGLE)
2 213.202.235.9 24961 (MYLOC-AS ...)
1 107.22.28.167 14618 (AMAZON-AES)
3 6 2a00:1450:400... 15169 (GOOGLE)
15 2a00:1450:400... 15169 (GOOGLE)
3 5 23.35.236.247 16625 (AKAMAI-AS)
2 3 37.252.173.38 29990 (ASN-APPNEX)
1 2620:116:800d... 16509 (AMAZON-02)
2 2 35.244.174.68 15169 (GOOGLE)
2 2 104.111.215.191 16625 (AKAMAI-AS)
1 35.227.252.103 15169 (GOOGLE)
2 2 198.47.127.19 3257 (GTT-BACKB...)
1 1 69.173.144.139 26667 (RUBICONPR...)
2 142.250.186.66 15169 (GOOGLE)
244 33
19    2606:4700:3031::ac43:c811 (United States)

ASN13335 (CLOUDFLARENET, US)
safelink12345.icu
1    2a00:1450:4001:803::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
10    2a02:6b8::1:119 (Moscow, Russian Federation)

ASN208722 (YNDX, FI)
mc.yandex.ru
mc.yandex.com
1    185.66.200.222 (Nitra, Slovakia)

ASN201702 (SKHOSTING-EU, SK)
PTR: 185.66.200.222.skhosting.eu
cdn-server.top
29    2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
2    2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    99.86.1.225 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-1-225.fra6.r.cloudfront.net
djm080u34wfc5.cloudfront.net
2    2606:4700:3030::ac43:dadd (United States)

ASN13335 (CLOUDFLARENET, US)
freychang.fun
4    143.204.98.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-36.fra50.r.cloudfront.net
transmith.xyz
2    2606:4700:3033::ac43:86f2 (United States)

ASN13335 (CLOUDFLARENET, US)
fnyfiexpectth.xyz
25    2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
adservice.google.de
11    142.250.74.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net
partner.googleadservices.com
cm.g.doubleclick.net
1    2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
2    2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
1    44.195.137.121 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-195-137-121.compute-1.amazonaws.com
parentful.club
5    2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
68    2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
12    2a00:1450:4001:831::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
static.doubleclick.net
7    2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
cdn.ampproject.org
7    2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
6    2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    217.79.188.21 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: ad2.adfarm1.adition.com
ad2.adfarm1.adition.com
1    217.79.188.11 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: imagesrv.adition.com
imagesrv.adition.com
5    2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    213.202.235.9 (Düsseldorf, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
at.bahn.de
1    107.22.28.167 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-22-28-167.compute-1.amazonaws.com
rbiscussexb.xyz
6    2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
15    2a00:1450:4001:82a::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
5    23.35.236.247 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-247.deploy.static.akamaitechnologies.com
dsum-sec.casalemedia.com
ssum-sec.casalemedia.com
3    37.252.173.38 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
1    2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States)

ASN16509 (AMAZON-02, US)
cms.quantserve.com
2    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
id.rlcdn.com
2    104.111.215.191 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com
e.dlx.addthis.com
1    35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com
rtb.openx.net
2    198.47.127.19 (United States)

ASN3257 (GTT-BACKBONE GTT, US)
image6.pubmatic.com
1    69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
2    142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net
googleads4.g.doubleclick.net
Apex Domain
Subdomains		 Transfer
97 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 119
tpc.googlesyndication.com — Cisco Umbrella Rank: 171
775 KB
48 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 65
static.doubleclick.net — Cisco Umbrella Rank: 419
cm.g.doubleclick.net — Cisco Umbrella Rank: 289
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 354
1 MB
19 safelink12345.icu
safelink12345.icu
382 KB
15 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 338
178 KB
11 gstatic.com
www.gstatic.com
fonts.gstatic.com
145 KB
8 google.com
adservice.google.com — Cisco Umbrella Rank: 128
www.google.com — Cisco Umbrella Rank: 20
1 KB
8 yandex.com
mc.yandex.com — Cisco Umbrella Rank: 8750
2 KB
7 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 227
257 KB
7 ampproject.org
cdn.ampproject.org — Cisco Umbrella Rank: 316
137 KB
5 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 901
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 821
5 KB
5 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 111
4 KB
4 transmith.xyz
transmith.xyz
5 KB
3 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 326
3 KB
2 pubmatic.com
image6.pubmatic.com — Cisco Umbrella Rank: 857
1 KB
2 addthis.com
e.dlx.addthis.com — Cisco Umbrella Rank: 2703
1 KB
2 rlcdn.com
id.rlcdn.com — Cisco Umbrella Rank: 909
569 B
2 bahn.de
at.bahn.de — Cisco Umbrella Rank: 71058
2 KB
2 adition.com
ad2.adfarm1.adition.com — Cisco Umbrella Rank: 39403
imagesrv.adition.com — Cisco Umbrella Rank: 13762
696 B
2 google.de
adservice.google.de — Cisco Umbrella Rank: 5351
914 B
2 fnyfiexpectth.xyz
fnyfiexpectth.xyz
1 KB
2 freychang.fun
freychang.fun — Cisco Umbrella Rank: 17930
101 KB
2 cloudfront.net
djm080u34wfc5.cloudfront.net
36 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 101
20 KB
2 yandex.ru
mc.yandex.ru — Cisco Umbrella Rank: 2327
70 KB
1 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 478
461 B
1 openx.net
rtb.openx.net — Cisco Umbrella Rank: 2213
350 B
1 quantserve.com
cms.quantserve.com — Cisco Umbrella Rank: 1596
463 B
1 rbiscussexb.xyz
rbiscussexb.xyz
37 B
1 parentful.club
parentful.club
23 KB
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 940
650 B
1 cdn-server.top
cdn-server.top — Cisco Umbrella Rank: 750135
680 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 142
38 KB
244 32
Domain Requested by
68 tpc.googlesyndication.com 1 redirects googleads.g.doubleclick.net
safelink12345.icu
tpc.googlesyndication.com
pagead2.googlesyndication.com
29 pagead2.googlesyndication.com safelink12345.icu
pagead2.googlesyndication.com
googleads.g.doubleclick.net
tpc.googlesyndication.com
www.googletagservices.com
24 googleads.g.doubleclick.net pagead2.googlesyndication.com
googleads.g.doubleclick.net
safelink12345.icu
19 safelink12345.icu safelink12345.icu
cdn-server.top
15 s0.2mdn.net tpc.googlesyndication.com
safelink12345.icu
s0.2mdn.net
12 static.doubleclick.net googleads.g.doubleclick.net
10 cm.g.doubleclick.net 3 redirects googleads.g.doubleclick.net
8 mc.yandex.com 2 redirects safelink12345.icu
mc.yandex.ru
7 www.googletagservices.com googleads.g.doubleclick.net
7 cdn.ampproject.org googleads.g.doubleclick.net
pagead2.googlesyndication.com
6 www.google.com 3 redirects googleads.g.doubleclick.net
tpc.googlesyndication.com
6 www.gstatic.com googleads.g.doubleclick.net
5 fonts.gstatic.com fonts.googleapis.com
5 fonts.googleapis.com googleads.g.doubleclick.net
4 dsum-sec.casalemedia.com 2 redirects googleads.g.doubleclick.net
4 transmith.xyz djm080u34wfc5.cloudfront.net
parentful.club
3 ib.adnxs.com 2 redirects googleads.g.doubleclick.net
2 googleads4.g.doubleclick.net safelink12345.icu
2 image6.pubmatic.com 2 redirects
2 e.dlx.addthis.com 2 redirects
2 id.rlcdn.com 2 redirects
2 at.bahn.de safelink12345.icu
2 adservice.google.com pagead2.googlesyndication.com
2 adservice.google.de pagead2.googlesyndication.com
2 fnyfiexpectth.xyz safelink12345.icu
2 freychang.fun djm080u34wfc5.cloudfront.net
2 djm080u34wfc5.cloudfront.net cdn-server.top
transmith.xyz
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 mc.yandex.ru 1 redirects safelink12345.icu
1 ssum-sec.casalemedia.com 1 redirects
1 pixel.rubiconproject.com 1 redirects
1 rtb.openx.net googleads.g.doubleclick.net
1 cms.quantserve.com googleads.g.doubleclick.net
1 rbiscussexb.xyz parentful.club
1 imagesrv.adition.com googleads.g.doubleclick.net
1 ad2.adfarm1.adition.com 1 redirects
1 parentful.club safelink12345.icu
1 partner.googleadservices.com pagead2.googlesyndication.com
1 cdn-server.top safelink12345.icu
1 www.googletagmanager.com safelink12345.icu
244 40

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-05-10 -
2023-05-10		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-04-18 -
2022-07-11		 3 months crt.sh
mc.yandex.ru
Yandex CA		 2021-12-22 -
2022-06-03		 5 months crt.sh
cdn-server.top
R3		 2022-03-15 -
2022-06-13		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-04-18 -
2022-07-11		 3 months crt.sh
*.cloudfront.net
Amazon		 2022-02-01 -
2023-01-31		 a year crt.sh
transmith.xyz
Amazon		 2022-05-04 -
2023-06-02		 a year crt.sh
*.googleadservices.com
GTS CA 1C3		 2022-04-18 -
2022-07-11		 3 months crt.sh
*.google.de
GTS CA 1C3		 2022-04-18 -
2022-07-11		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-04-18 -
2022-07-11		 3 months crt.sh
parentful.club
R3		 2022-03-21 -
2022-06-19		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-04-18 -
2022-07-11		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2022-04-18 -
2022-07-11		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2022-04-18 -
2022-07-11		 3 months crt.sh
misc-sni.google.com
GTS CA 1C3		 2022-04-18 -
2022-07-11		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-04-18 -
2022-07-11		 3 months crt.sh
at.bahn.de
GeoTrust TLS RSA CA G1		 2021-12-06 -
2022-12-30		 a year crt.sh
rbiscussexb.xyz
R3		 2022-04-19 -
2022-07-18		 3 months crt.sh
www.google.com
GTS CA 1C3		 2022-04-18 -
2022-07-11		 3 months crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-22 -
2022-09-21		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2021-07-08 -
2022-08-08		 a year crt.sh

This page contains 32 frames:

Primary Page: https://safelink12345.icu/
Frame ID: 688C71242C237A5C7A812A3A4B719679
Requests: 57 HTTP requests in this frame

Frame: https://transmith.xyz/clVkMkQTNwdfexNoBhQxADlZF3Y0cFZ0IBg4VAp0B2ZQRSIRYEpRKB0gAFQ2HTsQHCoXIUEAAisxCV4wJRIpZAYVGEEABioULXMHJQMGYCg0AwZeCiMUHAZ3NgQ+ZwUVOhd/AD86JXYoMR0dWQUgBC1mByUDMGcFJxgqVRY+ARNVdjMQEGsXCD4sdAIgDwJaJzUXA2goNj0xUQMbECh2IzcNKWcRNhYic3U2FBNzBSYEJ2d1AScGZ3U1ASILKyEiIXMFCCIpcxYCHAVeCSsdMVo1J2UAaBVAPSNgFwYcBV4JMBQlfDEkZCpTCEFkNmAsNDcGdzQmAlUfdEcQE2sCMRZcdQIzHCF+ASgQKAMsAAMiWiUlZlVgFhkQI38GETcmZywDHCJ8JioBNXkMIy0tUyg/ByBzcAgRIgsJKmcDcwwaJid8FSgBM0swAgBUVgwqDT5qEEMtB1YoFh0wdH0dECZRFDYWC3kRQyYWUBIwFzYDcQcHNXwRKhRCWDcdOxQPKyAaImgBKg9QRAAq
Frame ID: B28B7DB9415FACAD1C9A06E680344CBF
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220505/r20190131/zrt_lookup.html
Frame ID: A5235AB8D210016D4BC90CC9E9AEE2D6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=8258638015&adk=3563942368&adf=869763061&pi=t.ma~as.8258638015&w=1200&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070501&bpp=3&bdt=919&idt=226&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&correlator=7912665475533&frm=20&pv=2&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=103&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=gO4UdWm9lv&p=https%3A//safelink12345.icu&dtd=240
Frame ID: 76CBA18B969E7C4D56A824EC7023CE14
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=9596249340&adk=1423993661&adf=3276192867&pi=t.ma~as.9596249340&w=820&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=820x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070504&bpp=1&bdt=921&idt=246&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=403&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=MIv0Y0UQGz&p=https%3A//safelink12345.icu&dtd=249
Frame ID: EDB8265AC46AFBB91683FE01F2A87757
Requests: 25 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=250&slotname=2786819483&adk=2944592922&adf=3361567115&pi=t.ma~as.2786819483&w=300&lmt=1652150069&psa=0&format=300x250&url=https%3A%2F%2Fsafelink12345.icu%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070505&bpp=1&bdt=922&idt=268&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=651&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=wsmp5j7wyo&p=https%3A//safelink12345.icu&dtd=270
Frame ID: 39A41A1B6E03F2648C8746832ECB4CC1
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&slotname=9596249340&adk=1317470659&adf=1433286824&pi=t.ma~as.9596249340&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070506&bpp=1&bdt=924&idt=271&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280%2C300x250&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=1754&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=f3cyELvtCN&p=https%3A//safelink12345.icu&dtd=276
Frame ID: 2C13E79EE8CC9C035B0779B465BEB0C6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&adk=1812271804&adf=3025194257&lmt=1652150069&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fsafelink12345.icu%2F&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070797&bpp=1&bdt=1215&idt=1&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600&nras=1&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=6&uci=a!6&fsb=1&dtd=5
Frame ID: 108143F678971147FD011296057C4BA8
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: AE2818CC3B24A6864AEFF0613D3EF020
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012203150226000/amp4ads-v0.mjs
Frame ID: 3D3A95F3632C68AC0A6BD4FCCBDEFFC6
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&adk=926476324&adf=3768921151&pi=t.aa~a.4263631882~rp.4&w=360&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=360x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1811&idt=-M&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0&nras=2&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=QPZnfKCTaI&p=https%3A//safelink12345.icu&dtd=47
Frame ID: 62E99A73230710920EE9617F4A48C160
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&adk=3075158702&adf=1856860424&pi=t.aa~a.573379464~rp.3&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1810&idt=1&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0%2C360x280&nras=3&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=3529&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=LqVVgPPmHd&p=https%3A//safelink12345.icu&dtd=52
Frame ID: 4BBC03919A95F50CAB60842C98310B2A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/zrt_lookup.html?fsb=1
Frame ID: F288118EACD050922B6A2FFC0C091E28
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/zrt_lookup.html?fsb=1
Frame ID: E5FBDB4F1C96C139378BFD88E0DD88BE
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/SPE_AOI_KL_Paris_728x90.html
Frame ID: CECB33D2DC823F5503D7A3730D8318CD
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 1192534811602BF9355FE24C848FDE7F
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/87D0VuGGyd8o4x1zT1VlOmQj8xrGMl1xcSeEyGhgSwY.js
Frame ID: C7213CB06897D55F708967164C73450C
Requests: 1 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 971E9DBA0B834168DD93FD762685E444
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/87D0VuGGyd8o4x1zT1VlOmQj8xrGMl1xcSeEyGhgSwY.js
Frame ID: 675C57BC4EBD4738C6DD0CF0E55CEF7A
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/87D0VuGGyd8o4x1zT1VlOmQj8xrGMl1xcSeEyGhgSwY.js
Frame ID: C3E81C37938477297919B9FB7283008E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/SPE_AOI_KL_Paris_300x600.html
Frame ID: 513F5C62655D835148C9CF0748F4C2B5
Requests: 18 HTTP requests in this frame

Frame: https://at.bahn.de/ai.aspx?extProvId=5&extPu=14058-gaw&extLi=15763535245&cb=2205754829
Frame ID: B850BB260CF1D49BB7FE48FF0F81558E
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhjjrrXJATAB&v=APEucNWpPQACLpEuCFWtNBR2LkLjvCsnybR9OLtlt7KlpuwbqypWkqfNLUSPxH__wLaT76EHZ-S5L6CPy8rWKbzMsZlp-01G5SaiKUI43_DRyJDp9NKARgwORt54VFng7KXOw3BRrUWesuP3-3xWkeSf_ML45W7NCYe-gp5IGkzjFUDbF8g-EGQ
Frame ID: 297D1E9D9E76BCC22980353A578159A0
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B34qsRUTW_kglYgBky4oyGmyjrYh1cd5Ts8260fLB4_HupTVNC72m2A52YCWcdLl7x9k7dPOebfOfO9rdnRm223STaqoZZFSc5zYEhk1dmclW4GdynULTQ85Xo8elrzCK4PHt4bBQlWM684P2pbSRo2c2kiw&dbm_d=AKAmf-BNdcSuAVybBAUhEC8zGdErpyvvaWCRnIZJ-L9BqbrlYZ2THiSk-ZAfvONsUMEyPFpLqHsA56xDWXb1qU3txnNVG4WtBhqXjrJ1q0EblG8NXsg3eWVctlItggxSEavZgzImPe_ctDZdlEg18Od2AV8mM6Q7XFc9PAabJ-ahMAQ4j991XB4Wyjn0p8pbQ-jIiarASt2w9L3n7YwuDzS5VPrJPBdmDgO6vQ7sWnmAELNxhOejx9IumTR4tb42OIMYWZsQSiCPZw8XezDy_1GU9jktb957f-W3c6bSXQU2oGH-RNsPfvIqY3lyX77_4axe9EXqGHBc9phqxQrKENwZYzOiH8I9Q4uSysJuM7szYpwQL59wOQbeOmEtc34Rb7wNkSiUQdLR3fNYsZ_47FF01FM_lpGYkQnlCWQk-V_dtVP1Jty5-12rAzKZK-itjZHgVsx9ZO9PhcBWqXKs9brQGkP9kayiF3-mPXIE237gsSqxo-F9dnpeZrDa13gUszsAjuauoOhGAfASZ-wPlmn_do2qBOU-cc7otNtgQPFu1ik9BKgJo8LdOu438RCjHYCbInXZDRKTbwuzwbiuTAZ2oc-UwaOK7n7jps1-UrE5MnG-eoh5uggpnAj32zwdQcOKgj7iaJr9OQXFjpwM5xputFTxsDneTiOn_bXavNNamSBug-Wi-hE_FrfxbLDLlJSJlgqZY4Az-6X55JcJlJE0n50Mz2iu6anM4urzvg8MpLQB4IQV7RbC53hSDW_Ifr2FQUKsKWV5chtQ1AwlmDtwhLP8ZRWFygi1FLZlLDnrD2Kt6j4kVIeML4q7TMvYP5GHAx_vQuMvyoNxMxIfrxVFxj-xJOwy7gRHJQEUMTspGGPW3J04XDoSmRRBumZ7CSzExjdPGyh_jsTToDP2UHbTBJOF1nktP-jc35CW0b3fSpKepX9kryntevntAn94vi3YOs0jbfQhxbUVPEbYFJSh0mJmhEZD564GnJ9D1Z8asLfhfbJzpIUnpys-S8D1MW6hB5rBVgLRoLzewm4PwpGRXqLdYnN6Lc5jvMZYiyRYCnkxlrk8G9dRZvLs0t5Zac1p16-AheqdUhtaW_2qjemTk3RJqWBozuMcV0cT5GLoAns0-GzOoJ7ygsCmoEhSwGCg0P1B_NSIygdl9odNua_LcIBRJUj41kMQ5-Aqj--aGqbrRBnhbKgoYprTntZo3qQfNo0OQzqgCDy-K38DS3vdB4emHIaUrh1W8FbnkM5h28okDaH6rq_xy_dZ32jbm4DmJbjI8QktT_RXTiXv-xwfjjjA0CinjUfOw61l5RdTzRPBWiCVFl4b5k03QEG-S7BqRwpAxK9-t8yFyoEbG5S1SuIvX7E8jve2E5r_VRguODHD54gRblA8NVETvNiQTI5yTAUlQwMXQ-NSez9xBHUkxgti8WG0Agf4g7XiUySn96FDgLaf4gNlqm63Dy3I5iBHY3IU2HqnyqzkBZPV7rhmCVfVd-keb25xprk4g9qOqYRdvSWaR3L84j1cfKCvdkdoVDEh6t77qQlK4wIg7cjQAUKfdXyo7R-YkH85L7uqLhW4SVditXU33KMDkU5627ERo0QhjJ8gg-C75kPtDuuKcaaTSjztjwisbS1C3nt3lc39KcsjR7r2JefcfbKME7wrrYMxJGLFceCiLxILk7YS0sMQDdWieH97_nh-arrD5J1JYjyNRr7RQiugqE3WABNKgBIK8JvuqgnkKzfZdh8UYItmny5VV_Kflh8lkJaTUd4D-82AWaraPpMYfUUefDhzfjOZHk9cdcOqNEB1wXPb9CuBamcR_fYnv5-jIo8BSblaf1fIYqmhh9tE11vOozQ0tTLrYdguxbuzck5E2xs1wncdZjEWe2Xc6COZU4ro7OOJ_0D5Do6Zr6Ow39reWDaROxnFHmR-Yae2Del6AAKzIoYVEua2MMKAZKV3Zmjx3sHa45LGqofNQhkPJC-NgEqj5rfOnfF_iLanYg-AAs4hlg6gJHFuhIlNjzTEsgTtlQSojMybqpTT8M0RNJquiSNVEjHEa_ck9fRmJynquEAEGExKH_kek1mYNgFF1GbnJ0yPd_GBhRdYmZfe3vniJe-_YtcrsHBwlh_LRH_eYs1ySAAFeD9IOdjYIUc1nzhU_YTC1wFo8-ZinW0hJ4P_bKTaKQMrrA-D2PNUgAHhf_CRr4Bink0ePgWRbmsymXvXEafayscVHoY51QcoRGL_p68k2EuwvZsQ1O_yYEu3r-qiKLHZMBRKhzGj3Ho6hps9NzS44uIFizrIhhOSdeKtIPlIQyt3pDsHb469gkZx4tg7x76ZI3QD7L_dVo7dlWkh0j5SX4Mw3wonRn6pHq14_LgNf8NpOPnmhcPrl09HH6Qt9HafXrXWZoBKx0zVnKQkPyyO5c8MiG7hMe8X3sNgdN6MVvAyUaTej44tcmnqklivdBwl3w_b3Ltjqu34zsSG7P3C1ifVR8rFq9Z8QmeFn_OO9hbYBwPNbSOT9EMjwWsZJGTVEA0cMn273Qjs7ckgU2NymMZ4Psrid4wfGNXQBBqKENDNH8wKoM_W_o9p3ZYxwG8SCvtamx_dzGJdDANNoZuI8a7F8InoLPK6ntu73ScaGWvkSEfgVfAdXsYrFlQyhOUv5qa-GJ_Df7dE_MDJvUMH0zY00Ur-xwB9BOFgygjr7Yt9lOZVe1rU2laS7xNxD-iGdiMXNC9VLXugdPmwmgFMTW6bdxMrnCopFCaptnXRFV0FciEqJljXoDXvK2KHqSlZFUFQPQ7Z86E3igTY01CFkaGyD_9elYEPy7Ec85YtbA6QwSlyPlUvYaePhaIO1Cg_r--u-i93B1hzffRo9j-lYAzJcKvc-tvg8W2Cge-U2cdy7jy6UwuEybVD42JjP4QuwIFhPVQrEH1-9B6ghPKbEhjK1El2LfKJv6jCx_K2qtY_NHZRA61DRISKPutGiL1NWxipUDUwf1DKdVIjcQL7BRbiqyvaSpSv12nZ3bxyOAfj80n8PpU9OGEjeXLaAqeDouuS_Q&cid=CAASJORoj_m3cQyfGG3laQubxiUB2f7KOP950INdwmb4udL8UeQAWw&rfl=2%2Chttps%253A%252F%252Fsafelink12345.icu%252F%240
Frame ID: C7D6B5B208A74D3CF614800C1E6D93A7
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 41968C325A7CDCDD080A8DC6D1CD77F5
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: BB1AD090857A87954189E6E7B9D20E17
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 281DFEBB107259C85306A9047A5EA4AC
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/87D0VuGGyd8o4x1zT1VlOmQj8xrGMl1xcSeEyGhgSwY.js
Frame ID: 4A1EC205734F53D4CD9EE820C4117074
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: ADF83598467A50D56C68E9F6E1538A07
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/index.html
Frame ID: 0D8D6C60047A5BA932447B12990B2555
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 37D0D3BCFE235382A7A07144006413EA
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 778DF7CF5C9D7671CA9A6644444B72FF
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

SafeLink - Premium Link Safeguard

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • mc\.yandex\.ru/metrika/(?:tag|watch)\.js

Page Statistics

244
Requests

95 %
HTTPS

54 %
IPv6

32
Domains

40
Subdomains

33
IPs

4
Countries

3399 kB
Transfer

6696 kB
Size

46
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18
  • https://mc.yandex.com/sync_cookie_image_check HTTP 302
  • https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9633.ODv7XgwT7wBIJbUIiuGUp7UqTYVapZgUKyOhohOIhSW2HxPrUWCRpyNhlzU4ax-F.Yxv-NdM8cMURmyvXY26_zA7K10Q%2C HTTP 302
  • https://mc.yandex.com/sync_cookie_image_decide?token=9633.xPfFMfaL4edfCj-hO6EI5FbOVxTLaahBJOTGsEeYw3wUko5Wez5lQhXE_zacnPkLvid-CZ0L76lk_KBpd3v-Ew%2C%2C.dqFDKCbSNYzYyOqS-owL2zFG5wA%2C
Request Chain 26
  • https://mc.yandex.com/watch/67781566?wmode=7&page-url=https%3A%2F%2Fsafelink12345.icu%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aa8mjecangl5v275zywhk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A791%3Acn%3A1%3Adp%3A0%3Als%3A797522107042%3Ahid%3A1000866796%3Az%3A0%3Ai%3A20220510023429%3Aet%3A1652150070%3Ac%3A1%3Arn%3A939062693%3Arqn%3A1%3Au%3A1652150070113072662%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1652150068457%3Ads%3A12%2C21%2C1089%2C151%2C0%2C0%2C%2C%2C%2C%2C%2C%2C%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1652150070%3At%3ASafeLink%20-%20Premium%20Link%20Safeguard&t=gdpr(14)aw(1)ti(2) HTTP 302
  • https://mc.yandex.com/watch/67781566/1?wmode=7&page-url=https%3A%2F%2Fsafelink12345.icu%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aa8mjecangl5v275zywhk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A791%3Acn%3A1%3Adp%3A0%3Als%3A797522107042%3Ahid%3A1000866796%3Az%3A0%3Ai%3A20220510023429%3Aet%3A1652150070%3Ac%3A1%3Arn%3A939062693%3Arqn%3A1%3Au%3A1652150070113072662%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1652150068457%3Ads%3A12%2C21%2C1089%2C151%2C0%2C0%2C%2C%2C%2C%2C%2C%2C%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1652150070%3At%3ASafeLink%20-%20Premium%20Link%20Safeguard&t=gdpr%2814%29aw%281%29ti%282%29
Request Chain 63
  • https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKD_po2QyQEQgwQYgQEyCA0gY_xqzS1r HTTP 301
  • https://tpc.googlesyndication.com/simgad/17358737545053659026
Request Chain 92
  • https://ad2.adfarm1.adition.com/banner?sid=4599678&gdpr=&gdpr_consent=&kid=5155136&bid=15852299&wpt=C&ts=2745174755 HTTP 302
  • https://imagesrv.adition.com/1x1.gif
Request Chain 160
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 195
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF10a8NWaATfPAGHjOfR0fk&google_cver=1
Request Chain 196
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YnnPOI3QBzqm4LeLo-u9oQAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF10a8NWaATfPAGHjOfR0fk&google_cver=1
Request Chain 197
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESENKYflLLM_qahXYnAGj1klA&google_cver=1
Request Chain 198
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTk2MTk3MzE2MjA1NDY3NjgxNw%3D%3D
Request Chain 206
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 211
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 214
  • https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPLEC81b4q5Np1zRqRyEswmv_8fH_Z5mitXzwOryMxDNmtmQ_7KHkDTZtttS52B2SQ_kV2b2YGmOYQELlruTtxCyIFFz4Vo&google_gid=CAESEL_SRyJ3TI-IdaJnpP4omhw&google_cver=1 HTTP 307
  • https://id.rlcdn.com/1000.gif?memo=CK69HBoNCLie55MGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BWWc1cVBMRUM4MWI0cTVOcDF6UnFSeUVzd212XzhmSF9aNW1pdFh6d09yeU14RE5tdG1RXzdLSGtEVFp0dHRTNTJCMlNRX2tWMmIyWUdtT1lRRUxscnVUdHhDeUlGRno0Vm8 HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcweTNoVHd5dnFJWFEtczIwLWtLb1JVN1c1aVZNYk54b3V2WTNVRE1HTUx6bw==&google_push
Request Chain 215
  • https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPJSQx3d1ZO5_I3cpE4AnbaAcG-sBkPBpjSRvZ5HCP4Wqm4JLyx-dQyb0HLsOu28zrdRwqr0awpPgfzOECORd7h-gkjkowFV&google_gid=CAESEPfLHOsyGEw8Mzu-ffoZ8Os&google_cver=1 HTTP 302
  • https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPJSQx3d1ZO5_I3cpE4AnbaAcG-sBkPBpjSRvZ5HCP4Wqm4JLyx-dQyb0HLsOu28zrdRwqr0awpPgfzOECORd7h-gkjkowFV&google_gid=CAESEPfLHOsyGEw8Mzu-ffoZ8Os&google_cver=1&rd=Y HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjA1MTAwMjM0MzIwMDAxNzY4MjkxMzk0NA%3D%3D&google_push=AYg5qPJSQx3d1ZO5_I3cpE4AnbaAcG-sBkPBpjSRvZ5HCP4Wqm4JLyx-dQyb0HLsOu28zrdRwqr0awpPgfzOECORd7h-gkjkowFV
Request Chain 217
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEC1Gi89I0II5NvlFf8xWRNY&google_cver=1&google_push=AYg5qPK-zRHwwYDDpcIcK6xgHRWmx5QUauZ1GrqwnyfDOG_GxM-EQpVH2WxmlZFE4HrHQr25lZDgWfpJcD2kH9J20bwZaWo_GgiF HTTP 302
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEC1Gi89I0II5NvlFf8xWRNY&google_cver=1&google_push=AYg5qPK-zRHwwYDDpcIcK6xgHRWmx5QUauZ1GrqwnyfDOG_GxM-EQpVH2WxmlZFE4HrHQr25lZDgWfpJcD2kH9J20bwZaWo_GgiF&rdf=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=JEr6yR7HQ7Ca_VCCRFMxvQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPK-zRHwwYDDpcIcK6xgHRWmx5QUauZ1GrqwnyfDOG_GxM-EQpVH2WxmlZFE4HrHQr25lZDgWfpJcD2kH9J20bwZaWo_GgiF
Request Chain 218
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPYw1hAIouIQO8276sxUq3M&google_cver=1&google_push=AYg5qPIEnTQTP5tocHJbk_SMwBEod-yFei6izT8MNaIBtG0LXAmx1beNEzvcZddlFg05oQgmF0S-Xsn6z4qxtuUaI5BVOADcFIr_ HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDJaSkhVUE8tMTItRkZENg==&google_push=AYg5qPIEnTQTP5tocHJbk_SMwBEod-yFei6izT8MNaIBtG0LXAmx1beNEzvcZddlFg05oQgmF0S-Xsn6z4qxtuUaI5BVOADcFIr_
Request Chain 219
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENp-VlaZl5yW1UuGQOZRp34&google_cver=1&google_push=AYg5qPJQdLXmQCtel2itlrNSGI9vpBbkMnDz0AQlvlaVM3kXBhZPIaPVH_WQEzmXe2VUUHcCQkdWPwfGXs3ozdjIgvSNN2jcK5vb HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YnnPOI3QBzqm4LeLo_u9oQAABKAAAAAB&google_gid=CAESENp-VlaZl5yW1UuGQOZRp34&google_cver=1&google_push=AYg5qPJQdLXmQCtel2itlrNSGI9vpBbkMnDz0AQlvlaVM3kXBhZPIaPVH_WQEzmXe2VUUHcCQkdWPwfGXs3ozdjIgvSNN2jcK5vb

244 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
safelink12345.icu/ 		95 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://safelink12345.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:c811 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.3.33
Resource Hash
e60c452440957a835817ab7f27b8c12523445603780bbfdf24b9bdb8e32c3581
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
s-maxage=31536000, max-age=60
cf-cache-status
MISS
cf-ray
708f46a81ff39972-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 10 May 2022 02:34:29 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified
Tue, 10 May 2022 02:34:29 GMT
link
<https://safelink12345.icu/wp-json/>; rel="https://api.w.org/"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer-when-downgrade
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vxp8U75fSUcie8gULtQOQ%2BpKGPY2664m%2FrvFjbfyB0I8%2Bq76y8iFbB6oH37iAv%2Flf2rDbImPjwrpepb3giP73mTfJ9VM9j1yJfuXfAtDv7tDFHZ%2BK%2F%2BGz1n9u%2B7Sr8CvcHjSYEgRmg%2FKm5sxVtg5gQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload;
vary
Accept-Encoding,User-Agent,User-Agent
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-powered-by
PHP/7.3.33
x-turbo-charged-by
LiteSpeed
x-ua-compatible
IE=edge
x-wp-cf-super-cache
cache
x-wp-cf-super-cache-active
1
x-wp-cf-super-cache-cache-control
s-maxage=31536000, max-age=60
x-wp-cf-super-cache-cookies-bypass
swfpc-feature-not-enabled
x-xss-protection
1; mode=block
js
www.googletagmanager.com/gtag/ 		98 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-49247768-6
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
32e14b3cd56f81235aaeb7d03ed1c7dc4ebf9917be35165798aabf6b82470542
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:29 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38838
x-xss-protection
0
last-modified
Tue, 10 May 2022 00:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 10 May 2022 02:34:29 GMT
tag.js
mc.yandex.ru/metrika/ 		202 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/metrika/tag.js
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
94bccc9b641ce0b4d8c6e0d75736d19c549ae58bf139e9d5ba5bfe8dad4a54cc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:29 GMT
content-encoding
br
last-modified
Fri, 06 May 2022 13:09:00 GMT
etag
"6274f3bc-1149e"
strict-transport-security
max-age=31536000
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
content-length
70814
expires
Tue, 10 May 2022 03:34:29 GMT
wp-emoji-release.min.js
safelink12345.icu/wp-includes/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://safelink12345.icu/wp-includes/js/wp-emoji-release.min.js?ver=5.9.3
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:c811 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:30 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 09 Jun 2021 07:45:12 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tndL%2Bx%2FBwMBh6TEx0WQtSoU3RcGLnumaCq%2B%2B4CJJ775LPxFcHNKjc0yA3JuAuRodEjt8V8Ifym9iOSEXD0o9RqofTsplu6Lr%2BAZ3PDAz1k3eYSJdV1ngYwJiJEJcl1sXYVsbDmQWpWxxlP1m0OIpEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
vary
Accept-Encoding,User-Agent,User-Agent
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
708f46b32c3d9bac-FRA
expires
Tue, 17 May 2022 02:34:30 GMT
style.min.css
safelink12345.icu/wp-includes/css/dist/block-library/ 		81 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://safelink12345.icu/wp-includes/css/dist/block-library/style.min.css?ver=5.9.3
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:c811 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cdbdaa122823601390c7dcbdd1afde33c2f1a432b8c5ff025c6137ee99ba541a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:30 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 06 Apr 2022 03:30:06 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bhut01wqjtGmyRBcfUKaslbEGbCFuzN8oCDsL5dw5JUCpERAFZ4SsiOZYzE0N9%2FLLBDcmOy0DL%2BC2Cp%2BXceR6q8v3b9a%2BZ1qGzQyQkyHana8i%2FPw91R1YkDy8wv7F%2F519vGAU6ATCfdGY9PuUk1wnA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
vary
Accept-Encoding,User-Agent,User-Agent
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
708f46af2f579972-FRA
expires
Tue, 17 May 2022 02:34:30 GMT
styles.css
safelink12345.icu/safedb/plugins/contact-form-7/includes/css/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://safelink12345.icu/safedb/plugins/contact-form-7/includes/css/styles.css?ver=5.5.6
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:c811 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e50f9ccd2d6582a58ba1879fa578e60d25fea4c5eedc07deafd14482b2403181
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:30 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 23 Feb 2022 15:27:31 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C8R%2BNTTHGzNsxNZrijVCNn6bCTrHcaiPRssdSCe1j8Cq4Hn%2F%2BP2ofWDs%2Bll8dNn5MkYLcaBKs%2B2Bx9vUgzzfj7iHykZMSINaL31jTT4Csys1IoWLVXYgQYjLzKxyuEPJI2O245nsb%2BiMqscPwtsTfw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
vary
Accept-Encoding,User-Agent,User-Agent
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
708f46af2f5b9972-FRA
expires
Tue, 17 May 2022 02:34:30 GMT
widget-areas.min.css
safelink12345.icu/safedb/themes/generatepress/assets/css/components/ 		3 KB
992 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://safelink12345.icu/safedb/themes/generatepress/assets/css/components/widget-areas.min.css?ver=3.0.2
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:c811 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6b4122b94b82886e32952c07c78d342647b3a38a2834f4489e0922308a95eab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:30 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 16 Dec 2020 12:07:20 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RfwPw8I2gPYModcMRaaxURIC1aex7Dkw%2Bideg96hnAPShJb1fzXPMuuz9PNC2JWoDoSAAuIcUbDMeZnGxVmpwMY87xI2dY7U88P6JoT0T1UJNLoiux3Q6fAMzRQrxYMq5ZI4t68CLcuDGIGzmzdFUg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
vary
Accept-Encoding,User-Agent,User-Agent
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
708f46af2f5d9972-FRA
expires
Tue, 17 May 2022 02:34:30 GMT
main.min.css
safelink12345.icu/safedb/themes/generatepress/assets/css/ 		19 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://safelink12345.icu/safedb/themes/generatepress/assets/css/main.min.css?ver=3.0.2
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:c811 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
baa8d3bd604f2a4a1ac557a89e045db73777eeb824c3e30d6fd1447415ab7a69
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:30 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 16 Dec 2020 12:07:20 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fKFk%2FlBHLxwPLdKIbJqLvsyj8b2z5dKeDkjoBeUw%2Bjg2jWrARnW4g0DkUJUZp1EnEHVkBVU%2BwWa398HLs2QKUvlXFHjoRBQ5RINMY9ScrPCwY%2Fbc8IMW%2FH9NwbGbmda96%2F0sNuk%2F2RR2KHlZm9yXlA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
vary
Accept-Encoding,User-Agent,User-Agent
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
708f46af2f5e9972-FRA
expires
Tue, 17 May 2022 02:34:30 GMT
wl.js
cdn-server.top/p/ 		383 B
680 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-server.top/p/wl.js?pub=754669&ga=g
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.66.200.222 Nitra, Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
185.66.200.222.skhosting.eu
Software
nginx /
Resource Hash
63d83adb7760714b40f3441b7fe0b3a2bd4c4d3590e729bffc6754b20b5f6af2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
cache
date
Tue, 10 May 2022 02:34:29 GMT
cache-control
max-age=3600
expires
Tue, 10 May 2022 03:34:29 GMT
server
nginx
x-robots-tag
noindex, nofollow, noarchive, nosnippet
content-type
application/javascript
cropped-00SLlogo.png
safelink12345.icu/safedb/uploads/2021/02/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://safelink12345.icu/safedb/uploads/2021/02/cropped-00SLlogo.png
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:c811 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d31104bd431537fe33a23de333f81f6ded123a795d469dbd2f01426b3cfb43e4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:30 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
User-Agent,User-Agent,Accept, Accept-Encoding
content-length
11512
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 20 Feb 2021 19:47:33 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BxPPMdDQq2v8pzi%2B%2BdE29RP6pIEuVacSmmfpJoVIr%2Ffu7Y5cLjXISTbQuibTbHBctJVPboGqPJjHv%2BNzg9iTFKuUqRTAutVEwkHvEg4dPbAyz1XPWD2KDdD8%2FlkfnrJkmOo%2FHNMdRV3l%2FKY%2FQERN%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
x-webp-express
Redirected directly to existing webp
accept-ranges
bytes
cf-ray
708f46b32c3e9bac-FRA
expires
Tue, 17 May 2022 02:34:30 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		156 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f7500d6c5838fe2234de504b4dd347025351ca9f23d9f287cb4095542f9f6453
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
55988
x-xss-protection
0
server
cafe
etag
8436708994667677351
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 10 May 2022 02:34:30 GMT
Abon-Tanoh-Mirah-3.jpg
safelink12345.icu/safedb/uploads/2021/10/ 		40 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://safelink12345.icu/safedb/uploads/2021/10/Abon-Tanoh-Mirah-3.jpg
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:c811 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc55a917750e5a1591e5c6d1da6f5e2457b0e0e5a9a86f03c5d5bef6d6b4ae35
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:31 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
User-Agent,User-Agent,Accept, Accept-Encoding
content-length
41128
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 19 Oct 2021 18:49:35 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2mzfe1IfA%2BIwgBsP%2FYn9cFUTeLWmwZzRGAlnTGlBMJ0lhUn7k8c%2Be1RNpmwXxe0Q2m5Tu66LMZHYG9TlPZkgThrk7V63Gktg3DvvLkR6DQdr%2FAQM%2F8JSO0ZH7dj0iQXpXVUdTluCgMg%2BjxMj3KR6SQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
x-webp-express
Redirected directly to existing webp
accept-ranges
bytes
cf-ray
708f46b32c419bac-FRA
expires
Tue, 17 May 2022 02:34:30 GMT
regenerator-runtime.min.js
safelink12345.icu/wp-includes/js/dist/vendor/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://safelink12345.icu/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:c811 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:30 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 26 Jan 2022 19:06:55 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p39Brp7GOf78tOfP%2BE8wmOnKpNG7xtptop4QTuORfIDaPOw2%2BBH9hNiWNvEFmVMwnhjyxiZAq2lqTPwCjWp6XVlhRgA8U0wHUopG0DNcIuxiuPPDNpEqgD0lwA6x3HZ0UXRhdIQc58aKXtAgVhxNug%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
vary
Accept-Encoding,User-Agent,User-Agent
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
708f46b25b1c9bac-FRA
expires
Tue, 17 May 2022 02:34:30 GMT
wp-polyfill.min.js
safelink12345.icu/wp-includes/js/dist/vendor/ 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://safelink12345.icu/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:c811 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:30 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 26 Jan 2022 19:06:55 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=evkCVFRQUf1jeioIaMnPSpe%2BfeSQMF0El6AWA%2BKJYwO55L7yPk1kBgCA1uc8ggTVJQPzDkRoYBxddgW%2F1TN0TLj7jzkosSl5uE7wnX8j2UkB0am6bPqn6xxowVw0BgpMV02Z3HHEgWQrifaEEW8awA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
vary
Accept-Encoding,User-Agent,User-Agent
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
708f46b32c2e9bac-FRA
expires
Tue, 17 May 2022 02:34:30 GMT
index.js
safelink12345.icu/safedb/plugins/contact-form-7/includes/js/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://safelink12345.icu/safedb/plugins/contact-form-7/includes/js/index.js?ver=5.5.6
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:c811 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
679e44f9b4bbbc2ad0c4000c1413fd3a88627d83f1cba8ebdac26f81bc7edb78
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:30 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 23 Feb 2022 15:27:31 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BXqLLus6xbvmZZr5aWgGB7%2BPRr931lfKil6VkzkXrmRxvDPnMKmMYXGwjVdV3XU7DPwDN4WAkNl%2FPcamLFlD5miJUWg4LVsdMlSzhLXUSM1AcyJOji6BzSfydXJ7xjuN8vLbOlaluOZL4C5VdNnX9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
vary
Accept-Encoding,User-Agent,User-Agent
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
708f46b32c389bac-FRA
expires
Tue, 17 May 2022 02:34:30 GMT
main.min.js
safelink12345.icu/safedb/themes/generatepress/assets/js/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://safelink12345.icu/safedb/themes/generatepress/assets/js/main.min.js?ver=3.0.2
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:c811 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c0901279dec1117310802c450665b34a60788da4a00e066d2de367327cd13456
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:30 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 16 Dec 2020 12:07:20 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G59MxXYIUe%2FJoWtc4WW1xSJwfQmWllD0ZaIdfymDxZNbGuyzTtRG3ac8AyQ0oS1OeW56FsOp40vJkOU1WFUfJYdjnReLlM%2BUKUK5eXbSmmmb8ZlR%2By9tK%2FLd6AOavyexX14Me5LzeJDzraGrFwyTSw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
vary
Accept-Encoding,User-Agent,User-Agent
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
708f46b32c3a9bac-FRA
expires
Tue, 17 May 2022 02:34:30 GMT
back-to-top.min.js
safelink12345.icu/safedb/themes/generatepress/assets/js/ 		712 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://safelink12345.icu/safedb/themes/generatepress/assets/js/back-to-top.min.js?ver=3.0.2
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:c811 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3768f04f42b79eb4e04658f9afcdab75362a71eed99e851b05312b74964907aa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:30 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 16 Dec 2020 12:07:20 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9asrPXyW7Hz1XcVSgJNaidxY%2BXPxbjAXl0yIafl6mRiVXmqD3Izy5mXECNDj%2BYicWt8DzA%2FcHrMFeJll5UhDU0eGVXx4NreGF%2BoyXg%2FJYGimnu%2BzVZ2sQZuaTvihCrLoEyoUDjZRcfCG2txYfXUycQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
vary
Accept-Encoding,User-Agent,User-Agent
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
708f46b32c3b9bac-FRA
expires
Tue, 17 May 2022 02:34:30 GMT
frontend.min.js
safelink12345.icu/safedb/plugins/q2w3-fixed-widget/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://safelink12345.icu/safedb/plugins/q2w3-fixed-widget/js/frontend.min.js?ver=6.0.7
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:c811 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ef9261d8142ef4c8b5a4dccdfdbefaee50450c1791aabe949eb43ef09986c45
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:30 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 02 May 2022 15:29:47 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YMFW5uBOu0oA8lNjvv3xwUeqZg5xrAyMss5ZqOu6R3jB%2F%2FXlB6HtKKCTbad6DEq8NaaWiVB2ZH3pigTJSRFFV4LtWYVF0L8ecE7od3h3Lv2nlz2QWbe%2BWF4N7BXoNGO4%2B2Nq3sceJJsFxcZkuugkvg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
vary
Accept-Encoding,User-Agent,User-Agent
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
708f46b32c3c9bac-FRA
expires
Tue, 17 May 2022 02:34:30 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-49247768-6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
921
date
Tue, 10 May 2022 02:19:09 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Tue, 10 May 2022 04:19:09 GMT
sync_cookie_image_decide
mc.yandex.com/
Redirect Chain
  • https://mc.yandex.com/sync_cookie_image_check
  • https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9633.ODv7XgwT7wBIJbUIiuGUp7UqTYVapZgUKyOhohOIhSW2HxPrUWCRpyNhlzU4ax-F.Yxv-NdM8cMURmyvXY26_zA7K10Q%2C
  • https://mc.yandex.com/sync_cookie_image_decide?token=9633.xPfFMfaL4edfCj-hO6EI5FbOVxTLaahBJOTGsEeYw3wUko5Wez5lQhXE_zacnPkLvid-CZ0L76lk_KBpd3v-Ew%2C%2C.dqFDKCbSNYzYyOqS-owL2zFG5wA%2C
75 B
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mc.yandex.com/sync_cookie_image_decide?token=9633.xPfFMfaL4edfCj-hO6EI5FbOVxTLaahBJOTGsEeYw3wUko5Wez5lQhXE_zacnPkLvid-CZ0L76lk_KBpd3v-Ew%2C%2C.dqFDKCbSNYzYyOqS-owL2zFG5wA%2C
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H2
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:30 GMT
strict-transport-security
max-age=31536000
content-length
75
x-xss-protection
1; mode=block
content-type
text/html; charset=utf-8

Redirect headers

location
https://mc.yandex.com/sync_cookie_image_decide?token=9633.xPfFMfaL4edfCj-hO6EI5FbOVxTLaahBJOTGsEeYw3wUko5Wez5lQhXE_zacnPkLvid-CZ0L76lk_KBpd3v-Ew%2C%2C.dqFDKCbSNYzYyOqS-owL2zFG5wA%2C
date
Tue, 10 May 2022 02:34:30 GMT
strict-transport-security
max-age=31536000
x-xss-protection
1; mode=block
sw.js
safelink12345.icu/ 		102 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://safelink12345.icu/sw.js?clickid=XAdCGGpjAjZGkCkkAppjCxCrjANZriNrAANrdZCrCZZZCCrixCrxrCrCrGCxCrkppjppkdCCrxi_10754&puid=39817155
Requested by
Host: cdn-server.top
URL: https://cdn-server.top/p/wl.js?pub=754669&ga=g
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:c811 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d134482b582256f83aad4583af70db302e0319835dda567b27b5c568d421b47e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:31 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Apr 2021 11:39:57 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uqNCQecSDbCirjOpUiVZ8jtJubx3BkrGDaaJvHn3Ip0QeuHvnhr5U1eW9Cxd7P%2FgtCDuVziACUBy7O0ZGx3A6xkaZpedsjtxLp52KGyj5mtyY9OM9bzVDgX6qAVNCE9Yp1FWZr1e3XFEwImtV2jwmg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
vary
Accept-Encoding,User-Agent,User-Agent
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
708f46b32c429bac-FRA
expires
Tue, 17 May 2022 02:34:30 GMT
/
djm080u34wfc5.cloudfront.net/ 		105 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://djm080u34wfc5.cloudfront.net/?wumjd=808860
Requested by
Host: cdn-server.top
URL: https://cdn-server.top/p/wl.js?pub=754669&ga=g
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.1.225 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-1-225.fra6.r.cloudfront.net
Software
/
Resource Hash
044f584f1a9baaf0ac098cdc5afec3571962755149558e865515753fdcdb0c57

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:30 GMT
content-encoding
gzip
x-amz-cf-pop
FRA6-C1
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-length
35977
via
1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
x-amz-cf-id
ZFbq8FwYZ9X0qKFlvkZDghAZtvYQjeZByPT5hFBSGTd3XztL3ddQnQ==
0000000.jpg
safelink12345.icu/safedb/uploads/2021/05/ 		66 KB
67 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://safelink12345.icu/safedb/uploads/2021/05/0000000.jpg
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:c811 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
714c7c167c33c1ef8ffefd8f02fb89b0d1e442c07792e89616088f0c92d7000b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:31 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
User-Agent,User-Agent,Accept, Accept-Encoding
content-length
67546
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 30 May 2021 21:27:31 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zwNmgZCXebl3aXqOkosWmUkqpRllk05KQ1hxwD3V8Rz%2BtAP8pX5gUjWCeKb3fFSvlZ2IHrJCP4S%2FD%2B2S728dByDJM87sQSsEJq08k5V57JN2HBdh2DCkjeBah%2Beu1%2FXH%2BENkuXLXnFzEkE2HGr3T1w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
x-webp-express
Redirected directly to existing webp
accept-ranges
bytes
cf-ray
708f46b38cab9bac-FRA
expires
Tue, 17 May 2022 02:34:30 GMT
0000000-2.jpg
safelink12345.icu/safedb/uploads/2021/04/ 		49 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://safelink12345.icu/safedb/uploads/2021/04/0000000-2.jpg
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:c811 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
df230297f8c748c5179179a884000538af4bf7e0f04676b44f7efd6157df3cde
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:31 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
User-Agent,User-Agent,Accept, Accept-Encoding
content-length
50588
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 10 Apr 2021 12:51:59 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oD4S3azWKK1cZ1k3Mv6jiu8DmI%2Bdrf5YVKuUXCN6t6RHwbmoZW82M2q8t%2BQrCtzQzCSCqI7sZrtgIwsoeh%2FtWevPYK0AmvRgznhqGtShaqyxk0HGfIaRMHkQCBh6YahM20pPBq4nj1Img729csuXIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
x-webp-express
Redirected directly to existing webp
accept-ranges
bytes
cf-ray
708f46b38cac9bac-FRA
expires
Tue, 17 May 2022 02:34:30 GMT
0000000-1.jpg
safelink12345.icu/safedb/uploads/2021/04/ 		29 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://safelink12345.icu/safedb/uploads/2021/04/0000000-1.jpg
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:c811 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0046edf48ba3760cd3ba2e489b43a553399b47f2046458473e025ca21d40f914
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:30 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
User-Agent,User-Agent,Accept, Accept-Encoding
content-length
29808
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 08 Apr 2021 19:25:43 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YqZisYp52dXubaXtAxfpzItzno7AD%2Bpfsje2qm4x%2FNsbsVsbL%2BjVg%2B9qd%2Fa3ovWPNpqCekCn8spmWiE%2FVeuUm7W3fdY3mPPI3wl0QQ8ts%2F6pcBJjD%2FGQfYsUei%2FaiZQfnCCW%2B8MGgK170l244xUc8g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
x-webp-express
Redirected directly to existing webp
accept-ranges
bytes
cf-ray
708f46b38cad9bac-FRA
expires
Tue, 17 May 2022 02:34:30 GMT
0000000.jpg
safelink12345.icu/safedb/uploads/2021/04/ 		76 KB
77 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://safelink12345.icu/safedb/uploads/2021/04/0000000.jpg
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:c811 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41a6a17d47cf9673e0142a58b845ae4e43b88b671ddf8c80aa665942c404666a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:31 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
User-Agent,User-Agent,Accept, Accept-Encoding
content-length
77782
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 06 Apr 2021 19:14:32 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YVB4VLBW3dGs1X%2BTPyPnYWi2XtT06131nvXgSzyCxCstEC7C9%2Bkj8u27yKJ6YF%2FohlP3HDqNuQOnLKx0Ki41L9g1eDPQUPxNktYapuMVrOHNs%2Be8xAWcnEJm1ausypxkdpzXsutjSDGAPL5Yfl4qlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
x-webp-express
Redirected directly to existing webp
accept-ranges
bytes
cf-ray
708f46b38cb09bac-FRA
expires
Tue, 17 May 2022 02:34:30 GMT
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=153598432&t=pageview&_s=1&dl=https%3A%2F%2Fsafelink12345.icu%2F&ul=en-us&de=UTF-8&dt=SafeLink%20-%20Premium%20Link%20Safeguard&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1414593916&gjid=1022868931&cid=342346004.1652150070&tid=UA-49247768-6&_gid=1836417473.1652150070&_r=1&gtm=2ou590&z=515572189
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://safelink12345.icu/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:30 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://safelink12345.icu
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
1
mc.yandex.com/watch/67781566/
Redirect Chain
  • https://mc.yandex.com/watch/67781566?wmode=7&page-url=https%3A%2F%2Fsafelink12345.icu%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aa8mjecangl5v275zywhk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US...
  • https://mc.yandex.com/watch/67781566/1?wmode=7&page-url=https%3A%2F%2Fsafelink12345.icu%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aa8mjecangl5v275zywhk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-...
338 B
420 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.com/watch/67781566/1?wmode=7&page-url=https%3A%2F%2Fsafelink12345.icu%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aa8mjecangl5v275zywhk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A791%3Acn%3A1%3Adp%3A0%3Als%3A797522107042%3Ahid%3A1000866796%3Az%3A0%3Ai%3A20220510023429%3Aet%3A1652150070%3Ac%3A1%3Arn%3A939062693%3Arqn%3A1%3Au%3A1652150070113072662%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1652150068457%3Ads%3A12%2C21%2C1089%2C151%2C0%2C0%2C%2C%2C%2C%2C%2C%2C%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1652150070%3At%3ASafeLink%20-%20Premium%20Link%20Safeguard&t=gdpr%2814%29aw%281%29ti%282%29
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H2
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
c95b2892559c3b699b75cfc29d12916404eedcfd932c11836f984ae15a4df737
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:30 GMT
x-content-type-options
nosniff
last-modified
Tue, 10-May-2022 02:34:30 GMT
strict-transport-security
max-age=31536000
content-type
application/json; charset=utf-8
access-control-allow-origin
https://safelink12345.icu
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
338
x-xss-protection
1; mode=block
expires
Tue, 10-May-2022 02:34:30 GMT

Redirect headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:30 GMT
last-modified
Tue, 10-May-2022 02:34:30 GMT
location
/watch/67781566/1?wmode=7&page-url=https%3A%2F%2Fsafelink12345.icu%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aa8mjecangl5v275zywhk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A791%3Acn%3A1%3Adp%3A0%3Als%3A797522107042%3Ahid%3A1000866796%3Az%3A0%3Ai%3A20220510023429%3Aet%3A1652150070%3Ac%3A1%3Arn%3A939062693%3Arqn%3A1%3Au%3A1652150070113072662%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1652150068457%3Ads%3A12%2C21%2C1089%2C151%2C0%2C0%2C%2C%2C%2C%2C%2C%2C%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1652150070%3At%3ASafeLink%20-%20Premium%20Link%20Safeguard&t=gdpr%2814%29aw%281%29ti%282%29
strict-transport-security
max-age=31536000
access-control-allow-origin
https://safelink12345.icu
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
x-xss-protection
1; mode=block
expires
Tue, 10-May-2022 02:34:30 GMT
asd100.bin
freychang.fun/ 		100 KB
101 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://freychang.fun/asd100.bin
Requested by
Host: djm080u34wfc5.cloudfront.net
URL: https://djm080u34wfc5.cloudfront.net/?wumjd=808860
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:dadd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:30 GMT
access-control-allow-methods
GET
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 10 May 2022 02:34:30 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rZLlN%2BFtsAai9mvS5cafuLJXU02oJ7zHaQLyVNi9QCWWRatItcH4ucWhNb1PDlEnz51pbYfVVYJVEpn%2BqLpl1%2F%2FLJp%2BBMChdjxrZb6dUWc2%2BZ2VvdaPNer99iXEawoqac%2BzGj9gSwkGQ0YxD"}],"group":"cf-nel","max_age":604800}
content-type
binary/octet-stream
access-control-allow-origin
https://safelink12345.icu
cache-control
max-age=14400
access-control-allow-credentials
true
cf-ray
708f46b49d08692e-FRA
access-control-allow-headers
X-Requested-With, content-type
/
freychang.fun/ 		27 B
397 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://freychang.fun/
Requested by
Host: djm080u34wfc5.cloudfront.net
URL: https://djm080u34wfc5.cloudfront.net/?wumjd=808860
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:dadd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c6f7535fff7062c83be566ba775957e89a8b60e7df7f70e66f3ce97e9c4bb154

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:30 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods
GET
content-type
text/plain
access-control-allow-origin
https://safelink12345.icu
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WaGUcNaNznhRZOya7pErMIFW6tr4DO0ufnFC%2B5Lx1H3sU7b%2B%2BsfLAQLBl9mqKG6IwGzDkq1xo0Rqt0dUQfc%2FB%2B28KAUuxCo6Ib2HzRLArmJaRH47f%2B6OFuIRIrc5JBdZMgU%2FXlr5g5BuOBZP"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
708f46b49d0a692e-FRA
access-control-allow-headers
X-Requested-With, content-type
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
utx
transmith.xyz/ 		0
490 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://transmith.xyz/utx?cb=kEZEsjCaq1Df&top=safelink12345.icu&tid=808860
Requested by
Host: djm080u34wfc5.cloudfront.net
URL: https://djm080u34wfc5.cloudfront.net/?wumjd=808860
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-36.fra50.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:30 GMT
via
1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
server
openresty/1.17.8.2
x-amz-cf-pop
FRA50-C1
x-cache
Miss from cloudfront
p3p
CP="NID DSP ALL COR"
access-control-allow-origin
https://safelink12345.icu
cache-control
no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials
true
accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-amz-cf-id
VxEeXtssoDP9sv9zLkgIRpNv2BwAEj4XX2bblzQYbYZz8rkiDsfcPw==
ByBzcAgRIgsJKmcDcwwaJid8FSgBM0swAgBUVgwqDT5qEEMtB1YoFh0wdH0dECZRFDYWC3kRQyYWUBIwFzYDcQcHNXwRKhRCWDcdOxQPKyAaImgBKg9QRAAq
transmith.xyz/clVkMkQTNwdfexNoBhQxADlZF3Y0cFZ0IBg4VAp0B2ZQRSIRYEpRKB0gAFQ2HTsQHCoXIUEAAisxCV4wJRIpZAYVGEEABioULXMHJQMGYCg0AwZeCiMUHAZ3NgQ+ZwUVOhd/AD86JXYoMR0dWQUgBC1mByUDMGcFJxgqVRY+ARNVdjMQEGsXCD4... Frame B28B 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://transmith.xyz/clVkMkQTNwdfexNoBhQxADlZF3Y0cFZ0IBg4VAp0B2ZQRSIRYEpRKB0gAFQ2HTsQHCoXIUEAAisxCV4wJRIpZAYVGEEABioULXMHJQMGYCg0AwZeCiMUHAZ3NgQ+ZwUVOhd/AD86JXYoMR0dWQUgBC1mByUDMGcFJxgqVRY+ARNVdjMQEGsXCD4sdAIgDwJaJzUXA2goNj0xUQMbECh2IzcNKWcRNhYic3U2FBNzBSYEJ2d1AScGZ3U1ASILKyEiIXMFCCIpcxYCHAVeCSsdMVo1J2UAaBVAPSNgFwYcBV4JMBQlfDEkZCpTCEFkNmAsNDcGdzQmAlUfdEcQE2sCMRZcdQIzHCF+ASgQKAMsAAMiWiUlZlVgFhkQI38GETcmZywDHCJ8JioBNXkMIy0tUyg/ByBzcAgRIgsJKmcDcwwaJid8FSgBM0swAgBUVgwqDT5qEEMtB1YoFh0wdH0dECZRFDYWC3kRQyYWUBIwFzYDcQcHNXwRKhRCWDcdOxQPKyAaImgBKg9QRAAq
Requested by
Host: djm080u34wfc5.cloudfront.net
URL: https://djm080u34wfc5.cloudfront.net/?wumjd=808860
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-36.fra50.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
cc0c74f2fa1307fa7e5b2e4287c4617e8e709144fe709054b71bd89117e198cc

Request headers

Referer
https://safelink12345.icu/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cache-control
no-store, no-cache, must-revalidate, no-transform
content-encoding
gzip
content-length
1231
content-type
text/html
date
Tue, 10 May 2022 02:34:30 GMT
p3p
CP="NID DSP ALL COR"
pragma
no-cache
server
openresty/1.17.8.2
via
1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
x-amz-cf-id
ctHMjrFPMElWzPYS48N5S7gAedhs5ID-PdVSRXevMq1bbMdaL7JvZg==
x-amz-cf-pop
FRA50-C1
x-cache
Miss from cloudfront
R29jan9HZyNvYFE1JjM2SnBwIiUDLWtjZ0JzZ2dhR3ZmZmdA
fnyfiexpectth.xyz/d0FWUlFYfjUhbBUZGDgEPy03AT01KAUUZDwWOzYfIHEiBzAyKnAmOBN8bmJpT3dmdCEeJWtgaFEyIjMlAjJrY3ceLzA9bFE3a2N/ 		0
504 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fnyfiexpectth.xyz/d0FWUlFYfjUhbBUZGDgEPy03AT01KAUUZDwWOzYfIHEiBzAyKnAmOBN8bmJpT3dmdCEeJWtgaFEyIjMlAjJrY3ceLzA9bFE3a2N/R29jan9HZyNvYFE1JjM2SnBwIiUDLWtjZ0JzZ2dhR3ZmZmdA
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:86f2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:30 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qg2OAuzLi7tGr8msgygy4dYzP%2BQGlLZ8xvpYoPej9MLmQXI79nxijBg2Vf929t5l%2BGB5RgeqGJWjSdyFWj%2B6graVA4ISdcl2oFvmTIO3F%2B4Ku9Th%2FyXXGpIX3n8%2BEoVGrq86CexGPZGSSPdkHjxXUA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
708f46b4cfb39b94-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205040101/ 		308 KB
110 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205040101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1583720269494912&plah=safelink12345.icu&bust=31067450
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d06bcad17cfca1bd4f93fcbecae50b33fd541390a3c361c023a1e109b62b4396
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
112616
x-xss-protection
0
server
cafe
etag
5482990282548387041
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Tue, 10 May 2022 02:34:30 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220505/r20190131/ Frame A523 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220505/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
42b853168bb627593eb95b83db66183f7b3bd442db24c37398f1958d1451acd6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safelink12345.icu/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
34919
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=1209600
content-encoding
gzip
content-length
4421
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 09 May 2022 16:52:31 GMT
etag
1428802124239944296
expires
Mon, 23 May 2022 16:52:31 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
YdmltWGMVBgM+XAIACWVbRlFVblNQAx43DQZUAgosMDMoADlCHykARQITCWVTUAUMNgRLTwg2AEtYSzkHFFRZfhcGBgZlDhUcGiELDgEXMUUDCFA1DAwAATQCU1srbU1GTF9oSwEAAzwMARpIalMYHUhqU0dZQ2hGRStIalMBAANuV1NaL31RRhFbbEpTW1-05EwY...
djm080u34wfc5.cloudfront.net/ Frame B28B 		576 B
715 B 		Script
General
Check archive.org
Download Go to
Full URL
https://djm080u34wfc5.cloudfront.net/YdmltWGMVBgM+XAIACWVbRlFVblNQAx43DQZUAgosMDMoADlCHykARQITCWVTUAUMNgRLTwg2AEtYSzkHFFRZfhcGBgZlDhUcGiELDgEXMUUDCFA1DAwAATQCU1srbU1GTF9oSwEAAzwMARpIalMYHUhqU0dZQ2hGRStIalMBAANuV1NaL31RRhFbbEpTW1-05EwYFCC8GFAIELEZEL1hrVFhaW31RRkEGMBcbBUhqIFNbXTQKHQxIalMRDA4zDF9MX2gAHhsCNQZTWytpU0dHXXZXT1xcdldHTF9oEBcPDCoKU1srbVBBR15uRQNUXA
Requested by
Host: transmith.xyz
URL: https://transmith.xyz/clVkMkQTNwdfexNoBhQxADlZF3Y0cFZ0IBg4VAp0B2ZQRSIRYEpRKB0gAFQ2HTsQHCoXIUEAAisxCV4wJRIpZAYVGEEABioULXMHJQMGYCg0AwZeCiMUHAZ3NgQ+ZwUVOhd/AD86JXYoMR0dWQUgBC1mByUDMGcFJxgqVRY+ARNVdjMQEGsXCD4sdAIgDwJaJzUXA2goNj0xUQMbECh2IzcNKWcRNhYic3U2FBNzBSYEJ2d1AScGZ3U1ASILKyEiIXMFCCIpcxYCHAVeCSsdMVo1J2UAaBVAPSNgFwYcBV4JMBQlfDEkZCpTCEFkNmAsNDcGdzQmAlUfdEcQE2sCMRZcdQIzHCF+ASgQKAMsAAMiWiUlZlVgFhkQI38GETcmZywDHCJ8JioBNXkMIy0tUyg/ByBzcAgRIgsJKmcDcwwaJid8FSgBM0swAgBUVgwqDT5qEEMtB1YoFh0wdH0dECZRFDYWC3kRQyYWUBIwFzYDcQcHNXwRKhRCWDcdOxQPKyAaImgBKg9QRAAq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.1.225 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-1-225.fra6.r.cloudfront.net
Software
/
Resource Hash
f6f736530e79fdacc48a2138b774ffcf4a63e0153c9282192aef6ecf74b7d91f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://transmith.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:30 GMT
content-encoding
gzip
x-amz-cf-pop
FRA6-C1
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
max-age=31556926
content-length
440
via
1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
x-amz-cf-id
q78_1PGX2-Rrk2RyL9wFbwUmcR8nPkh5-ZKxR7usPqnuv7Klig3y0w==
cookie.js
partner.googleadservices.com/gampad/ 		221 B
650 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=safelink12345.icu&callback=_gfp_s_&client=ca-pub-1583720269494912
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205040101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1583720269494912&plah=safelink12345.icu&bust=31067450
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f2.1e100.net
Software
cafe /
Resource Hash
c97ee96e08faea1bb215fd210a6695a7d3a4b9c689105a696fba7b3c1c94266c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
206
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=safelink12345.icu
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205040101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1583720269494912&plah=safelink12345.icu&bust=31067450
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 10 May 2022 02:34:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=safelink12345.icu
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205040101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1583720269494912&plah=safelink12345.icu&bust=31067450
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 10 May 2022 02:34:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 76CB 		92 KB
32 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=8258638015&adk=3563942368&adf=869763061&pi=t.ma~as.8258638015&w=1200&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070501&bpp=3&bdt=919&idt=226&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&correlator=7912665475533&frm=20&pv=2&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=103&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=gO4UdWm9lv&p=https%3A//safelink12345.icu&dtd=240
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205040101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1583720269494912&plah=safelink12345.icu&bust=31067450
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6bb6c5a1b062a9f6564c6deb036b7b0bf99390733beca599de480bee7467cb71
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safelink12345.icu/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
32443
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 10 May 2022 02:34:31 GMT
expires
Tue, 10 May 2022 02:34:31 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame EDB8 		129 KB
33 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=9596249340&adk=1423993661&adf=3276192867&pi=t.ma~as.9596249340&w=820&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=820x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070504&bpp=1&bdt=921&idt=246&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=403&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=MIv0Y0UQGz&p=https%3A//safelink12345.icu&dtd=249
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205040101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1583720269494912&plah=safelink12345.icu&bust=31067450
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
858cd8bbf3ba7dc01cc921e1357c935fa0ac149daa58594d9f285cd596a1be09
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safelink12345.icu/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
34082
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 10 May 2022 02:34:31 GMT
expires
Tue, 10 May 2022 02:34:31 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 39A4 		83 KB
30 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=250&slotname=2786819483&adk=2944592922&adf=3361567115&pi=t.ma~as.2786819483&w=300&lmt=1652150069&psa=0&format=300x250&url=https%3A%2F%2Fsafelink12345.icu%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070505&bpp=1&bdt=922&idt=268&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=651&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=wsmp5j7wyo&p=https%3A//safelink12345.icu&dtd=270
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205040101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1583720269494912&plah=safelink12345.icu&bust=31067450
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a5a5e37d34b9f1abc6dbeac4a963f1524d580cca56fa1dba5dc28420677c1bef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safelink12345.icu/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
30796
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 10 May 2022 02:34:31 GMT
expires
Tue, 10 May 2022 02:34:31 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 2C13 		86 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&slotname=9596249340&adk=1317470659&adf=1433286824&pi=t.ma~as.9596249340&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070506&bpp=1&bdt=924&idt=271&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280%2C300x250&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=1754&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=f3cyELvtCN&p=https%3A//safelink12345.icu&dtd=276
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205040101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1583720269494912&plah=safelink12345.icu&bust=31067450
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1464a132444c87fab8b265950a993c38b3c660b7077d37c06e9ad9d66eef872a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safelink12345.icu/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-expose-headers
x-google-amp-ad-validated-version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
16579
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 10 May 2022 02:34:31 GMT
expires
Tue, 10 May 2022 02:34:31 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
advert.gif
mc.yandex.com/metrika/ 		43 B
136 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mc.yandex.com/metrika/advert.gif
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:30 GMT
last-modified
Fri, 06 May 2022 13:09:00 GMT
etag
"6274f3bc-2b"
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
content-length
43
expires
Tue, 10 May 2022 03:34:30 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 1081 		288 KB
76 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&adk=1812271804&adf=3025194257&lmt=1652150069&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fsafelink12345.icu%2F&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070797&bpp=1&bdt=1215&idt=1&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600&nras=1&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=6&uci=a!6&fsb=1&dtd=5
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205040101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1583720269494912&plah=safelink12345.icu&bust=31067450
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
db282ab29c891bdb92b0df9bda22d85097103cf5facc1aefae003e1f51b816ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safelink12345.icu/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
77769
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 10 May 2022 02:34:31 GMT
expires
Tue, 10 May 2022 02:34:31 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
popunder.gif
fnyfiexpectth.xyz/ 		35 B
636 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fnyfiexpectth.xyz/popunder.gif
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::ac43:86f2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
public
date
Tue, 10 May 2022 02:34:30 GMT
cf-cache-status
HIT
last-modified
Wed, 04 May 2022 17:36:30 GMT
server
cloudflare
age
464280
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nEp%2BED7ecp0VsfoPSrUilFGjQxS1qiqYQzcb9jdNdmqoBpTzszXtbiZFVdePszJ9PUr3w1MV2SgSSLF3KoAGUsZfCXU%2F5VD%2FUwAuE%2BCcgtuLL%2BsNP7mvnmE1SKUD7CzMbhqwfIAkj9vHKgIvlvluWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=604800, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
708f46b7699a92b4-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
multi
transmith.xyz/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://transmith.xyz/multi?cs=b2FGQkZYWHVwd1xYf3VyWVlxenY&abt=0&red=1&sm=76&k=private%20security%20protects%20from%20search%20engine%20indexers%20your%20secured%20using%2064bit%20encode%20code%20premium%20link%20safelink%20main&v=1.0.58.0&sts=0&prn=0&emb=0&tid=808860&u=1045107954305473&agec=1652150070&fs=1&mbkb=245.70024570024572&ref=https%3A%2F%2Fsafelink12345.icu%2F&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64)%20applewebkit%2F537.36%20(khtml%2C%20like%20gecko)%20chrome%2F101.0.4951.41%20safari%2F537.36&tzd=0&uloc=&if=0&_r9LG=1652150070971&crc=1
Requested by
Host: djm080u34wfc5.cloudfront.net
URL: https://djm080u34wfc5.cloudfront.net/?wumjd=808860
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-36.fra50.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
37f7fb2def661546f0c7d14d165da8268dc9d45e842c68e5f605d61b1750207e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:31 GMT
content-encoding
gzip
server
openresty/1.17.8.2
x-amz-cf-pop
FRA50-C1
x-cache
Miss from cloudfront
p3p
CP="NID DSP ALL COR"
access-control-allow-origin
https://safelink12345.icu
cache-control
no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials
true
accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-type
text/plain
content-length
1533
via
1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
x-amz-cf-id
ohV8zTFsmXbTmMT_dqylhRQebpufL4PlCIfODNkPecZN8yye1CS7Mw==
truncated
/ Frame AE28 		900 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0efc53d98f21fefc32d8ad84c673919c539b0b3feb2dc96598cbeb58883bd04c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/svg+xml
aGxySVUTTgE%2BCh0eHmtvSgQGPSUbVl1mJgkKFyU8BgdDe2ZcWVwgNh1DAT57Ah9NKjkBDxkgMVU0My0WLysCIxQCNjUiFgMHMzklAi8KCicCLTwTJwEiAAgUJh4WExYaLygTDysvACAtKx4KOxYaLwAOFhAvACIlGAYCOT4MLzE7LQEzQ3liXVhUOSABCE96bFB...
parentful.club/ 		56 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://parentful.club/aGxySVUTTgE%2BCh0eHmtvSgQGPSUbVl1mJgkKFyU8BgdDe2ZcWVwgNh1DAT57Ah9NKjkBDxkgMVU0My0WLysCIxQCNjUiFgMHMzklAi8KCicCLTwTJwEiAAgUJh4WExYaLygTDysvACAtKx4KOxYaLwAOFhAvACIlGAYCOT4MLzE7LQEzQ3liXVhUOSABCE96bFBdRXhgXU5eayYFClBzZEROASQjSlZQe3teTl5rIQkLLSAxSlZQcWVQVEdxd0ROATw3NwUWeHdSTkFwbVlbQ3xgSkBQOiAKMxstZ0pWUBEUDC81DiUCLRgTEgMvGSIUGBwYCi0rHhgIGzIeGwcnKS08OzEyLwAKDzI2MQonARQxOy0aLwAKJy8vCgonAxwCIyUYBxYKFhoUGxZkWFtHfXcV
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/sw.js?clickid=XAdCGGpjAjZGkCkkAppjCxCrjANZriNrAANrdZCrCZZZCCrixCrxrCrCrGCxCrkppjppkdCCrxi_10754&puid=39817155
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
44.195.137.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-195-137-121.compute-1.amazonaws.com
Software
/ Express
Resource Hash
caf79806c671203c47bb6da10080390506cd2c0a23d29a1fa71645e1b3ee99aa

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-encoding
gzip
etag
W/"e1c5-T3OBiAixK3/gIdvHUY3TRI5W1GI"
x-powered-by
Express
vary
Accept-Encoding
access-control-allow-methods
GET, POST
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
X-Requested-With,content-type
css
fonts.googleapis.com/ Frame EDB8 		2 KB
605 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=9596249340&adk=1423993661&adf=3276192867&pi=t.ma~as.9596249340&w=820&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=820x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070504&bpp=1&bdt=921&idt=246&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=403&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=MIv0Y0UQGz&p=https%3A//safelink12345.icu&dtd=249
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e88adda18aa09bcb1b6747436882f40a0074574df0ca4bc130779bb440e19d9d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 10 May 2022 00:53:56 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 10 May 2022 02:34:31 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 10 May 2022 02:34:31 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/ Frame EDB8 		2 KB
938 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=9596249340&adk=1423993661&adf=3276192867&pi=t.ma~as.9596249340&w=820&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=820x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070504&bpp=1&bdt=921&idt=246&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=403&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=MIv0Y0UQGz&p=https%3A//safelink12345.icu&dtd=249
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 01:56:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2292
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
877
x-xss-protection
0
server
cafe
etag
13035868154101442325
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 May 2022 01:56:19 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame EDB8 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CW3BvNs95YuTZM63W7_UP9JOr6Am9xq6FauXTuqSWDpaCzYWIFhABIMupij9gleKQgqAHoAHtvKPPAcgBCakC_5j11Pm5sT6oAwHIA8sEqgTKAU_QEAsBn0XSGDRg9KfxCOdUEL926ZPONvviaNUKGrHPK9fbQGqS1ahPE_IsyrrEWovfQX_mhHI2xLVxSWS-ugn3qKkxWdzYoMMQgjO3CBtvpNKp8AOXC91LIpr3mNgHLxrgnRfuZjtkYmYs9rpGzxZNptIxGImRdmdyWwTKUAKZ95KK-tOVuMKzaG_E_-DrMEQColu4uwxHXIaIcqS5jTNUl436whurEfyA-AYiZxMKczuoNQUzkexJ7-JTHM4yPiegpKvqfTsuZM_ABJOum_zoA5IFBAgEGAGSBQQIBRgEoAYugAf7wtywAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB6a-G9gHAPIHBBC0rAXSCAkIgOGAEBABGB-ACgHICwHYEw3QFQGYFgGAFwGyFxwKGggAEhRwdWItMTU4MzcyMDI2OTQ5NDkxMhgA&sigh=o5ZJrfYREv0&uach_m=[UACH]&template_id=494
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=9596249340&adk=1423993661&adf=3276192867&pi=t.ma~as.9596249340&w=820&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=820x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070504&bpp=1&bdt=921&idt=246&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=403&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=MIv0Y0UQGz&p=https%3A//safelink12345.icu&dtd=249
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=9596249340&adk=1423993661&adf=3276192867&pi=t.ma~as.9596249340&w=820&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=820x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070504&bpp=1&bdt=921&idt=246&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=403&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=MIv0Y0UQGz&p=https%3A//safelink12345.icu&dtd=249
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 10 May 2022 02:34:31 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Tue, 10 May 2022 02:34:31 GMT
15321003226878738309_16148699831622989002.jpeg
static.doubleclick.net/dynamic/5/368727536/ Frame EDB8 		53 KB
53 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.doubleclick.net/dynamic/5/368727536/15321003226878738309_16148699831622989002.jpeg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=9596249340&adk=1423993661&adf=3276192867&pi=t.ma~as.9596249340&w=820&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=820x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070504&bpp=1&bdt=921&idt=246&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=403&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=MIv0Y0UQGz&p=https%3A//safelink12345.icu&dtd=249
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e99085c8cdfa85075b2de5790539cc5ab06de9d5d401232b6bc2440362f3037b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 05:10:50 GMT
x-content-type-options
nosniff
age
77021
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
53858
x-xss-protection
0
last-modified
Fri, 11 Mar 2022 18:10:09 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-programmable"
report-to
{"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 09 May 2023 05:10:50 GMT
2388134090628874685_14709488864631812190.jpeg
static.doubleclick.net/dynamic/5/368727536/ Frame EDB8 		57 KB
57 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.doubleclick.net/dynamic/5/368727536/2388134090628874685_14709488864631812190.jpeg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=9596249340&adk=1423993661&adf=3276192867&pi=t.ma~as.9596249340&w=820&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=820x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070504&bpp=1&bdt=921&idt=246&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=403&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=MIv0Y0UQGz&p=https%3A//safelink12345.icu&dtd=249
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d416b44096111e19fb6150f8304cd39b580f6fa9b1c49a4f6937de4d924b570a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Sun, 08 May 2022 05:34:46 GMT
x-content-type-options
nosniff
age
161985
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
58667
x-xss-protection
0
last-modified
Fri, 11 Mar 2022 18:10:07 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-programmable"
report-to
{"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 08 May 2023 05:34:46 GMT
16988659613583392416_13525881824411555868.jpeg
static.doubleclick.net/dynamic/5/368727536/ Frame EDB8 		96 KB
96 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.doubleclick.net/dynamic/5/368727536/16988659613583392416_13525881824411555868.jpeg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=9596249340&adk=1423993661&adf=3276192867&pi=t.ma~as.9596249340&w=820&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=820x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070504&bpp=1&bdt=921&idt=246&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=403&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=MIv0Y0UQGz&p=https%3A//safelink12345.icu&dtd=249
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d05ff5e707df1365d6ff3c3a6dea8b3d7d08ea04bdbd1dfa2888f9d2a9523286
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 04:39:45 GMT
x-content-type-options
nosniff
age
78886
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
98066
x-xss-protection
0
last-modified
Fri, 11 Mar 2022 18:10:10 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-programmable"
report-to
{"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 09 May 2023 04:39:45 GMT
8034517411309596348_9939851696101608438.jpeg
static.doubleclick.net/dynamic/5/368727536/ Frame EDB8 		61 KB
61 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.doubleclick.net/dynamic/5/368727536/8034517411309596348_9939851696101608438.jpeg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=9596249340&adk=1423993661&adf=3276192867&pi=t.ma~as.9596249340&w=820&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=820x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070504&bpp=1&bdt=921&idt=246&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=403&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=MIv0Y0UQGz&p=https%3A//safelink12345.icu&dtd=249
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a546a59fc864be661a124e4d428e8de79717000d2bdc0ecf18a383e2944181d6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Wed, 04 May 2022 23:48:16 GMT
x-content-type-options
nosniff
age
441975
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
62064
x-xss-protection
0
last-modified
Fri, 11 Mar 2022 18:04:41 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-programmable"
report-to
{"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 04 May 2023 23:48:16 GMT
16474461854562395245_9055652665922569444.jpeg
static.doubleclick.net/dynamic/5/368727536/ Frame EDB8 		96 KB
96 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.doubleclick.net/dynamic/5/368727536/16474461854562395245_9055652665922569444.jpeg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=9596249340&adk=1423993661&adf=3276192867&pi=t.ma~as.9596249340&w=820&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=820x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070504&bpp=1&bdt=921&idt=246&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=403&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=MIv0Y0UQGz&p=https%3A//safelink12345.icu&dtd=249
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d5e689d89b4a49a81ed13280c46f8eddaddc2dd6001424592c330cea016472aa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Sat, 07 May 2022 22:01:19 GMT
x-content-type-options
nosniff
age
189192
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
98109
x-xss-protection
0
last-modified
Fri, 11 Mar 2022 18:10:10 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-programmable"
report-to
{"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 07 May 2023 22:01:19 GMT
15259595455883388414_4606677842534967422.jpeg
static.doubleclick.net/dynamic/5/368727536/ Frame EDB8 		86 KB
86 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.doubleclick.net/dynamic/5/368727536/15259595455883388414_4606677842534967422.jpeg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=9596249340&adk=1423993661&adf=3276192867&pi=t.ma~as.9596249340&w=820&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=820x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070504&bpp=1&bdt=921&idt=246&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=403&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=MIv0Y0UQGz&p=https%3A//safelink12345.icu&dtd=249
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
360d179380bc90c336fe1361492e0fdecdaed71719555e3d20a9b20ff51ddbf7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 12:37:11 GMT
x-content-type-options
nosniff
age
50240
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
88190
x-xss-protection
0
last-modified
Fri, 11 Mar 2022 17:38:50 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-programmable"
report-to
{"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 09 May 2023 12:37:11 GMT
9259036005179228352_10246822348647696588.jpeg
static.doubleclick.net/dynamic/5/368727536/ Frame EDB8 		59 KB
59 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.doubleclick.net/dynamic/5/368727536/9259036005179228352_10246822348647696588.jpeg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=9596249340&adk=1423993661&adf=3276192867&pi=t.ma~as.9596249340&w=820&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=820x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070504&bpp=1&bdt=921&idt=246&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=403&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=MIv0Y0UQGz&p=https%3A//safelink12345.icu&dtd=249
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2de04103f08c2faae71aa8925ca761c164e1aaf2d4d3ff24de2f38cbdea1691c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 05 May 2022 22:16:30 GMT
x-content-type-options
nosniff
age
361081
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60658
x-xss-protection
0
last-modified
Fri, 11 Mar 2022 18:10:08 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-programmable"
report-to
{"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 05 May 2023 22:16:30 GMT
2877128806958923782_10850346354300124100.jpeg
static.doubleclick.net/dynamic/5/368727536/ Frame EDB8 		35 KB
35 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.doubleclick.net/dynamic/5/368727536/2877128806958923782_10850346354300124100.jpeg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=9596249340&adk=1423993661&adf=3276192867&pi=t.ma~as.9596249340&w=820&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=820x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070504&bpp=1&bdt=921&idt=246&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=403&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=MIv0Y0UQGz&p=https%3A//safelink12345.icu&dtd=249
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e61933434b3e7c2e9522cc2ce414be3ded745451809b5c73c0c666db97e731b4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Wed, 04 May 2022 09:56:09 GMT
x-content-type-options
nosniff
age
491902
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36126
x-xss-protection
0
last-modified
Fri, 11 Mar 2022 17:58:59 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-programmable"
report-to
{"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 04 May 2023 09:56:09 GMT
8963433896237830480_15533751216610875087.jpeg
static.doubleclick.net/dynamic/5/368727536/ Frame EDB8 		120 KB
120 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.doubleclick.net/dynamic/5/368727536/8963433896237830480_15533751216610875087.jpeg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=9596249340&adk=1423993661&adf=3276192867&pi=t.ma~as.9596249340&w=820&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=820x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070504&bpp=1&bdt=921&idt=246&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=403&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=MIv0Y0UQGz&p=https%3A//safelink12345.icu&dtd=249
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1fc68702e852d06b9eab7e4f485f272633c17d4adf5b0f8ad32361e05ed1be27
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Sun, 08 May 2022 00:32:22 GMT
x-content-type-options
nosniff
age
180129
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
122591
x-xss-protection
0
last-modified
Fri, 11 Mar 2022 18:04:41 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-programmable"
report-to
{"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 08 May 2023 00:32:22 GMT
3716727267244237529_9764475234718680120.jpeg
static.doubleclick.net/dynamic/5/368727536/ Frame EDB8 		75 KB
75 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.doubleclick.net/dynamic/5/368727536/3716727267244237529_9764475234718680120.jpeg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=9596249340&adk=1423993661&adf=3276192867&pi=t.ma~as.9596249340&w=820&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=820x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070504&bpp=1&bdt=921&idt=246&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=403&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=MIv0Y0UQGz&p=https%3A//safelink12345.icu&dtd=249
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d53403b46513ac08f391a8d4ceb5ce983ec34bda72fcac03f545f68261a22b8c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Sat, 07 May 2022 04:37:19 GMT
x-content-type-options
nosniff
age
251832
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
76634
x-xss-protection
0
last-modified
Fri, 11 Mar 2022 18:10:09 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-programmable"
report-to
{"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 07 May 2023 04:37:19 GMT
6422181690732475711_7756189068137041051.jpeg
static.doubleclick.net/dynamic/5/368727536/ Frame EDB8 		87 KB
87 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.doubleclick.net/dynamic/5/368727536/6422181690732475711_7756189068137041051.jpeg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=9596249340&adk=1423993661&adf=3276192867&pi=t.ma~as.9596249340&w=820&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=820x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070504&bpp=1&bdt=921&idt=246&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=403&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=MIv0Y0UQGz&p=https%3A//safelink12345.icu&dtd=249
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f4bb38b694a4a8d9f611e6107ee836e7e9198250f38392ae6508e408cc99ebc0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 15:31:51 GMT
x-content-type-options
nosniff
age
39760
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
88583
x-xss-protection
0
last-modified
Fri, 11 Mar 2022 17:38:51 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-programmable"
report-to
{"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 09 May 2023 15:31:51 GMT
14318502912263482825_16839567043830040856.jpeg
static.doubleclick.net/dynamic/5/368727536/ Frame EDB8 		103 KB
104 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.doubleclick.net/dynamic/5/368727536/14318502912263482825_16839567043830040856.jpeg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=9596249340&adk=1423993661&adf=3276192867&pi=t.ma~as.9596249340&w=820&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=820x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070504&bpp=1&bdt=921&idt=246&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=403&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=MIv0Y0UQGz&p=https%3A//safelink12345.icu&dtd=249
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e3e6d7077ab67152ad1384badefce35ba26282ab056f467e4fd0131d511b3dd8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 13:23:44 GMT
x-content-type-options
nosniff
age
47447
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
105899
x-xss-protection
0
last-modified
Fri, 11 Mar 2022 18:04:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-programmable"
report-to
{"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 09 May 2023 13:23:44 GMT
17358737545053659026
tpc.googlesyndication.com/simgad/ Frame EDB8
Redirect Chain
  • https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKD_po2QyQEQgwQYgQEyCA0gY_xqzS1r
  • https://tpc.googlesyndication.com/simgad/17358737545053659026
4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/17358737545053659026
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=9596249340&adk=1423993661&adf=3276192867&pi=t.ma~as.9596249340&w=820&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=820x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070504&bpp=1&bdt=921&idt=246&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=403&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=MIv0Y0UQGz&p=https%3A//safelink12345.icu&dtd=249
Protocol
H3
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
464db0771f1ab3055cab31a882499224a1aff66a2e59a89ab4fdda18f5f5ab71
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 23:08:06 GMT
x-content-type-options
nosniff
age
12385
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4257
x-xss-protection
0
last-modified
Fri, 06 Aug 2021 09:11:39 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 09 May 2023 23:08:06 GMT

Redirect headers

date
Mon, 09 May 2022 04:27:17 GMT
x-content-type-options
nosniff
server
cafe
age
79634
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/html; charset=UTF-8
location
https://tpc.googlesyndication.com/simgad/17358737545053659026
cache-control
public, max-age=2592000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Wed, 08 Jun 2022 04:27:17 GMT
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012203150226000/ Frame 3D3A 		222 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012203150226000/amp4ads-v0.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&slotname=9596249340&adk=1317470659&adf=1433286824&pi=t.ma~as.9596249340&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070506&bpp=1&bdt=924&idt=271&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280%2C300x250&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=1754&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=f3cyELvtCN&p=https%3A//safelink12345.icu&dtd=276
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b94ed570e00f5bba0eaed65da67bf6f2fc5e107446a682eb045f20dbd12ab0e8
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
298840
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
62084
x-xss-protection
0
server
sffe
date
Fri, 06 May 2022 15:33:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"fa1474a6dd6481f4"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sat, 06 May 2023 15:33:51 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 3D3A 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012203150226000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&slotname=9596249340&adk=1317470659&adf=1433286824&pi=t.ma~as.9596249340&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070506&bpp=1&bdt=924&idt=271&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280%2C300x250&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=1754&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=f3cyELvtCN&p=https%3A//safelink12345.icu&dtd=276
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
aec5ee5147fdc283bcb601dc6231c234d9bec077d32756aef2a75eeedf78038f
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
298841
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5728
x-xss-protection
0
server
sffe
date
Fri, 06 May 2022 15:33:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"d91e62368f79b48d"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sat, 06 May 2023 15:33:50 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 3D3A 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012203150226000/v0/amp-analytics-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&slotname=9596249340&adk=1317470659&adf=1433286824&pi=t.ma~as.9596249340&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070506&bpp=1&bdt=924&idt=271&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280%2C300x250&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=1754&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=f3cyELvtCN&p=https%3A//safelink12345.icu&dtd=276
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
213738a8de7a1e55874dcbc92825c84599256579b64f60f19c2514e61844e6bb
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
298841
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29618
x-xss-protection
0
server
sffe
date
Fri, 06 May 2022 15:33:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"9a9baa9802fa29d2"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sat, 06 May 2023 15:33:50 GMT
amp-animation-0.1.mjs
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 3D3A 		74 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012203150226000/v0/amp-animation-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&slotname=9596249340&adk=1317470659&adf=1433286824&pi=t.ma~as.9596249340&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070506&bpp=1&bdt=924&idt=271&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280%2C300x250&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=1754&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=f3cyELvtCN&p=https%3A//safelink12345.icu&dtd=276
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
513db1539e2636a80095ea5400aba7f55aa44b4d78eb0440cc87b6d693cf6090
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
115302
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17308
x-xss-protection
0
server
sffe
date
Sun, 08 May 2022 18:32:49 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"9e7f38e1fe946943"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Mon, 08 May 2023 18:32:49 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 3D3A 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012203150226000/v0/amp-fit-text-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&slotname=9596249340&adk=1317470659&adf=1433286824&pi=t.ma~as.9596249340&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070506&bpp=1&bdt=924&idt=271&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280%2C300x250&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=1754&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=f3cyELvtCN&p=https%3A//safelink12345.icu&dtd=276
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2eb2a641ec9143273f4f5ba4f1526364fd4b1a040b628b4be54b77dbe362690f
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
298841
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1900
x-xss-protection
0
server
sffe
date
Fri, 06 May 2022 15:33:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"3393210d007db9ca"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sat, 06 May 2023 15:33:50 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 3D3A 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012203150226000/v0/amp-form-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&slotname=9596249340&adk=1317470659&adf=1433286824&pi=t.ma~as.9596249340&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070506&bpp=1&bdt=924&idt=271&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280%2C300x250&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=1754&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=f3cyELvtCN&p=https%3A//safelink12345.icu&dtd=276
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0b43999f77e447254a78e068f55a6cc9075071b252277337b901e095e607e474
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
298840
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13669
x-xss-protection
0
server
sffe
date
Fri, 06 May 2022 15:33:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"565eca32a909292d"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sat, 06 May 2023 15:33:51 GMT
truncated
/ Frame 3D3A 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e050dd558d291f9d5034487968b4eb0dc7b805536b3e87b8ed9dd8b4244f78e7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/png
bg.jpg
tpc.googlesyndication.com/sadbundle/1321905223522214049/img/ Frame 3D3A 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/1321905223522214049/img/bg.jpg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&slotname=9596249340&adk=1317470659&adf=1433286824&pi=t.ma~as.9596249340&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070506&bpp=1&bdt=924&idt=271&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280%2C300x250&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=1754&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=f3cyELvtCN&p=https%3A//safelink12345.icu&dtd=276
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4b1d66db42cfbcbb132f89b1468fe83982065671af27d6aa716b69cc3ace8d04
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 20:05:16 GMT
x-content-type-options
nosniff
age
282555
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24840
x-xss-protection
0
last-modified
Wed, 20 Apr 2022 13:31:02 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sat, 06 May 2023 20:05:16 GMT
text1.png
tpc.googlesyndication.com/sadbundle/1321905223522214049/img/ Frame 3D3A 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/1321905223522214049/img/text1.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&slotname=9596249340&adk=1317470659&adf=1433286824&pi=t.ma~as.9596249340&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070506&bpp=1&bdt=924&idt=271&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280%2C300x250&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=1754&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=f3cyELvtCN&p=https%3A//safelink12345.icu&dtd=276
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d3c88a41f52ad3b17304d73e7a44932e543a153629ebcbb907a5d598f8c1d8ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 05 May 2022 22:04:38 GMT
x-content-type-options
nosniff
age
361793
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6798
x-xss-protection
0
last-modified
Wed, 20 Apr 2022 13:31:02 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 05 May 2023 22:04:38 GMT
logo.png
tpc.googlesyndication.com/sadbundle/1321905223522214049/img/ Frame 3D3A 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/1321905223522214049/img/logo.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&slotname=9596249340&adk=1317470659&adf=1433286824&pi=t.ma~as.9596249340&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070506&bpp=1&bdt=924&idt=271&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280%2C300x250&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=1754&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=f3cyELvtCN&p=https%3A//safelink12345.icu&dtd=276
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
53d890df0e63223c024065efcac5841d227ccf0c95e296caad2610de3213de31
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 20:05:16 GMT
x-content-type-options
nosniff
age
282555
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8199
x-xss-protection
0
last-modified
Wed, 20 Apr 2022 13:31:02 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sat, 06 May 2023 20:05:16 GMT
cta.png
tpc.googlesyndication.com/sadbundle/1321905223522214049/img/ Frame 3D3A 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/1321905223522214049/img/cta.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&slotname=9596249340&adk=1317470659&adf=1433286824&pi=t.ma~as.9596249340&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070506&bpp=1&bdt=924&idt=271&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280%2C300x250&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=1754&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=f3cyELvtCN&p=https%3A//safelink12345.icu&dtd=276
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c1c42e1a0a5d428646009535d29adb6d570b1118ff76f057da6b7d6e038b9e4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 20:05:16 GMT
x-content-type-options
nosniff
age
282555
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2056
x-xss-protection
0
last-modified
Wed, 20 Apr 2022 13:31:02 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sat, 06 May 2023 20:05:16 GMT
info.png
tpc.googlesyndication.com/sadbundle/1321905223522214049/img/ Frame 3D3A 		981 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/1321905223522214049/img/info.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&slotname=9596249340&adk=1317470659&adf=1433286824&pi=t.ma~as.9596249340&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070506&bpp=1&bdt=924&idt=271&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280%2C300x250&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=1754&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=f3cyELvtCN&p=https%3A//safelink12345.icu&dtd=276
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a82bc3d786dc23eb08874041eb1f2cded70c173ec4f5904df47cfd41d5e45a8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 20:05:16 GMT
x-content-type-options
nosniff
age
282555
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
981
x-xss-protection
0
last-modified
Wed, 20 Apr 2022 13:31:02 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sat, 06 May 2023 20:05:16 GMT
ToyotaType-Book.woff2
tpc.googlesyndication.com/sadbundle/1321905223522214049/img/ Frame 3D3A 		45 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sadbundle/1321905223522214049/img/ToyotaType-Book.woff2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&slotname=9596249340&adk=1317470659&adf=1433286824&pi=t.ma~as.9596249340&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070506&bpp=1&bdt=924&idt=271&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280%2C300x250&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=1754&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=f3cyELvtCN&p=https%3A//safelink12345.icu&dtd=276
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1022567fccdbd3c790551cd2a39386535513ab6e0981eeb2d16c842e7688c7f5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 20:05:16 GMT
x-content-type-options
nosniff
age
282555
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
46116
x-xss-protection
0
last-modified
Wed, 20 Apr 2022 13:31:02 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sat, 06 May 2023 20:05:16 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3D3A 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&slotname=9596249340&adk=1317470659&adf=1433286824&pi=t.ma~as.9596249340&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070506&bpp=1&bdt=924&idt=271&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280%2C300x250&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=1754&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=f3cyELvtCN&p=https%3A//safelink12345.icu&dtd=276
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 18:59:48 GMT
x-content-type-options
nosniff
server
cafe
age
27283
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
14819457070020093239
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Tue, 10 May 2022 18:59:48 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3D3A 		295 B
424 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&slotname=9596249340&adk=1317470659&adf=1433286824&pi=t.ma~as.9596249340&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070506&bpp=1&bdt=924&idt=271&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280%2C300x250&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=1754&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=f3cyELvtCN&p=https%3A//safelink12345.icu&dtd=276
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 05:43:34 GMT
x-content-type-options
nosniff
server
cafe
age
75057
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
426692510519060060
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Tue, 10 May 2022 05:43:34 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 3D3A 		0
21 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=Cse44Ns95YszfM-eP9u8Pkv-i0AXE5Mn-afKCt8iaD-Lc6JnLARABIMupij9gleKQgqAHoAGfn-qaA8gBCakC_5j11Pm5sT6oAwHIAwiqBMQBT9C-PCIdTScbG0BoF3s8tVOSB1Wo5747MO79CX4C9sAwGlrGK74vdJcVrVMfdAG1hz1NJ4n982-3RZ6WdHzGzZHU26KNhtXgTi8O_IiW-GS9hP2Y131aftIgK-tnKbXnpI9jTofTNuV2gMxTnOiRKgKumL4fINOyX6KLkwSAcbWPXOq27p8E_1sfaAxdQyr_Cv-cALrPaYu6VwU2qhXr7D2zd5x3stjYorSZCquztNGPqYnmZZ7tvrL01BMS730Sp0oGg8AEpqfIkIgEkgUECAQYAZIFBAgFGASgBi6AB5_9m40DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQ7JwE0ggJCIDhgBAQARgfgAoByAsB2BMN0BUBgBcBshccChoIABIUcHViLTE1ODM3MjAyNjk0OTQ5MTIYAA&sigh=NBzfN0rTIo8&uach_m=[UACH]&template_id=419
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&slotname=9596249340&adk=1317470659&adf=1433286824&pi=t.ma~as.9596249340&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070506&bpp=1&bdt=924&idt=271&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280%2C300x250&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=1754&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=f3cyELvtCN&p=https%3A//safelink12345.icu&dtd=276
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&slotname=9596249340&adk=1317470659&adf=1433286824&pi=t.ma~as.9596249340&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070506&bpp=1&bdt=924&idt=271&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280%2C300x250&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=1754&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeEbr%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=f3cyELvtCN&p=https%3A//safelink12345.icu&dtd=276
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 10 May 2022 02:34:31 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Tue, 10 May 2022 02:34:31 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220505/r20110914/ Frame EDB8 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220505/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=9596249340&adk=1423993661&adf=3276192867&pi=t.ma~as.9596249340&w=820&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=820x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070504&bpp=1&bdt=921&idt=246&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=403&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=MIv0Y0UQGz&p=https%3A//safelink12345.icu&dtd=249
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b83149463619a5f4bbee21909e8a99a085f15713e48d6522d0a3173b94a20e1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:06:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1685
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8007
x-xss-protection
0
server
cafe
etag
8765308293129799388
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 May 2022 02:06:26 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/ Frame EDB8 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=9596249340&adk=1423993661&adf=3276192867&pi=t.ma~as.9596249340&w=820&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=820x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070504&bpp=1&bdt=921&idt=246&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=403&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=MIv0Y0UQGz&p=https%3A//safelink12345.icu&dtd=249
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 01:23:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
4252
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 May 2022 01:23:39 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame EDB8 		120 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=9596249340&adk=1423993661&adf=3276192867&pi=t.ma~as.9596249340&w=820&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=820x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070504&bpp=1&bdt=921&idt=246&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=403&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=MIv0Y0UQGz&p=https%3A//safelink12345.icu&dtd=249
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cfaf60508a77b732490cebbf93a415622f5d33fc0a63f88365807b71a21c25b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37409
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1652096384767712"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 10 May 2022 02:34:31 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/ Frame EDB8 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=9596249340&adk=1423993661&adf=3276192867&pi=t.ma~as.9596249340&w=820&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=820x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070504&bpp=1&bdt=921&idt=246&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=403&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=MIv0Y0UQGz&p=https%3A//safelink12345.icu&dtd=249
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bdc0c59701784258f143dfd4201f28353f080e0900a3530a83702e08c9ff353f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:09:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1498
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6415
x-xss-protection
0
server
cafe
etag
567849196274905959
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 May 2022 02:09:33 GMT
8ac99cc5020451d5a2f944f2abe6dceb.js
www.gstatic.com/mysidia/ Frame EDB8 		30 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/8ac99cc5020451d5a2f944f2abe6dceb.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=9596249340&adk=1423993661&adf=3276192867&pi=t.ma~as.9596249340&w=820&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=820x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070504&bpp=1&bdt=921&idt=246&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=403&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=MIv0Y0UQGz&p=https%3A//safelink12345.icu&dtd=249
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f27644734b8ead437f7ae34027490dae1d295348b0fc0cdca8b839bd9ef48d46
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 03 May 2022 12:17:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
569826
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12291
x-xss-protection
0
last-modified
Mon, 02 May 2022 20:52:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 01 Aug 2022 12:17:25 GMT
css
fonts.googleapis.com/ Frame 39A4 		6 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=250&slotname=2786819483&adk=2944592922&adf=3361567115&pi=t.ma~as.2786819483&w=300&lmt=1652150069&psa=0&format=300x250&url=https%3A%2F%2Fsafelink12345.icu%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070505&bpp=1&bdt=922&idt=268&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=651&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=wsmp5j7wyo&p=https%3A//safelink12345.icu&dtd=270
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 10 May 2022 01:00:52 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 10 May 2022 02:34:31 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 10 May 2022 02:34:31 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/ Frame 39A4 		2 KB
984 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=250&slotname=2786819483&adk=2944592922&adf=3361567115&pi=t.ma~as.2786819483&w=300&lmt=1652150069&psa=0&format=300x250&url=https%3A%2F%2Fsafelink12345.icu%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070505&bpp=1&bdt=922&idt=268&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=651&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=wsmp5j7wyo&p=https%3A//safelink12345.icu&dtd=270
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 01:56:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2292
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
877
x-xss-protection
0
server
cafe
etag
13035868154101442325
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 May 2022 01:56:19 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220505/r20110914/ Frame 39A4 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220505/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=250&slotname=2786819483&adk=2944592922&adf=3361567115&pi=t.ma~as.2786819483&w=300&lmt=1652150069&psa=0&format=300x250&url=https%3A%2F%2Fsafelink12345.icu%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070505&bpp=1&bdt=922&idt=268&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=651&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=wsmp5j7wyo&p=https%3A//safelink12345.icu&dtd=270
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b83149463619a5f4bbee21909e8a99a085f15713e48d6522d0a3173b94a20e1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:06:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1685
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8007
x-xss-protection
0
server
cafe
etag
8765308293129799388
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 May 2022 02:06:26 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/ Frame 39A4 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=250&slotname=2786819483&adk=2944592922&adf=3361567115&pi=t.ma~as.2786819483&w=300&lmt=1652150069&psa=0&format=300x250&url=https%3A%2F%2Fsafelink12345.icu%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070505&bpp=1&bdt=922&idt=268&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=651&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=wsmp5j7wyo&p=https%3A//safelink12345.icu&dtd=270
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 01:23:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
4252
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 May 2022 01:23:39 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 39A4 		120 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=250&slotname=2786819483&adk=2944592922&adf=3361567115&pi=t.ma~as.2786819483&w=300&lmt=1652150069&psa=0&format=300x250&url=https%3A%2F%2Fsafelink12345.icu%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070505&bpp=1&bdt=922&idt=268&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=651&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=wsmp5j7wyo&p=https%3A//safelink12345.icu&dtd=270
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cfaf60508a77b732490cebbf93a415622f5d33fc0a63f88365807b71a21c25b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37409
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1652096384767712"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 10 May 2022 02:34:31 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/ Frame 39A4 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=250&slotname=2786819483&adk=2944592922&adf=3361567115&pi=t.ma~as.2786819483&w=300&lmt=1652150069&psa=0&format=300x250&url=https%3A%2F%2Fsafelink12345.icu%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070505&bpp=1&bdt=922&idt=268&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=651&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=wsmp5j7wyo&p=https%3A//safelink12345.icu&dtd=270
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bdc0c59701784258f143dfd4201f28353f080e0900a3530a83702e08c9ff353f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:09:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1498
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6415
x-xss-protection
0
server
cafe
etag
567849196274905959
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 May 2022 02:09:33 GMT
8ac99cc5020451d5a2f944f2abe6dceb.js
www.gstatic.com/mysidia/ Frame 39A4 		30 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/8ac99cc5020451d5a2f944f2abe6dceb.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=250&slotname=2786819483&adk=2944592922&adf=3361567115&pi=t.ma~as.2786819483&w=300&lmt=1652150069&psa=0&format=300x250&url=https%3A%2F%2Fsafelink12345.icu%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070505&bpp=1&bdt=922&idt=268&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=651&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=wsmp5j7wyo&p=https%3A//safelink12345.icu&dtd=270
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f27644734b8ead437f7ae34027490dae1d295348b0fc0cdca8b839bd9ef48d46
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 03 May 2022 12:17:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
569826
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12291
x-xss-protection
0
last-modified
Mon, 02 May 2022 20:52:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 01 Aug 2022 12:17:25 GMT
1x1.gif
imagesrv.adition.com/ Frame 39A4
Redirect Chain
  • https://ad2.adfarm1.adition.com/banner?sid=4599678&gdpr=&gdpr_consent=&kid=5155136&bid=15852299&wpt=C&ts=2745174755
  • https://imagesrv.adition.com/1x1.gif
68 B
178 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://imagesrv.adition.com/1x1.gif
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=250&slotname=2786819483&adk=2944592922&adf=3361567115&pi=t.ma~as.2786819483&w=300&lmt=1652150069&psa=0&format=300x250&url=https%3A%2F%2Fsafelink12345.icu%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070505&bpp=1&bdt=922&idt=268&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=651&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=wsmp5j7wyo&p=https%3A//safelink12345.icu&dtd=270
Protocol
H2
Server
217.79.188.11 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
imagesrv.adition.com
Software
/
Resource Hash
5fb3bdb7f966c852579fb6b0574517445d5b2d171c804d66227ee67b1bffca9c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 10 May 2022 02:34:31 GMT
last-modified
Fri, 24 Jul 2009 13:46:10 GMT
accept-ranges
bytes
etag
"3122740758"
content-length
68
content-type
image/gif

Redirect headers

pragma
no-cache
date
Tue, 10 May 2022 04:34:31 +0200
server
ADITIONSERVER v1.0
etag
7095930523029996757
location
https://imagesrv.adition.com/1x1.gif
p3p
policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
access-control-allow-origin
*
cache-control
no-cache
content-type
text/plain
expires
Sat, 01 Jan 2000 00:00:00 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 39A4 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=C5NWjNs95YveTNKeN9u8PrP2VoAaYlML7aduS0fqFEJGD4_TTJxABIMupij9gleKQgqAHoAH8p4CVA8gBCakC_5j11Pm5sT6oAwHIA8sEqgTGAU_QYohhjRwMKGKrxAjA018-_vnpteMP8xW5VFh37DHBAfwfo0IDUqTCSDFGbM9nG1JBMIr3G1gzqt-rJTb4Q9CCXNlj-2dY6VgVU-GSo3x7nmwq1tgDw7yRTlXncdJPOnyTrmQJvDiRks4YwLNaNvm0SacV4Y0TEN_6GMSnKmgF1K4MiMyGq4pd0T0mDUCio0Me2G5tDdm_P9ZKn6mEA7yt9SNZfunjzU59kNS4bkWG_G05HLX9BQDnMSQeWaC_gCRMq1E2IcAEwOzolo4EkgUECAQYAZIFBAgFGASgBi6AB-zX_2qoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBDbtwXSCAkIgOGAEBABGB-ACgHICwHYEw3QFQGAFwGyFxwKGggAEhRwdWItMTU4MzcyMDI2OTQ5NDkxMhgA&sigh=W9cr_4aIegc&uach_m=[UACH]&template_id=484
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=250&slotname=2786819483&adk=2944592922&adf=3361567115&pi=t.ma~as.2786819483&w=300&lmt=1652150069&psa=0&format=300x250&url=https%3A%2F%2Fsafelink12345.icu%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070505&bpp=1&bdt=922&idt=268&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=651&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=wsmp5j7wyo&p=https%3A//safelink12345.icu&dtd=270
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=250&slotname=2786819483&adk=2944592922&adf=3361567115&pi=t.ma~as.2786819483&w=300&lmt=1652150069&psa=0&format=300x250&url=https%3A%2F%2Fsafelink12345.icu%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070505&bpp=1&bdt=922&idt=268&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=651&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=wsmp5j7wyo&p=https%3A//safelink12345.icu&dtd=270
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 10 May 2022 02:34:31 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Tue, 10 May 2022 02:34:31 GMT
2076313506083323656
tpc.googlesyndication.com/simgad/3090955867060246363/ Frame 39A4 		37 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/3090955867060246363/2076313506083323656
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=250&slotname=2786819483&adk=2944592922&adf=3361567115&pi=t.ma~as.2786819483&w=300&lmt=1652150069&psa=0&format=300x250&url=https%3A%2F%2Fsafelink12345.icu%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070505&bpp=1&bdt=922&idt=268&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=651&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=wsmp5j7wyo&p=https%3A//safelink12345.icu&dtd=270
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1d2b9a6b9bdf9ddbee5386c215c3a71090bbf12ed1920808af2980b416fcd3dd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 05 May 2022 13:36:29 GMT
x-content-type-options
nosniff
age
392282
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38283
x-xss-protection
0
last-modified
Wed, 13 Apr 2022 18:44:13 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 05 May 2023 13:36:29 GMT
truncated
/ Frame 39A4 		218 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8ba299532ffedcd88cd357136527b09918b07eea5861c7c03176aebb490434a9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/svg+xml
css
fonts.googleapis.com/ Frame 76CB 		8 KB
965 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=8258638015&adk=3563942368&adf=869763061&pi=t.ma~as.8258638015&w=1200&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070501&bpp=3&bdt=919&idt=226&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&correlator=7912665475533&frm=20&pv=2&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=103&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=gO4UdWm9lv&p=https%3A//safelink12345.icu&dtd=240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8393b0f49cbaac879bc0a89a8d6fc918081a21fd4b13e5ae4416d2c1afbcca92
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 10 May 2022 01:00:29 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 10 May 2022 02:34:31 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 10 May 2022 02:34:31 GMT
reactive_library_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205040101/ 		146 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205040101/reactive_library_fy2019.js?bust=31067450
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205040101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1583720269494912&plah=safelink12345.icu&bust=31067450
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f61dbc962d308b3d5cf4948c4afef2616eeb8da1867140a825a0e25901e3a868
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
52972
x-xss-protection
0
server
cafe
etag
203306604077484148
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Tue, 10 May 2022 02:34:31 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=rasra::pm&rt=8%2C1&c=ca-pub-1583720269494912&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:31 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/ Frame 76CB 		2 KB
938 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=8258638015&adk=3563942368&adf=869763061&pi=t.ma~as.8258638015&w=1200&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070501&bpp=3&bdt=919&idt=226&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&correlator=7912665475533&frm=20&pv=2&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=103&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=gO4UdWm9lv&p=https%3A//safelink12345.icu&dtd=240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 01:56:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2292
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
877
x-xss-protection
0
server
cafe
etag
13035868154101442325
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 May 2022 01:56:19 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 76CB 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CKILrNs95YtXhM_mK7_UPpY6muAvYu7_UaJrAjOSzDsCNtwEQASDLqYo_YJXikIKgB6AB3d_rywPIAQmpApnZ5k6bV6c-qAMByAPLBKoEvQFP0KWZDd6wsMaW9bHs0McnadAvapD0vdmQLIWourkejY3cWZPzFRFoaVa5StkoHEJec1zxK9A1lZ-s9ZEPXd9GSgZ65rCm6DyysNzKPpbH7KK6B7i-l0rMAkzEpIhfn8UNVohZFKLDno-92X7_jAHiXdyPzRofX_n_VZ9f3RsVm1AEjDUcC8dFSSezeBTszIKxgverKRoRoRqnOZi0HdZ6ZYgXeFKgueZZ4Po_12-Xz-_N-I52QtfQwbppreHABL68raTQA5IFBAgEGAGSBQQIBRgEoAYugAeLoJQ0qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQsIsM0ggJCIDhgBAQARgfgAoByAsBuBOIJ9gTDYgUAdAVAZgWAYAXAbIXHAoaCAASFHB1Yi0xNTgzNzIwMjY5NDk0OTEyGAA&sigh=_3xai1Kkqf4&uach_m=[UACH]&template_id=5000
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=8258638015&adk=3563942368&adf=869763061&pi=t.ma~as.8258638015&w=1200&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070501&bpp=3&bdt=919&idt=226&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&correlator=7912665475533&frm=20&pv=2&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=103&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=gO4UdWm9lv&p=https%3A//safelink12345.icu&dtd=240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=8258638015&adk=3563942368&adf=869763061&pi=t.ma~as.8258638015&w=1200&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070501&bpp=3&bdt=919&idt=226&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&correlator=7912665475533&frm=20&pv=2&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=103&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=gO4UdWm9lv&p=https%3A//safelink12345.icu&dtd=240
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 10 May 2022 02:34:31 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220505/r20110914/ Frame 76CB 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220505/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=8258638015&adk=3563942368&adf=869763061&pi=t.ma~as.8258638015&w=1200&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070501&bpp=3&bdt=919&idt=226&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&correlator=7912665475533&frm=20&pv=2&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=103&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=gO4UdWm9lv&p=https%3A//safelink12345.icu&dtd=240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b83149463619a5f4bbee21909e8a99a085f15713e48d6522d0a3173b94a20e1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:06:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1685
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8007
x-xss-protection
0
server
cafe
etag
8765308293129799388
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 May 2022 02:06:26 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/ Frame 76CB 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=8258638015&adk=3563942368&adf=869763061&pi=t.ma~as.8258638015&w=1200&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070501&bpp=3&bdt=919&idt=226&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&correlator=7912665475533&frm=20&pv=2&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=103&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=gO4UdWm9lv&p=https%3A//safelink12345.icu&dtd=240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 01:23:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
4252
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 May 2022 01:23:39 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 76CB 		120 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=8258638015&adk=3563942368&adf=869763061&pi=t.ma~as.8258638015&w=1200&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070501&bpp=3&bdt=919&idt=226&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&correlator=7912665475533&frm=20&pv=2&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=103&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=gO4UdWm9lv&p=https%3A//safelink12345.icu&dtd=240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cfaf60508a77b732490cebbf93a415622f5d33fc0a63f88365807b71a21c25b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37409
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1652096384767712"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 10 May 2022 02:34:31 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/ Frame 76CB 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=8258638015&adk=3563942368&adf=869763061&pi=t.ma~as.8258638015&w=1200&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070501&bpp=3&bdt=919&idt=226&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&correlator=7912665475533&frm=20&pv=2&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=103&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=gO4UdWm9lv&p=https%3A//safelink12345.icu&dtd=240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bdc0c59701784258f143dfd4201f28353f080e0900a3530a83702e08c9ff353f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:09:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1498
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6415
x-xss-protection
0
server
cafe
etag
567849196274905959
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 May 2022 02:09:33 GMT
8ac99cc5020451d5a2f944f2abe6dceb.js
www.gstatic.com/mysidia/ Frame 76CB 		30 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/8ac99cc5020451d5a2f944f2abe6dceb.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=8258638015&adk=3563942368&adf=869763061&pi=t.ma~as.8258638015&w=1200&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070501&bpp=3&bdt=919&idt=226&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&correlator=7912665475533&frm=20&pv=2&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=103&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=gO4UdWm9lv&p=https%3A//safelink12345.icu&dtd=240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f27644734b8ead437f7ae34027490dae1d295348b0fc0cdca8b839bd9ef48d46
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 03 May 2022 12:17:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
569826
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12291
x-xss-protection
0
last-modified
Mon, 02 May 2022 20:52:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 01 Aug 2022 12:17:25 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=puberror&context=165&msg=TagError%3A%20adsbygoogle.push()%20error%3A%20No%20slot%20size%20for%20availableWidth%3D280%0Aat%20Dn%20(https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%3A175%3A371)%0Aat%20Cn%20(adsbygoogle.js%3A174%3A137)%0Aat%20Kn%20(adsbygoogle.js%3A178%3A187)%0Aat%20pp%20(adsbygoogle.js%3A224%3A421)%0Aat%20Bp%20(adsbygoogle.js%3A227%3A105)%0Aat%20Ap%20(adsbygoogle.js%3A226%3A1269)%0Aat%20Jp%20(adsbygoogle.js%3A241%3A330)%0Aat%20adsbygoogle.js%3A235%3A47%0Aat%20mi.n.oa%20(adsbygoogle.js%3A87%3A794)%0Aat%20dj%20(adsbygoogle.js%3A102%3A1098)&shv=r20220505&mjsv=m202205040101&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&client=ca-pub-1583720269494912&tag_origin=qs&url=https%3A%2F%2Fsafelink12345.icu%2F
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:31 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_success&c=3&wpc=ca-pub-1583720269494912&warn=6%2C12%2C13&w=1600&h=1200&ppp=0&eatf=false&eatfAbg=false&reatf=true&a=6%2C1%2C5%2C7&apv=20220504_115016&sat=1651987278545&afm=0&as_count=5&d_count=0&ng_count=0&am_count=2&atf_count=3&mdns=0.187&alldns=0.284&allp=46&fd=(0%2C22%2C6)%2C(1%2C9%2C8)%2C(2%2C0%2C0)&pgh=9046&abl=false&rr=n&su=safelink12345.icu&pvc=4073828262775418&r=0.1&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:31 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_coverage&c=3&wpc=ca-pub-1583720269494912&warn=6%2C12%2C13&w=1600&h=1200&ppp=0&ppos=M100H1000C10B1W0G651~316G103~280G443~108G0~103G383~60G551~60G611~40G967~40W1G1007~487G1494~106G1654~60G1994~60G1600~54W2G2754~520G2054~317G2478~236G2371~107G2714~40W3G3274~129G3403~126W4G4273~903G4129~70G4199~40G4239~34W5G5985~883G5176~809W6G6868~878W7G7746~872W8G8618~366G8984~62&eatf=false&eatfAbg=false&reatf=true&a=6%2C1%2C5%2C7&apv=20220504_115016&sat=1651987278545&afm=0&as_count=5&d_count=0&ng_count=0&am_count=2&atf_count=3&mdns=0.187&alldns=0.284&allp=46&fd=(0%2C22%2C6)%2C(1%2C9%2C8)%2C(2%2C0%2C0)&pgh=9046&abl=false&rr=n&su=safelink12345.icu&pvc=4073828262775418&r=0.1&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:31 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=safelink12345.icu
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205040101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1583720269494912&plah=safelink12345.icu&bust=31067450
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 10 May 2022 02:34:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=safelink12345.icu
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205040101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1583720269494912&plah=safelink12345.icu&bust=31067450
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 10 May 2022 02:34:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 62E9 		21 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&adk=926476324&adf=3768921151&pi=t.aa~a.4263631882~rp.4&w=360&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=360x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1811&idt=-M&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0&nras=2&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=QPZnfKCTaI&p=https%3A//safelink12345.icu&dtd=47
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205040101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1583720269494912&plah=safelink12345.icu&bust=31067450
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
61028d59f434656a12997ef0539b4f0167dfaf302f9b607a815cfeaf0f093599
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safelink12345.icu/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding
br
content-length
10263
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 10 May 2022 02:34:31 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 4BBC 		129 KB
42 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&adk=3075158702&adf=1856860424&pi=t.aa~a.573379464~rp.3&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1810&idt=1&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0%2C360x280&nras=3&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=3529&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=LqVVgPPmHd&p=https%3A//safelink12345.icu&dtd=52
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205040101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1583720269494912&plah=safelink12345.icu&bust=31067450
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
507e35125cc851a8df40be14c121c6473ac06bf612867da305eb67186dbb1492
Security Headers
Name Value
Content-Security-Policy child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/SPE_AOI_KL_Paris_300x600.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/SPE_AOI_KL_Paris_300x600.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPPkgNHy0_cCFY_QuwgdmTsEtg&gqi=N895YrClHK-V7_UP8PKFUA&layout=/sadbundle/%24csp%253Der3%24/1510524910526288399/SPE_AOI_KL_Paris_300x600.html
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safelink12345.icu/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding
br
content-length
43139
content-security-policy
child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/SPE_AOI_KL_Paris_300x600.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/SPE_AOI_KL_Paris_300x600.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPPkgNHy0_cCFY_QuwgdmTsEtg&gqi=N895YrClHK-V7_UP8PKFUA&layout=/sadbundle/%24csp%253Der3%24/1510524910526288399/SPE_AOI_KL_Paris_300x600.html
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 10 May 2022 02:34:31 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
downsize_200k_v1
tpc.googlesyndication.com/simgad/13922836379568857925/ Frame 76CB 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/13922836379568857925/downsize_200k_v1?w=600&h=314
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=8258638015&adk=3563942368&adf=869763061&pi=t.ma~as.8258638015&w=1200&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070501&bpp=3&bdt=919&idt=226&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&correlator=7912665475533&frm=20&pv=2&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=103&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=gO4UdWm9lv&p=https%3A//safelink12345.icu&dtd=240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2872056c02ea70f31f0102c9f9b36d009ef22efaf1dfe6fa751ab02e3e53ba6a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Sat, 07 May 2022 06:43:58 GMT
x-content-type-options
nosniff
age
244233
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24826
x-xss-protection
0
last-modified
Tue, 13 Jul 2021 00:09:58 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 07 May 2023 06:43:58 GMT
truncated
/ Frame 76CB 		206 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame 76CB 		209 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/svg+xml
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=rasra::pr&rt=8%2C1&c=ca-pub-1583720269494912&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:31 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/ Frame F288 		10 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/zrt_lookup.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205040101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1583720269494912&plah=safelink12345.icu&bust=31067450
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
42b853168bb627593eb95b83db66183f7b3bd442db24c37398f1958d1451acd6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safelink12345.icu/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
32924
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=1209600
content-encoding
gzip
content-length
4421
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 09 May 2022 17:25:47 GMT
etag
1428802124239944296
expires
Mon, 23 May 2022 17:25:47 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/ Frame E5FB 		10 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/zrt_lookup.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205040101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1583720269494912&plah=safelink12345.icu&bust=31067450
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
42b853168bb627593eb95b83db66183f7b3bd442db24c37398f1958d1451acd6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safelink12345.icu/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
32924
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=1209600
content-encoding
gzip
content-length
4421
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 09 May 2022 17:25:47 GMT
etag
1428802124239944296
expires
Mon, 23 May 2022 17:25:47 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame 39A4 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
793caba4b52ad29fd92de4929a8727e5b7849e40523aac00cd9294ba919902d1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/png
utx
transmith.xyz/ 		0
492 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://transmith.xyz/utx?tid=808858&top=safelink12345.icu&cb=gDtKSDO6pYEs
Requested by
Host: parentful.club
URL: https://parentful.club/aGxySVUTTgE%2BCh0eHmtvSgQGPSUbVl1mJgkKFyU8BgdDe2ZcWVwgNh1DAT57Ah9NKjkBDxkgMVU0My0WLysCIxQCNjUiFgMHMzklAi8KCicCLTwTJwEiAAgUJh4WExYaLygTDysvACAtKx4KOxYaLwAOFhAvACIlGAYCOT4MLzE7LQEzQ3liXVhUOSABCE96bFBdRXhgXU5eayYFClBzZEROASQjSlZQe3teTl5rIQkLLSAxSlZQcWVQVEdxd0ROATw3NwUWeHdSTkFwbVlbQ3xgSkBQOiAKMxstZ0pWUBEUDC81DiUCLRgTEgMvGSIUGBwYCi0rHhgIGzIeGwcnKS08OzEyLwAKDzI2MQonARQxOy0aLwAKJy8vCgonAxwCIyUYBxYKFhoUGxZkWFtHfXcV
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-36.fra50.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:31 GMT
via
1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
server
openresty/1.17.8.2
x-amz-cf-pop
FRA50-C1
x-cache
Miss from cloudfront
p3p
CP="NID DSP ALL COR"
access-control-allow-origin
https://safelink12345.icu
cache-control
no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials
true
accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-amz-cf-id
rbEgFSLZdbo0Z3fUOCngbrbJCXCWtZQ5JTwCEKxHXoBGALmDNMpHvg==
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 39A4 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 01:46:21 GMT
x-content-type-options
nosniff
age
348490
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 06 May 2023 01:46:21 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 39A4 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Wed, 04 May 2022 17:56:19 GMT
x-content-type-options
nosniff
age
463092
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 04 May 2023 17:56:19 GMT
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 39A4 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Wed, 04 May 2022 17:58:32 GMT
x-content-type-options
nosniff
age
462959
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15732
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:20 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 04 May 2023 17:58:32 GMT
amp4ads-host-v0.js
cdn.ampproject.org/rtv/012203150226000/ 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012203150226000/amp4ads-host-v0.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205040101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1583720269494912&plah=safelink12345.icu&bust=31067450
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9479b3e3bef0f6427206cadb155b1f1e0197e6d87356db3a4dee7732273b2b80
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
490618
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8029
x-xss-protection
0
server
sffe
date
Wed, 04 May 2022 10:17:33 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"e862474745e2e7b9"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 04 May 2023 10:17:33 GMT
css2
fonts.googleapis.com/ Frame F288 		4 KB
634 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 10 May 2022 01:01:06 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 10 May 2022 02:34:31 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 10 May 2022 02:34:31 GMT
feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame F288 		205 B
229 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 01:08:42 GMT
x-content-type-options
nosniff
age
5149
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
205
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 10 May 2023 01:08:42 GMT
settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame F288 		604 B
628 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 23:23:33 GMT
x-content-type-options
nosniff
age
11458
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
604
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Tue, 09 May 2023 23:23:33 GMT
interstitial_ad_frame_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220505/r20110914/elements/html/ Frame F288 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220505/r20110914/elements/html/interstitial_ad_frame_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
01284adf0039080c4d89732ef83440fd31b310a7bf3867b83b030f99ffd1f1c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 01:26:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
4100
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8280
x-xss-protection
0
server
cafe
etag
1405619832300133377
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 May 2022 01:26:11 GMT
truncated
/ Frame 76CB 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f39fcbfd7ade61e95cec7116403e96e6377c5947beb0afb1415b6e2dba0d2131

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame EDB8 		210 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
73577f6a8bc7096353da1b32358f42ef7499340cf39d17e1fa8847510ae8c211

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/png
SPE_AOI_KL_Paris_728x90.html
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/ Frame CECB 		25 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/SPE_AOI_KL_Paris_728x90.html
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4537a29929547063205a1bd5ca59dd679d2eac598b604b84615ee324aab70b67
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
480938
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
6786
content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
cross-origin-resource-policy
cross-origin
date
Wed, 04 May 2022 12:58:53 GMT
expires
Thu, 04 May 2023 12:58:53 GMT
last-modified
Wed, 09 Jun 2021 15:05:22 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
ai.aspx
at.bahn.de/ Frame E5FB 		43 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://at.bahn.de/ai.aspx?extProvId=5&extPu=14058-gaw&extLi=15763535245&cb=2882312279
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.202.235.9 Düsseldorf, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
P3P
policyref="https://at.bahn.de/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection
close
X-ET-Monitoring
1
Content-Length
43
Pragma
no-cache
X-ET-Code
0
Last-Modified
Di, 10 Mai 2022 02:34:31 GMT
Server
Microsoft-IIS/8.5
Date
Tue, 10 May 2022 02:34:31 GMT
Access-Control-Max-Age
1000
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
https://googleads.g.doubleclick.net
Cache-Control
private
Access-Control-Allow-Credentials
true
X-ET-Camp
1053
Access-Control-Allow-Headers
*
Expires
Mon, 26 Jul 1997 05:00:00 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame E5FB 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CIUJTNs95YqrvM4eS7_UP8OA9t6OWy2f53-eOhxDAjbcBEAEgy6mKP2CV4pCCoAegAe-EyssCyAEJqQL_mPXU-bmxPqgDAcgDSKoExQFP0FjLHn6Hio8NL15bNBdZA_mjIAwEGhayma86TGv-bkknXIL1ssnL61CBxQItsnVtWDUPWQNFdq5aB1PrOI1CpyVkiBkhQKsaYdWoCC7yTsDB4tKubHAHD5hIGr_DaVU_nUhcg-MvFwCe977uRy9BB8HzvizAS_9s5odXxJBHX7zu8OnX2FbJgKVrpEdzbBK8mV0Oq8EyryDcm7OyuTZVoyd4dGaciIMuYPs8OZTygVzN2YZnWJgCCXYGy5msngRJF0oSisAE7dqi4uQDkgUECAQYAZIFBAgFGASgBi6AB_n6tbQBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQw6QE0ggJCIDhgBAQARgfgAoByAsB2BMN0BUBgBcBshccChoIABIUcHViLTE1ODM3MjAyNjk0OTQ5MTIYAA&sigh=1NjeE1NzfV8&uach_m=[UACH]&template_id=419
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/zrt_lookup.html?fsb=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 10 May 2022 02:34:31 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220505/r20110914/ Frame E5FB 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220505/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b83149463619a5f4bbee21909e8a99a085f15713e48d6522d0a3173b94a20e1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:06:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1685
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8007
x-xss-protection
0
server
cafe
etag
8765308293129799388
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 May 2022 02:06:26 GMT
4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v44/ Frame 76CB 		28 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v44/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7d210f7d18b1a67c12052541793c3fc63a9175ec1809b7988b9b9a13a4b50e16
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 03 May 2022 22:13:40 GMT
x-content-type-options
nosniff
age
534051
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28276
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 19:33:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 03 May 2023 22:13:40 GMT
ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame EDB8 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 03 May 2022 22:12:48 GMT
x-content-type-options
nosniff
age
534103
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20784
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 19:21:31 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 03 May 2023 22:12:48 GMT
/
rbiscussexb.xyz/ 		0
37 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rbiscussexb.xyz/
Requested by
Host: parentful.club
URL: https://parentful.club/aGxySVUTTgE%2BCh0eHmtvSgQGPSUbVl1mJgkKFyU8BgdDe2ZcWVwgNh1DAT57Ah9NKjkBDxkgMVU0My0WLysCIxQCNjUiFgMHMzklAi8KCicCLTwTJwEiAAgUJh4WExYaLygTDysvACAtKx4KOxYaLwAOFhAvACIlGAYCOT4MLzE7LQEzQ3liXVhUOSABCE96bFBdRXhgXU5eayYFClBzZEROASQjSlZQe3teTl5rIQkLLSAxSlZQcWVQVEdxd0ROATw3NwUWeHdSTkFwbVlbQ3xgSkBQOiAKMxstZ0pWUBEUDC81DiUCLRgTEgMvGSIUGBwYCi0rHhgIGzIeGwcnKS08OzEyLwAKDzI2MQonARQxOy0aLwAKJy8vCgonAxwCIyUYBxYKFhoUGxZkWFtHfXcV
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.22.28.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-22-28-167.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safelink12345.icu/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
content-length
0
exitapi-impl.js
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame CECB 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/SPE_AOI_KL_Paris_728x90.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 09:36:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
61097
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3271
x-xss-protection
0
server
cafe
etag
7483759447172721109
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Tue, 10 May 2022 09:36:14 GMT
addata.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame CECB 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/SPE_AOI_KL_Paris_728x90.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 16:13:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
37252
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10382
x-xss-protection
0
server
cafe
etag
12806417668659483808
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Tue, 10 May 2022 16:13:39 GMT
ibahn.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/images/ Frame CECB 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/images/ibahn.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/SPE_AOI_KL_Paris_728x90.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ce3bdb20624fb7325e0f594c79dd17afff914481108a6caebb474ecda2982c54
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
70687
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4059
x-xss-protection
0
last-modified
Wed, 09 Jun 2021 15:05:22 GMT
server
sffe
date
Mon, 09 May 2022 06:56:24 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 09 May 2023 06:56:24 GMT
txt1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/images/ Frame CECB 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/images/txt1.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/SPE_AOI_KL_Paris_728x90.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7965eb423420fc758c9c3482ba52da47ecb79748214d4898b1ae1375fb4592ea
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
70687
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2997
x-xss-protection
0
last-modified
Wed, 09 Jun 2021 15:05:22 GMT
server
sffe
date
Mon, 09 May 2022 06:56:24 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 09 May 2023 06:56:24 GMT
txt2.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/images/ Frame CECB 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/images/txt2.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/SPE_AOI_KL_Paris_728x90.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
652d8afe4739c95a4e295c8e479618c8d85004edea705a2787b353c6913c9663
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
70687
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3921
x-xss-protection
0
last-modified
Wed, 09 Jun 2021 15:05:22 GMT
server
sffe
date
Mon, 09 May 2022 06:56:24 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 09 May 2023 06:56:24 GMT
txt3.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/images/ Frame CECB 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/images/txt3.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/SPE_AOI_KL_Paris_728x90.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
62d7ccc1923db76ca0d24a8ff8ba721aea01295ed799f8e99bd9876954ee3c19
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
564765
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2923
x-xss-protection
0
last-modified
Wed, 09 Jun 2021 15:05:22 GMT
server
sffe
date
Tue, 03 May 2022 13:41:46 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 03 May 2023 13:41:46 GMT
txt4.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/images/ Frame CECB 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/images/txt4.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/SPE_AOI_KL_Paris_728x90.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
98a89eea1652c34b20691a4d652eff624666e30f53f69850858b4198d180c7d5
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
70687
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2345
x-xss-protection
0
last-modified
Wed, 09 Jun 2021 15:05:22 GMT
server
sffe
date
Mon, 09 May 2022 06:56:24 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 09 May 2023 06:56:24 GMT
CTA.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/images/ Frame CECB 		990 B
1023 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/images/CTA.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/SPE_AOI_KL_Paris_728x90.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9e5a280b1d9a39509fbbf088ac50252f3fdedc5ade26de6ca2f92801b586c5de
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
70687
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
990
x-xss-protection
0
last-modified
Wed, 09 Jun 2021 15:05:22 GMT
server
sffe
date
Mon, 09 May 2022 06:56:24 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 09 May 2023 06:56:24 GMT
DBx.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/images/ Frame CECB 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/images/DBx.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/SPE_AOI_KL_Paris_728x90.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
deb5f99d8b9d2737e035fb24abb4d6c96951dbae09b710aeed70ab12fc3926e6
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
564765
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1311
x-xss-protection
0
last-modified
Wed, 09 Jun 2021 15:05:22 GMT
server
sffe
date
Tue, 03 May 2022 13:41:46 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 03 May 2023 13:41:46 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame 1192 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1502
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
date
Tue, 10 May 2022 02:09:29 GMT
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/ Frame E5FB 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:19:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
883
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 May 2022 02:19:48 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame E5FB 		120 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cfaf60508a77b732490cebbf93a415622f5d33fc0a63f88365807b71a21c25b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37409
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1652096384767712"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 10 May 2022 02:34:31 GMT
87D0VuGGyd8o4x1zT1VlOmQj8xrGMl1xcSeEyGhgSwY.js
pagead2.googlesyndication.com/bg/ Frame C721 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/87D0VuGGyd8o4x1zT1VlOmQj8xrGMl1xcSeEyGhgSwY.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=250&slotname=2786819483&adk=2944592922&adf=3361567115&pi=t.ma~as.2786819483&w=300&lmt=1652150069&psa=0&format=300x250&url=https%3A%2F%2Fsafelink12345.icu%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070505&bpp=1&bdt=922&idt=268&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C820x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=651&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=wsmp5j7wyo&p=https%3A//safelink12345.icu&dtd=270
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f3b0f456e186c9df28e31d734f55653a6423f31ac6325d71712784c868604b06
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 17:58:22 GMT
content-encoding
br
x-content-type-options
nosniff
age
30969
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13472
x-xss-protection
0
last-modified
Mon, 02 May 2022 13:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 09 May 2023 17:58:22 GMT
css
fonts.googleapis.com/ Frame 971E 		8 KB
892 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8393b0f49cbaac879bc0a89a8d6fc918081a21fd4b13e5ae4416d2c1afbcca92
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 10 May 2022 00:55:29 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 10 May 2022 02:34:31 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 10 May 2022 02:34:31 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/ Frame 971E 		2 KB
907 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 01:56:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2292
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
877
x-xss-protection
0
server
cafe
etag
13035868154101442325
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 May 2022 01:56:19 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220505/r20110914/ Frame 971E 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220505/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b83149463619a5f4bbee21909e8a99a085f15713e48d6522d0a3173b94a20e1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:06:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1685
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8007
x-xss-protection
0
server
cafe
etag
8765308293129799388
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 May 2022 02:06:26 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/ Frame 971E 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:19:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
883
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 May 2022 02:19:48 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 971E 		120 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cfaf60508a77b732490cebbf93a415622f5d33fc0a63f88365807b71a21c25b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37409
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1652096384767712"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 10 May 2022 02:34:31 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/ Frame 971E 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bdc0c59701784258f143dfd4201f28353f080e0900a3530a83702e08c9ff353f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:09:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1498
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6415
x-xss-protection
0
server
cafe
etag
567849196274905959
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 May 2022 02:09:33 GMT
8ac99cc5020451d5a2f944f2abe6dceb.js
www.gstatic.com/mysidia/ Frame 971E 		30 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/8ac99cc5020451d5a2f944f2abe6dceb.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f27644734b8ead437f7ae34027490dae1d295348b0fc0cdca8b839bd9ef48d46
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 03 May 2022 12:17:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
569826
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12291
x-xss-protection
0
last-modified
Mon, 02 May 2022 20:52:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 01 Aug 2022 12:17:25 GMT
87D0VuGGyd8o4x1zT1VlOmQj8xrGMl1xcSeEyGhgSwY.js
pagead2.googlesyndication.com/bg/ Frame 675C 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/87D0VuGGyd8o4x1zT1VlOmQj8xrGMl1xcSeEyGhgSwY.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=8258638015&adk=3563942368&adf=869763061&pi=t.ma~as.8258638015&w=1200&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070501&bpp=3&bdt=919&idt=226&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&correlator=7912665475533&frm=20&pv=2&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=103&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=gO4UdWm9lv&p=https%3A//safelink12345.icu&dtd=240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f3b0f456e186c9df28e31d734f55653a6423f31ac6325d71712784c868604b06
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 17:58:22 GMT
content-encoding
br
x-content-type-options
nosniff
age
30969
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13472
x-xss-protection
0
last-modified
Mon, 02 May 2022 13:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 09 May 2023 17:58:22 GMT
87D0VuGGyd8o4x1zT1VlOmQj8xrGMl1xcSeEyGhgSwY.js
pagead2.googlesyndication.com/bg/ Frame C3E8 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/87D0VuGGyd8o4x1zT1VlOmQj8xrGMl1xcSeEyGhgSwY.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&slotname=9596249340&adk=1423993661&adf=3276192867&pi=t.ma~as.9596249340&w=820&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&psa=0&format=820x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150070504&bpp=1&bdt=921&idt=246&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=403&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=MIv0Y0UQGz&p=https%3A//safelink12345.icu&dtd=249
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f3b0f456e186c9df28e31d734f55653a6423f31ac6325d71712784c868604b06
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 17:58:22 GMT
content-encoding
br
x-content-type-options
nosniff
age
30969
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13472
x-xss-protection
0
last-modified
Mon, 02 May 2022 13:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 09 May 2023 17:58:22 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame 1192
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 10 May 2022 02:34:32 GMT
expires
Tue, 10 May 2022 02:34:32 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 10 May 2022 02:34:32 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
SPE_AOI_KL_Paris_300x600.html
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/ Frame 513F 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/SPE_AOI_KL_Paris_300x600.html
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7f5fee99e6c3c750affac339fedc80d63d25d44a83252318728d7a8bde88e4db
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
101171
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
1135
content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
cross-origin-resource-policy
cross-origin
date
Sun, 08 May 2022 22:28:20 GMT
expires
Mon, 08 May 2023 22:28:20 GMT
last-modified
Mon, 07 Jun 2021 11:26:53 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
ai.aspx
at.bahn.de/ Frame B850 		43 B
907 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://at.bahn.de/ai.aspx?extProvId=5&extPu=14058-gaw&extLi=15763535245&cb=2205754829
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.202.235.9 Düsseldorf, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
P3P
policyref="https://at.bahn.de/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection
close
X-ET-Monitoring
1
Content-Length
43
Pragma
no-cache
X-ET-Code
0
Last-Modified
Di, 10 Mai 2022 02:34:31 GMT
Server
Microsoft-IIS/8.5
Date
Tue, 10 May 2022 02:34:31 GMT
Access-Control-Max-Age
1000
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
https://googleads.g.doubleclick.net
Cache-Control
private
Access-Control-Allow-Credentials
true
X-ET-Camp
1053
Access-Control-Allow-Headers
*
Expires
Mon, 26 Jul 1997 05:00:00 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame B850 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=C-fGNN895YrPtHI-h7_UPmfeQsAu3o5bLZ4Hk546HEMCNtwEQASDLqYo_YJXikIKgB6AB74TKywLIAQmpAv-Y9dT5ubE-qAMByANIqgTKAU_QphyLzwD5N9JNN29GB7QYKvrUivHcef9pRBk61gJW_kgWmZs5V8rtJQNMxZfQ-yAlKlBGcb1xpoia0ekx7Sl-KFTjzOVDdDyw7e71bhuQVaZL19HycWAf3j4VVHm2pvCklOPC6lxfc6WP072BlnFNDRb3MXMtzMQjfK1pAH9CflRTNtggs7YNmpPfO_6otxkhLW6evNbG9jrYltXV7Z1NW9KO4vNNWp5RnNq44Lr6s_3F6-vm_AajZlkuwZ3SVvhYp2AJDo_2J4fABO3aouLkA5IFBAgEGAGSBQQIBRgEoAYugAf5-rW0AagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEI7HBtIICQiA4YAQEAEYH4AKAcgLAdgTDdAVAYAXAbIXHAoaCAASFHB1Yi0xNTgzNzIwMjY5NDk0OTEyGAA&sigh=_kKU5M48k84&uach_m=[UACH]&template_id=419
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&adk=3075158702&adf=1856860424&pi=t.aa~a.573379464~rp.3&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1810&idt=1&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0%2C360x280&nras=3&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=3529&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=LqVVgPPmHd&p=https%3A//safelink12345.icu&dtd=52
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 10 May 2022 02:34:32 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220505/r20110914/ Frame B850 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220505/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&adk=3075158702&adf=1856860424&pi=t.aa~a.573379464~rp.3&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1810&idt=1&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0%2C360x280&nras=3&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=3529&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=LqVVgPPmHd&p=https%3A//safelink12345.icu&dtd=52
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b83149463619a5f4bbee21909e8a99a085f15713e48d6522d0a3173b94a20e1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:06:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1685
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8007
x-xss-protection
0
server
cafe
etag
8765308293129799388
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 May 2022 02:06:26 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/ Frame B850 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&adk=3075158702&adf=1856860424&pi=t.aa~a.573379464~rp.3&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1810&idt=1&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0%2C360x280&nras=3&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=3529&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=LqVVgPPmHd&p=https%3A//safelink12345.icu&dtd=52
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:19:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
883
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 May 2022 02:19:48 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame B850 		120 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&adk=3075158702&adf=1856860424&pi=t.aa~a.573379464~rp.3&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1810&idt=1&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0%2C360x280&nras=3&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=3529&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=LqVVgPPmHd&p=https%3A//safelink12345.icu&dtd=52
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cfaf60508a77b732490cebbf93a415622f5d33fc0a63f88365807b71a21c25b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37409
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1652096384767712"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 10 May 2022 02:34:32 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/ Frame B850 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&adk=3075158702&adf=1856860424&pi=t.aa~a.573379464~rp.3&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1810&idt=1&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0%2C360x280&nras=3&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=3529&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=LqVVgPPmHd&p=https%3A//safelink12345.icu&dtd=52
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bdc0c59701784258f143dfd4201f28353f080e0900a3530a83702e08c9ff353f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:09:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1498
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6415
x-xss-protection
0
server
cafe
etag
567849196274905959
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 May 2022 02:09:33 GMT
l
www.google.com/ads/measurement/ Frame B850 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTPwQuEQEQpgXGExhqzSV-QgbbjQWgb7z1ceRY_vFT9VAhPh_0wMkA-woNkvrTC6DZ4c4c3c1fpMn7bVrVf2-31PeGDXA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&adk=3075158702&adf=1856860424&pi=t.aa~a.573379464~rp.3&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1810&idt=1&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0%2C360x280&nras=3&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=3529&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=LqVVgPPmHd&p=https%3A//safelink12345.icu&dtd=52
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers
pixel
googleads.g.doubleclick.net/xbbe/ Frame 297D 		624 B
297 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhjjrrXJATAB&v=APEucNWpPQACLpEuCFWtNBR2LkLjvCsnybR9OLtlt7KlpuwbqypWkqfNLUSPxH__wLaT76EHZ-S5L6CPy8rWKbzMsZlp-01G5SaiKUI43_DRyJDp9NKARgwORt54VFng7KXOw3BRrUWesuP3-3xWkeSf_ML45W7NCYe-gp5IGkzjFUDbF8g-EGQ
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&adk=926476324&adf=3768921151&pi=t.aa~a.4263631882~rp.4&w=360&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=360x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1811&idt=-M&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0&nras=2&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=QPZnfKCTaI&p=https%3A//safelink12345.icu&dtd=47
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&adk=926476324&adf=3768921151&pi=t.aa~a.4263631882~rp.4&w=360&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=360x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1811&idt=-M&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0&nras=2&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=QPZnfKCTaI&p=https%3A//safelink12345.icu&dtd=47
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
276
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 10 May 2022 02:34:32 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame C7D6 		77 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B34qsRUTW_kglYgBky4oyGmyjrYh1cd5Ts8260fLB4_HupTVNC72m2A52YCWcdLl7x9k7dPOebfOfO9rdnRm223STaqoZZFSc5zYEhk1dmclW4GdynULTQ85Xo8elrzCK4PHt4bBQlWM684P2pbSRo2c2kiw&dbm_d=AKAmf-BNdcSuAVybBAUhEC8zGdErpyvvaWCRnIZJ-L9BqbrlYZ2THiSk-ZAfvONsUMEyPFpLqHsA56xDWXb1qU3txnNVG4WtBhqXjrJ1q0EblG8NXsg3eWVctlItggxSEavZgzImPe_ctDZdlEg18Od2AV8mM6Q7XFc9PAabJ-ahMAQ4j991XB4Wyjn0p8pbQ-jIiarASt2w9L3n7YwuDzS5VPrJPBdmDgO6vQ7sWnmAELNxhOejx9IumTR4tb42OIMYWZsQSiCPZw8XezDy_1GU9jktb957f-W3c6bSXQU2oGH-RNsPfvIqY3lyX77_4axe9EXqGHBc9phqxQrKENwZYzOiH8I9Q4uSysJuM7szYpwQL59wOQbeOmEtc34Rb7wNkSiUQdLR3fNYsZ_47FF01FM_lpGYkQnlCWQk-V_dtVP1Jty5-12rAzKZK-itjZHgVsx9ZO9PhcBWqXKs9brQGkP9kayiF3-mPXIE237gsSqxo-F9dnpeZrDa13gUszsAjuauoOhGAfASZ-wPlmn_do2qBOU-cc7otNtgQPFu1ik9BKgJo8LdOu438RCjHYCbInXZDRKTbwuzwbiuTAZ2oc-UwaOK7n7jps1-UrE5MnG-eoh5uggpnAj32zwdQcOKgj7iaJr9OQXFjpwM5xputFTxsDneTiOn_bXavNNamSBug-Wi-hE_FrfxbLDLlJSJlgqZY4Az-6X55JcJlJE0n50Mz2iu6anM4urzvg8MpLQB4IQV7RbC53hSDW_Ifr2FQUKsKWV5chtQ1AwlmDtwhLP8ZRWFygi1FLZlLDnrD2Kt6j4kVIeML4q7TMvYP5GHAx_vQuMvyoNxMxIfrxVFxj-xJOwy7gRHJQEUMTspGGPW3J04XDoSmRRBumZ7CSzExjdPGyh_jsTToDP2UHbTBJOF1nktP-jc35CW0b3fSpKepX9kryntevntAn94vi3YOs0jbfQhxbUVPEbYFJSh0mJmhEZD564GnJ9D1Z8asLfhfbJzpIUnpys-S8D1MW6hB5rBVgLRoLzewm4PwpGRXqLdYnN6Lc5jvMZYiyRYCnkxlrk8G9dRZvLs0t5Zac1p16-AheqdUhtaW_2qjemTk3RJqWBozuMcV0cT5GLoAns0-GzOoJ7ygsCmoEhSwGCg0P1B_NSIygdl9odNua_LcIBRJUj41kMQ5-Aqj--aGqbrRBnhbKgoYprTntZo3qQfNo0OQzqgCDy-K38DS3vdB4emHIaUrh1W8FbnkM5h28okDaH6rq_xy_dZ32jbm4DmJbjI8QktT_RXTiXv-xwfjjjA0CinjUfOw61l5RdTzRPBWiCVFl4b5k03QEG-S7BqRwpAxK9-t8yFyoEbG5S1SuIvX7E8jve2E5r_VRguODHD54gRblA8NVETvNiQTI5yTAUlQwMXQ-NSez9xBHUkxgti8WG0Agf4g7XiUySn96FDgLaf4gNlqm63Dy3I5iBHY3IU2HqnyqzkBZPV7rhmCVfVd-keb25xprk4g9qOqYRdvSWaR3L84j1cfKCvdkdoVDEh6t77qQlK4wIg7cjQAUKfdXyo7R-YkH85L7uqLhW4SVditXU33KMDkU5627ERo0QhjJ8gg-C75kPtDuuKcaaTSjztjwisbS1C3nt3lc39KcsjR7r2JefcfbKME7wrrYMxJGLFceCiLxILk7YS0sMQDdWieH97_nh-arrD5J1JYjyNRr7RQiugqE3WABNKgBIK8JvuqgnkKzfZdh8UYItmny5VV_Kflh8lkJaTUd4D-82AWaraPpMYfUUefDhzfjOZHk9cdcOqNEB1wXPb9CuBamcR_fYnv5-jIo8BSblaf1fIYqmhh9tE11vOozQ0tTLrYdguxbuzck5E2xs1wncdZjEWe2Xc6COZU4ro7OOJ_0D5Do6Zr6Ow39reWDaROxnFHmR-Yae2Del6AAKzIoYVEua2MMKAZKV3Zmjx3sHa45LGqofNQhkPJC-NgEqj5rfOnfF_iLanYg-AAs4hlg6gJHFuhIlNjzTEsgTtlQSojMybqpTT8M0RNJquiSNVEjHEa_ck9fRmJynquEAEGExKH_kek1mYNgFF1GbnJ0yPd_GBhRdYmZfe3vniJe-_YtcrsHBwlh_LRH_eYs1ySAAFeD9IOdjYIUc1nzhU_YTC1wFo8-ZinW0hJ4P_bKTaKQMrrA-D2PNUgAHhf_CRr4Bink0ePgWRbmsymXvXEafayscVHoY51QcoRGL_p68k2EuwvZsQ1O_yYEu3r-qiKLHZMBRKhzGj3Ho6hps9NzS44uIFizrIhhOSdeKtIPlIQyt3pDsHb469gkZx4tg7x76ZI3QD7L_dVo7dlWkh0j5SX4Mw3wonRn6pHq14_LgNf8NpOPnmhcPrl09HH6Qt9HafXrXWZoBKx0zVnKQkPyyO5c8MiG7hMe8X3sNgdN6MVvAyUaTej44tcmnqklivdBwl3w_b3Ltjqu34zsSG7P3C1ifVR8rFq9Z8QmeFn_OO9hbYBwPNbSOT9EMjwWsZJGTVEA0cMn273Qjs7ckgU2NymMZ4Psrid4wfGNXQBBqKENDNH8wKoM_W_o9p3ZYxwG8SCvtamx_dzGJdDANNoZuI8a7F8InoLPK6ntu73ScaGWvkSEfgVfAdXsYrFlQyhOUv5qa-GJ_Df7dE_MDJvUMH0zY00Ur-xwB9BOFgygjr7Yt9lOZVe1rU2laS7xNxD-iGdiMXNC9VLXugdPmwmgFMTW6bdxMrnCopFCaptnXRFV0FciEqJljXoDXvK2KHqSlZFUFQPQ7Z86E3igTY01CFkaGyD_9elYEPy7Ec85YtbA6QwSlyPlUvYaePhaIO1Cg_r--u-i93B1hzffRo9j-lYAzJcKvc-tvg8W2Cge-U2cdy7jy6UwuEybVD42JjP4QuwIFhPVQrEH1-9B6ghPKbEhjK1El2LfKJv6jCx_K2qtY_NHZRA61DRISKPutGiL1NWxipUDUwf1DKdVIjcQL7BRbiqyvaSpSv12nZ3bxyOAfj80n8PpU9OGEjeXLaAqeDouuS_Q&cid=CAASJORoj_m3cQyfGG3laQubxiUB2f7KOP950INdwmb4udL8UeQAWw&rfl=2%2Chttps%253A%252F%252Fsafelink12345.icu%252F%240
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
71fe15d1a3a345f63df54bf9834c237d9ea9158f18d44cd5957aa1a2ebd426a0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&adk=926476324&adf=3768921151&pi=t.aa~a.4263631882~rp.4&w=360&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=360x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1811&idt=-M&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0&nras=2&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=QPZnfKCTaI&p=https%3A//safelink12345.icu&dtd=47
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:32 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32710
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/ Frame C7D6 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&adk=926476324&adf=3768921151&pi=t.aa~a.4263631882~rp.4&w=360&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=360x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1811&idt=-M&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0&nras=2&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=QPZnfKCTaI&p=https%3A//safelink12345.icu&dtd=47
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:19:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
884
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 May 2022 02:19:48 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame C7D6 		120 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&adk=926476324&adf=3768921151&pi=t.aa~a.4263631882~rp.4&w=360&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=360x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1811&idt=-M&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0&nras=2&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=QPZnfKCTaI&p=https%3A//safelink12345.icu&dtd=47
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cfaf60508a77b732490cebbf93a415622f5d33fc0a63f88365807b71a21c25b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37409
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1652096384767712"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 10 May 2022 02:34:32 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/ Frame C7D6 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&adk=926476324&adf=3768921151&pi=t.aa~a.4263631882~rp.4&w=360&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=360x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1811&idt=-M&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0&nras=2&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=QPZnfKCTaI&p=https%3A//safelink12345.icu&dtd=47
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bdc0c59701784258f143dfd4201f28353f080e0900a3530a83702e08c9ff353f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:09:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1499
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6415
x-xss-protection
0
server
cafe
etag
567849196274905959
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 May 2022 02:09:33 GMT
l
www.google.com/ads/measurement/ Frame C7D6 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRZJa_e7D9pcomOM4x6tx2FgKTf5rfrafX4d5YnU1aKloSJpI43MHNT2gwqe1nAAyDWZ7iNIf1unRdp_9ge8cXaGNZ08w
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&adk=926476324&adf=3768921151&pi=t.aa~a.4263631882~rp.4&w=360&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=360x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1811&idt=-M&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0&nras=2&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=QPZnfKCTaI&p=https%3A//safelink12345.icu&dtd=47
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers
gen_204
pagead2.googlesyndication.com/pagead/ Frame C7D6 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DMwFm4nNrUmZv8j8GTpxffx6TIWKMErMOzeL4vWHUeizn5szXBaT_N7XbfOCLOtdlR7FhS5RAlQZr6-pCRxFrDXiJIuNHR-2zY3Oz3WOF1MksvSrY
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&adk=926476324&adf=3768921151&pi=t.aa~a.4263631882~rp.4&w=360&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=360x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1811&idt=-M&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0&nras=2&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=QPZnfKCTaI&p=https%3A//safelink12345.icu&dtd=47
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:32 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/ Frame E5FB 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220505/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bdc0c59701784258f143dfd4201f28353f080e0900a3530a83702e08c9ff353f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:09:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1499
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6415
x-xss-protection
0
server
cafe
etag
567849196274905959
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 May 2022 02:09:33 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame 4196 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1503
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
date
Tue, 10 May 2022 02:09:29 GMT
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
s
googleads.g.doubleclick.net/pagead/drt/ Frame BB1A 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&adk=3075158702&adf=1856860424&pi=t.aa~a.573379464~rp.3&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1810&idt=1&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0%2C360x280&nras=3&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=3529&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=LqVVgPPmHd&p=https%3A//safelink12345.icu&dtd=52
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&adk=3075158702&adf=1856860424&pi=t.aa~a.573379464~rp.3&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1810&idt=1&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0%2C360x280&nras=3&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=3529&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=LqVVgPPmHd&p=https%3A//safelink12345.icu&dtd=52
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1503
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
date
Tue, 10 May 2022 02:09:29 GMT
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
exitapi-impl.js
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 513F 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/SPE_AOI_KL_Paris_300x600.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 09:36:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
61098
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3271
x-xss-protection
0
server
cafe
etag
7483759447172721109
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Tue, 10 May 2022 09:36:14 GMT
addata.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 513F 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/SPE_AOI_KL_Paris_300x600.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 16:13:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
37253
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10382
x-xss-protection
0
server
cafe
etag
12806417668659483808
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Tue, 10 May 2022 16:13:39 GMT
abb1.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/images/ Frame 513F 		46 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/images/abb1.jpg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/SPE_AOI_KL_Paris_300x600.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
989c4b6fc5f26823e8f9ea47e11c66df72416bd7bf75111a733918251e68281b
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
102055
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47117
x-xss-protection
0
last-modified
Mon, 07 Jun 2021 11:26:53 GMT
server
sffe
date
Sun, 08 May 2022 22:13:37 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Mon, 08 May 2023 22:13:37 GMT
ibahn.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/images/ Frame 513F 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/images/ibahn.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/SPE_AOI_KL_Paris_300x600.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
807973606f7828f72356e66e5aaeac1ba86b97b38d26d94c9175d8e231d9eba1
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
584080
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5282
x-xss-protection
0
last-modified
Mon, 07 Jun 2021 11:26:53 GMT
server
sffe
date
Tue, 03 May 2022 08:19:52 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 03 May 2023 08:19:52 GMT
coop.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/images/ Frame 513F 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/images/coop.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/SPE_AOI_KL_Paris_300x600.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
43944b1d0f3a9d73febdd95f633c7da079606eac5dc9912e1c1632bddfa773ab
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
102055
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2296
x-xss-protection
0
last-modified
Mon, 07 Jun 2021 11:26:53 GMT
server
sffe
date
Sun, 08 May 2022 22:13:37 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Mon, 08 May 2023 22:13:37 GMT
txt1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/images/ Frame 513F 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/images/txt1.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/SPE_AOI_KL_Paris_300x600.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a2ad9b6aff869f154744470066ee5ecf8f3fbe7e1ca42e427aceb608c4023990
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
73285
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1994
x-xss-protection
0
last-modified
Mon, 07 Jun 2021 11:26:53 GMT
server
sffe
date
Mon, 09 May 2022 06:13:07 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 09 May 2023 06:13:07 GMT
txt2.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/images/ Frame 513F 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/images/txt2.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/SPE_AOI_KL_Paris_300x600.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d7a00b3271f88b673d5fe996f53e16ba8bb58a86ff2cd999544f4408ff8686e6
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
102055
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1691
x-xss-protection
0
last-modified
Mon, 07 Jun 2021 11:26:53 GMT
server
sffe
date
Sun, 08 May 2022 22:13:37 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Mon, 08 May 2023 22:13:37 GMT
txt3.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/images/ Frame 513F 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/images/txt3.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/SPE_AOI_KL_Paris_300x600.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5db968b3be7baa441a6422d931b2c6c83bb2b8312dbee038e6330b8fea689a7
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
102055
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1872
x-xss-protection
0
last-modified
Mon, 07 Jun 2021 11:26:53 GMT
server
sffe
date
Sun, 08 May 2022 22:13:37 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Mon, 08 May 2023 22:13:37 GMT
puls.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/images/ Frame 513F 		369 B
405 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/images/puls.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/SPE_AOI_KL_Paris_300x600.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fe5c8adef36c8c62b10424a5eb0fd18086fca170ed784bd685167332eeb65bdf
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
102055
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
369
x-xss-protection
0
last-modified
Mon, 07 Jun 2021 11:26:53 GMT
server
sffe
date
Sun, 08 May 2022 22:13:37 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Mon, 08 May 2023 22:13:37 GMT
ll.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/images/ Frame 513F 		895 B
931 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/images/ll.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/SPE_AOI_KL_Paris_300x600.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0232009b6a37904421312ac1025a574c37239166eacd3461dc3de0b5a8042837
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
102055
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
895
x-xss-protection
0
last-modified
Mon, 07 Jun 2021 11:26:53 GMT
server
sffe
date
Sun, 08 May 2022 22:13:37 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Mon, 08 May 2023 22:13:37 GMT
preisButt.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/images/ Frame 513F 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/images/preisButt.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/SPE_AOI_KL_Paris_300x600.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c1ba38634705877e57a262f1b56ceccda6291baf44945236468d1288fc3970f4
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
102055
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4056
x-xss-protection
0
last-modified
Mon, 07 Jun 2021 11:26:53 GMT
server
sffe
date
Sun, 08 May 2022 22:13:37 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Mon, 08 May 2023 22:13:37 GMT
txt4.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/images/ Frame 513F 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/images/txt4.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/SPE_AOI_KL_Paris_300x600.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c521493e0b704ee1f855b42000eca6c4808a0af5eef5c185c604041081160a95
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
102055
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1850
x-xss-protection
0
last-modified
Mon, 07 Jun 2021 11:26:53 GMT
server
sffe
date
Sun, 08 May 2022 22:13:37 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Mon, 08 May 2023 22:13:37 GMT
txt5.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/images/ Frame 513F 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/images/txt5.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/SPE_AOI_KL_Paris_300x600.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5902d838a8e67a2c17cee7ee6508fe2987cfc8326fadcdb01e23bb7a82682462
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
102055
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1998
x-xss-protection
0
last-modified
Mon, 07 Jun 2021 11:26:53 GMT
server
sffe
date
Sun, 08 May 2022 22:13:37 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Mon, 08 May 2023 22:13:37 GMT
CTA.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/images/ Frame 513F 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/images/CTA.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/SPE_AOI_KL_Paris_300x600.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
45fa0b0c3721879683f93ac27dc7d5e012a45ed1115985f033b76e91695c6fbe
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
102055
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1210
x-xss-protection
0
last-modified
Mon, 07 Jun 2021 11:26:53 GMT
server
sffe
date
Sun, 08 May 2022 22:13:37 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Mon, 08 May 2023 22:13:37 GMT
DBx.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/images/ Frame 513F 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/images/DBx.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/SPE_AOI_KL_Paris_300x600.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
19eeb1c5b9a38d4f92f6ccd7a42bf8b52ce05e5cefe1354e271134ec1831f957
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
584080
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1214
x-xss-protection
0
last-modified
Mon, 07 Jun 2021 11:26:53 GMT
server
sffe
date
Tue, 03 May 2022 08:19:52 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 03 May 2023 08:19:52 GMT
gsap_3.5.1_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame 513F 		60 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1510524910526288399/SPE_AOI_KL_Paris_300x600.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24155
x-xss-protection
0
last-modified
Mon, 31 Aug 2020 21:23:17 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 10 May 2022 02:34:32 GMT
rum
dsum-sec.casalemedia.com/ Frame 297D
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF10a8NWaATfPAGHjOfR0fk&google_cver=1
43 B
894 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF10a8NWaATfPAGHjOfR0fk&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhjjrrXJATAB&v=APEucNWpPQACLpEuCFWtNBR2LkLjvCsnybR9OLtlt7KlpuwbqypWkqfNLUSPxH__wLaT76EHZ-S5L6CPy8rWKbzMsZlp-01G5SaiKUI43_DRyJDp9NKARgwORt54VFng7KXOw3BRrUWesuP3-3xWkeSf_ML45W7NCYe-gp5IGkzjFUDbF8g-EGQ
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 10 May 2022 02:34:32 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 10 May 2022 02:34:32 GMT

Redirect headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:32 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF10a8NWaATfPAGHjOfR0fk&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 297D
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YnnPOI3QBzqm4LeLo-u9oQAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF10a8NWaATfPAGHjOfR0fk&google_cver=1
43 B
894 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF10a8NWaATfPAGHjOfR0fk&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhjjrrXJATAB&v=APEucNWpPQACLpEuCFWtNBR2LkLjvCsnybR9OLtlt7KlpuwbqypWkqfNLUSPxH__wLaT76EHZ-S5L6CPy8rWKbzMsZlp-01G5SaiKUI43_DRyJDp9NKARgwORt54VFng7KXOw3BRrUWesuP3-3xWkeSf_ML45W7NCYe-gp5IGkzjFUDbF8g-EGQ
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 10 May 2022 02:34:32 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 10 May 2022 02:34:32 GMT

Redirect headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:32 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF10a8NWaATfPAGHjOfR0fk&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 297D
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESENKYflLLM_qahXYnAGj1klA&google_cver=1
43 B
1020 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESENKYflLLM_qahXYnAGj1klA&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhjjrrXJATAB&v=APEucNWpPQACLpEuCFWtNBR2LkLjvCsnybR9OLtlt7KlpuwbqypWkqfNLUSPxH__wLaT76EHZ-S5L6CPy8rWKbzMsZlp-01G5SaiKUI43_DRyJDp9NKARgwORt54VFng7KXOw3BRrUWesuP3-3xWkeSf_ML45W7NCYe-gp5IGkzjFUDbF8g-EGQ
Protocol
HTTP/1.1
Server
37.252.173.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 10 May 2022 02:34:32 GMT
X-Proxy-Origin
185.213.155.162; 185.213.155.162; 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
99e77c93-2870-4936-8502-614d5dc52752
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:32 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ib.adnxs.com/setuid?entity=101&code=CAESENKYflLLM_qahXYnAGj1klA&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 297D
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTk2MTk3MzE2MjA1NDY3NjgxNw%3D%3D
170 B
243 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTk2MTk3MzE2MjA1NDY3NjgxNw%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhjjrrXJATAB&v=APEucNWpPQACLpEuCFWtNBR2LkLjvCsnybR9OLtlt7KlpuwbqypWkqfNLUSPxH__wLaT76EHZ-S5L6CPy8rWKbzMsZlp-01G5SaiKUI43_DRyJDp9NKARgwORt54VFng7KXOw3BRrUWesuP3-3xWkeSf_ML45W7NCYe-gp5IGkzjFUDbF8g-EGQ
Protocol
H2
Server
142.250.74.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 10 May 2022 02:34:32 GMT
X-Proxy-Origin
185.213.155.162; 185.213.155.162; 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
a9be4e39-6110-46ff-997d-ba277d685dbe
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTk2MTk3MzE2MjA1NDY3NjgxNw%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
truncated
/ Frame B850 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
aaf02b215333824e9c2c56cfa9e061bc87e14520f243cd16bb5c2feaf58e2afc

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/png
express_html_inpage_rendering_lib_200_276.js
s0.2mdn.net/879366/ Frame C7D6 		106 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 12:10:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
51868
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37872
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 23:07:26 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 10 May 2022 12:10:04 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220505/r20110914/elements/html/ Frame C7D6 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220505/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B34qsRUTW_kglYgBky4oyGmyjrYh1cd5Ts8260fLB4_HupTVNC72m2A52YCWcdLl7x9k7dPOebfOfO9rdnRm223STaqoZZFSc5zYEhk1dmclW4GdynULTQ85Xo8elrzCK4PHt4bBQlWM684P2pbSRo2c2kiw&dbm_d=AKAmf-BNdcSuAVybBAUhEC8zGdErpyvvaWCRnIZJ-L9BqbrlYZ2THiSk-ZAfvONsUMEyPFpLqHsA56xDWXb1qU3txnNVG4WtBhqXjrJ1q0EblG8NXsg3eWVctlItggxSEavZgzImPe_ctDZdlEg18Od2AV8mM6Q7XFc9PAabJ-ahMAQ4j991XB4Wyjn0p8pbQ-jIiarASt2w9L3n7YwuDzS5VPrJPBdmDgO6vQ7sWnmAELNxhOejx9IumTR4tb42OIMYWZsQSiCPZw8XezDy_1GU9jktb957f-W3c6bSXQU2oGH-RNsPfvIqY3lyX77_4axe9EXqGHBc9phqxQrKENwZYzOiH8I9Q4uSysJuM7szYpwQL59wOQbeOmEtc34Rb7wNkSiUQdLR3fNYsZ_47FF01FM_lpGYkQnlCWQk-V_dtVP1Jty5-12rAzKZK-itjZHgVsx9ZO9PhcBWqXKs9brQGkP9kayiF3-mPXIE237gsSqxo-F9dnpeZrDa13gUszsAjuauoOhGAfASZ-wPlmn_do2qBOU-cc7otNtgQPFu1ik9BKgJo8LdOu438RCjHYCbInXZDRKTbwuzwbiuTAZ2oc-UwaOK7n7jps1-UrE5MnG-eoh5uggpnAj32zwdQcOKgj7iaJr9OQXFjpwM5xputFTxsDneTiOn_bXavNNamSBug-Wi-hE_FrfxbLDLlJSJlgqZY4Az-6X55JcJlJE0n50Mz2iu6anM4urzvg8MpLQB4IQV7RbC53hSDW_Ifr2FQUKsKWV5chtQ1AwlmDtwhLP8ZRWFygi1FLZlLDnrD2Kt6j4kVIeML4q7TMvYP5GHAx_vQuMvyoNxMxIfrxVFxj-xJOwy7gRHJQEUMTspGGPW3J04XDoSmRRBumZ7CSzExjdPGyh_jsTToDP2UHbTBJOF1nktP-jc35CW0b3fSpKepX9kryntevntAn94vi3YOs0jbfQhxbUVPEbYFJSh0mJmhEZD564GnJ9D1Z8asLfhfbJzpIUnpys-S8D1MW6hB5rBVgLRoLzewm4PwpGRXqLdYnN6Lc5jvMZYiyRYCnkxlrk8G9dRZvLs0t5Zac1p16-AheqdUhtaW_2qjemTk3RJqWBozuMcV0cT5GLoAns0-GzOoJ7ygsCmoEhSwGCg0P1B_NSIygdl9odNua_LcIBRJUj41kMQ5-Aqj--aGqbrRBnhbKgoYprTntZo3qQfNo0OQzqgCDy-K38DS3vdB4emHIaUrh1W8FbnkM5h28okDaH6rq_xy_dZ32jbm4DmJbjI8QktT_RXTiXv-xwfjjjA0CinjUfOw61l5RdTzRPBWiCVFl4b5k03QEG-S7BqRwpAxK9-t8yFyoEbG5S1SuIvX7E8jve2E5r_VRguODHD54gRblA8NVETvNiQTI5yTAUlQwMXQ-NSez9xBHUkxgti8WG0Agf4g7XiUySn96FDgLaf4gNlqm63Dy3I5iBHY3IU2HqnyqzkBZPV7rhmCVfVd-keb25xprk4g9qOqYRdvSWaR3L84j1cfKCvdkdoVDEh6t77qQlK4wIg7cjQAUKfdXyo7R-YkH85L7uqLhW4SVditXU33KMDkU5627ERo0QhjJ8gg-C75kPtDuuKcaaTSjztjwisbS1C3nt3lc39KcsjR7r2JefcfbKME7wrrYMxJGLFceCiLxILk7YS0sMQDdWieH97_nh-arrD5J1JYjyNRr7RQiugqE3WABNKgBIK8JvuqgnkKzfZdh8UYItmny5VV_Kflh8lkJaTUd4D-82AWaraPpMYfUUefDhzfjOZHk9cdcOqNEB1wXPb9CuBamcR_fYnv5-jIo8BSblaf1fIYqmhh9tE11vOozQ0tTLrYdguxbuzck5E2xs1wncdZjEWe2Xc6COZU4ro7OOJ_0D5Do6Zr6Ow39reWDaROxnFHmR-Yae2Del6AAKzIoYVEua2MMKAZKV3Zmjx3sHa45LGqofNQhkPJC-NgEqj5rfOnfF_iLanYg-AAs4hlg6gJHFuhIlNjzTEsgTtlQSojMybqpTT8M0RNJquiSNVEjHEa_ck9fRmJynquEAEGExKH_kek1mYNgFF1GbnJ0yPd_GBhRdYmZfe3vniJe-_YtcrsHBwlh_LRH_eYs1ySAAFeD9IOdjYIUc1nzhU_YTC1wFo8-ZinW0hJ4P_bKTaKQMrrA-D2PNUgAHhf_CRr4Bink0ePgWRbmsymXvXEafayscVHoY51QcoRGL_p68k2EuwvZsQ1O_yYEu3r-qiKLHZMBRKhzGj3Ho6hps9NzS44uIFizrIhhOSdeKtIPlIQyt3pDsHb469gkZx4tg7x76ZI3QD7L_dVo7dlWkh0j5SX4Mw3wonRn6pHq14_LgNf8NpOPnmhcPrl09HH6Qt9HafXrXWZoBKx0zVnKQkPyyO5c8MiG7hMe8X3sNgdN6MVvAyUaTej44tcmnqklivdBwl3w_b3Ltjqu34zsSG7P3C1ifVR8rFq9Z8QmeFn_OO9hbYBwPNbSOT9EMjwWsZJGTVEA0cMn273Qjs7ckgU2NymMZ4Psrid4wfGNXQBBqKENDNH8wKoM_W_o9p3ZYxwG8SCvtamx_dzGJdDANNoZuI8a7F8InoLPK6ntu73ScaGWvkSEfgVfAdXsYrFlQyhOUv5qa-GJ_Df7dE_MDJvUMH0zY00Ur-xwB9BOFgygjr7Yt9lOZVe1rU2laS7xNxD-iGdiMXNC9VLXugdPmwmgFMTW6bdxMrnCopFCaptnXRFV0FciEqJljXoDXvK2KHqSlZFUFQPQ7Z86E3igTY01CFkaGyD_9elYEPy7Ec85YtbA6QwSlyPlUvYaePhaIO1Cg_r--u-i93B1hzffRo9j-lYAzJcKvc-tvg8W2Cge-U2cdy7jy6UwuEybVD42JjP4QuwIFhPVQrEH1-9B6ghPKbEhjK1El2LfKJv6jCx_K2qtY_NHZRA61DRISKPutGiL1NWxipUDUwf1DKdVIjcQL7BRbiqyvaSpSv12nZ3bxyOAfj80n8PpU9OGEjeXLaAqeDouuS_Q&cid=CAASJORoj_m3cQyfGG3laQubxiUB2f7KOP950INdwmb4udL8UeQAWw&rfl=2%2Chttps%253A%252F%252Fsafelink12345.icu%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 01:37:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3414
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3159
x-xss-protection
0
server
cafe
etag
1394524276809619753
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 May 2022 01:37:38 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220505/r20110914/ Frame C7D6 		25 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220505/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B34qsRUTW_kglYgBky4oyGmyjrYh1cd5Ts8260fLB4_HupTVNC72m2A52YCWcdLl7x9k7dPOebfOfO9rdnRm223STaqoZZFSc5zYEhk1dmclW4GdynULTQ85Xo8elrzCK4PHt4bBQlWM684P2pbSRo2c2kiw&dbm_d=AKAmf-BNdcSuAVybBAUhEC8zGdErpyvvaWCRnIZJ-L9BqbrlYZ2THiSk-ZAfvONsUMEyPFpLqHsA56xDWXb1qU3txnNVG4WtBhqXjrJ1q0EblG8NXsg3eWVctlItggxSEavZgzImPe_ctDZdlEg18Od2AV8mM6Q7XFc9PAabJ-ahMAQ4j991XB4Wyjn0p8pbQ-jIiarASt2w9L3n7YwuDzS5VPrJPBdmDgO6vQ7sWnmAELNxhOejx9IumTR4tb42OIMYWZsQSiCPZw8XezDy_1GU9jktb957f-W3c6bSXQU2oGH-RNsPfvIqY3lyX77_4axe9EXqGHBc9phqxQrKENwZYzOiH8I9Q4uSysJuM7szYpwQL59wOQbeOmEtc34Rb7wNkSiUQdLR3fNYsZ_47FF01FM_lpGYkQnlCWQk-V_dtVP1Jty5-12rAzKZK-itjZHgVsx9ZO9PhcBWqXKs9brQGkP9kayiF3-mPXIE237gsSqxo-F9dnpeZrDa13gUszsAjuauoOhGAfASZ-wPlmn_do2qBOU-cc7otNtgQPFu1ik9BKgJo8LdOu438RCjHYCbInXZDRKTbwuzwbiuTAZ2oc-UwaOK7n7jps1-UrE5MnG-eoh5uggpnAj32zwdQcOKgj7iaJr9OQXFjpwM5xputFTxsDneTiOn_bXavNNamSBug-Wi-hE_FrfxbLDLlJSJlgqZY4Az-6X55JcJlJE0n50Mz2iu6anM4urzvg8MpLQB4IQV7RbC53hSDW_Ifr2FQUKsKWV5chtQ1AwlmDtwhLP8ZRWFygi1FLZlLDnrD2Kt6j4kVIeML4q7TMvYP5GHAx_vQuMvyoNxMxIfrxVFxj-xJOwy7gRHJQEUMTspGGPW3J04XDoSmRRBumZ7CSzExjdPGyh_jsTToDP2UHbTBJOF1nktP-jc35CW0b3fSpKepX9kryntevntAn94vi3YOs0jbfQhxbUVPEbYFJSh0mJmhEZD564GnJ9D1Z8asLfhfbJzpIUnpys-S8D1MW6hB5rBVgLRoLzewm4PwpGRXqLdYnN6Lc5jvMZYiyRYCnkxlrk8G9dRZvLs0t5Zac1p16-AheqdUhtaW_2qjemTk3RJqWBozuMcV0cT5GLoAns0-GzOoJ7ygsCmoEhSwGCg0P1B_NSIygdl9odNua_LcIBRJUj41kMQ5-Aqj--aGqbrRBnhbKgoYprTntZo3qQfNo0OQzqgCDy-K38DS3vdB4emHIaUrh1W8FbnkM5h28okDaH6rq_xy_dZ32jbm4DmJbjI8QktT_RXTiXv-xwfjjjA0CinjUfOw61l5RdTzRPBWiCVFl4b5k03QEG-S7BqRwpAxK9-t8yFyoEbG5S1SuIvX7E8jve2E5r_VRguODHD54gRblA8NVETvNiQTI5yTAUlQwMXQ-NSez9xBHUkxgti8WG0Agf4g7XiUySn96FDgLaf4gNlqm63Dy3I5iBHY3IU2HqnyqzkBZPV7rhmCVfVd-keb25xprk4g9qOqYRdvSWaR3L84j1cfKCvdkdoVDEh6t77qQlK4wIg7cjQAUKfdXyo7R-YkH85L7uqLhW4SVditXU33KMDkU5627ERo0QhjJ8gg-C75kPtDuuKcaaTSjztjwisbS1C3nt3lc39KcsjR7r2JefcfbKME7wrrYMxJGLFceCiLxILk7YS0sMQDdWieH97_nh-arrD5J1JYjyNRr7RQiugqE3WABNKgBIK8JvuqgnkKzfZdh8UYItmny5VV_Kflh8lkJaTUd4D-82AWaraPpMYfUUefDhzfjOZHk9cdcOqNEB1wXPb9CuBamcR_fYnv5-jIo8BSblaf1fIYqmhh9tE11vOozQ0tTLrYdguxbuzck5E2xs1wncdZjEWe2Xc6COZU4ro7OOJ_0D5Do6Zr6Ow39reWDaROxnFHmR-Yae2Del6AAKzIoYVEua2MMKAZKV3Zmjx3sHa45LGqofNQhkPJC-NgEqj5rfOnfF_iLanYg-AAs4hlg6gJHFuhIlNjzTEsgTtlQSojMybqpTT8M0RNJquiSNVEjHEa_ck9fRmJynquEAEGExKH_kek1mYNgFF1GbnJ0yPd_GBhRdYmZfe3vniJe-_YtcrsHBwlh_LRH_eYs1ySAAFeD9IOdjYIUc1nzhU_YTC1wFo8-ZinW0hJ4P_bKTaKQMrrA-D2PNUgAHhf_CRr4Bink0ePgWRbmsymXvXEafayscVHoY51QcoRGL_p68k2EuwvZsQ1O_yYEu3r-qiKLHZMBRKhzGj3Ho6hps9NzS44uIFizrIhhOSdeKtIPlIQyt3pDsHb469gkZx4tg7x76ZI3QD7L_dVo7dlWkh0j5SX4Mw3wonRn6pHq14_LgNf8NpOPnmhcPrl09HH6Qt9HafXrXWZoBKx0zVnKQkPyyO5c8MiG7hMe8X3sNgdN6MVvAyUaTej44tcmnqklivdBwl3w_b3Ltjqu34zsSG7P3C1ifVR8rFq9Z8QmeFn_OO9hbYBwPNbSOT9EMjwWsZJGTVEA0cMn273Qjs7ckgU2NymMZ4Psrid4wfGNXQBBqKENDNH8wKoM_W_o9p3ZYxwG8SCvtamx_dzGJdDANNoZuI8a7F8InoLPK6ntu73ScaGWvkSEfgVfAdXsYrFlQyhOUv5qa-GJ_Df7dE_MDJvUMH0zY00Ur-xwB9BOFgygjr7Yt9lOZVe1rU2laS7xNxD-iGdiMXNC9VLXugdPmwmgFMTW6bdxMrnCopFCaptnXRFV0FciEqJljXoDXvK2KHqSlZFUFQPQ7Z86E3igTY01CFkaGyD_9elYEPy7Ec85YtbA6QwSlyPlUvYaePhaIO1Cg_r--u-i93B1hzffRo9j-lYAzJcKvc-tvg8W2Cge-U2cdy7jy6UwuEybVD42JjP4QuwIFhPVQrEH1-9B6ghPKbEhjK1El2LfKJv6jCx_K2qtY_NHZRA61DRISKPutGiL1NWxipUDUwf1DKdVIjcQL7BRbiqyvaSpSv12nZ3bxyOAfj80n8PpU9OGEjeXLaAqeDouuS_Q&cid=CAASJORoj_m3cQyfGG3laQubxiUB2f7KOP950INdwmb4udL8UeQAWw&rfl=2%2Chttps%253A%252F%252Fsafelink12345.icu%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36998456859e35cf76812894575b0203d48ad8ac11d3165c5449d1fa73f19800
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 01:50:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2639
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9783
x-xss-protection
0
server
cafe
etag
9821519945299111448
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 May 2022 01:50:33 GMT
87D0VuGGyd8o4x1zT1VlOmQj8xrGMl1xcSeEyGhgSwY.js
pagead2.googlesyndication.com/bg/ Frame CECB 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/87D0VuGGyd8o4x1zT1VlOmQj8xrGMl1xcSeEyGhgSwY.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f3b0f456e186c9df28e31d734f55653a6423f31ac6325d71712784c868604b06
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 17:58:22 GMT
content-encoding
br
x-content-type-options
nosniff
age
30970
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13472
x-xss-protection
0
last-modified
Mon, 02 May 2022 13:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 09 May 2023 17:58:22 GMT
gen_csp
pagead2.googlesyndication.com/pagead/ Frame B850 		0
20 B 		Other
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPPkgNHy0_cCFY_QuwgdmTsEtg&gqi=N895YrClHK-V7_UP8PKFUA&layout=/sadbundle/%24csp%253Der3%24/1510524910526288399/SPE_AOI_KL_Paris_300x600.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&adk=3075158702&adf=1856860424&pi=t.aa~a.573379464~rp.3&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1810&idt=1&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0%2C360x280&nras=3&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=3529&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=LqVVgPPmHd&p=https%3A//safelink12345.icu&dtd=52
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
application/csp-report

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:32 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ Frame E5FB 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9d84066b8a3f91094e470c24431a4909a21ec94d1a841ff016832998dc9c7e66

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/png
si
googleads.g.doubleclick.net/pagead/drt/ Frame 4196
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 10 May 2022 02:34:32 GMT
expires
Tue, 10 May 2022 02:34:32 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 10 May 2022 02:34:32 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame C7D6 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&adk=926476324&adf=3768921151&pi=t.aa~a.4263631882~rp.4&w=360&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=360x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1811&idt=-M&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0&nras=2&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=QPZnfKCTaI&p=https%3A//safelink12345.icu&dtd=47
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 12:14:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
51607
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 09 May 2023 12:14:25 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 281D 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&adk=926476324&adf=3768921151&pi=t.aa~a.4263631882~rp.4&w=360&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=360x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1811&idt=-M&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0&nras=2&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=QPZnfKCTaI&p=https%3A//safelink12345.icu&dtd=47
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
74448
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=86400
content-encoding
gzip
content-length
724
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 09 May 2022 05:53:44 GMT
etag
48472445140208031
expires
Tue, 10 May 2022 05:53:44 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame C7D6 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8398df114273c5c500e2705ffb687ac84aa432317bb94353eff7d99889656a3a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/png
87D0VuGGyd8o4x1zT1VlOmQj8xrGMl1xcSeEyGhgSwY.js
pagead2.googlesyndication.com/bg/ Frame 4A1E 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/87D0VuGGyd8o4x1zT1VlOmQj8xrGMl1xcSeEyGhgSwY.js
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f3b0f456e186c9df28e31d734f55653a6423f31ac6325d71712784c868604b06
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 17:58:22 GMT
content-encoding
br
x-content-type-options
nosniff
age
30970
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13472
x-xss-protection
0
last-modified
Mon, 02 May 2022 13:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 09 May 2023 17:58:22 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame BB1A
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&adk=3075158702&adf=1856860424&pi=t.aa~a.573379464~rp.3&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1810&idt=1&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0%2C360x280&nras=3&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=3529&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=LqVVgPPmHd&p=https%3A//safelink12345.icu&dtd=52
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 10 May 2022 02:34:32 GMT
expires
Tue, 10 May 2022 02:34:32 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 10 May 2022 02:34:32 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame ADF8 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
51558
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 09 May 2022 12:15:14 GMT
expires
Tue, 09 May 2023 12:15:14 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
dpixel
cms.quantserve.com/ Frame 281D 		35 B
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEKOBz_LVVO0riosVcmoyKAM&google_cver=1&google_push=AYg5qPLXca8ZljJdVS2Zby_OxEntzwlDz0RatDFJEAaN6flKTD6Bic3pICNOHlrYOwProP44yLjjJrvRqUvsfDXPmO_y_L22fim8
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&adk=926476324&adf=3768921151&pi=t.aa~a.4263631882~rp.4&w=360&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=360x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1811&idt=-M&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0&nras=2&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=QPZnfKCTaI&p=https%3A//safelink12345.icu&dtd=47
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:32 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 281D
Redirect Chain
  • https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPLEC81b4q5Np1zRqRyEswmv_8fH_Z5mitXzwOryMxDNmtmQ_7KHkDTZtttS52B2SQ_kV2b2YGmOYQELlruTtxCyIFFz4Vo&google_gid=CAESEL_SRyJ3TI-IdaJnpP4omhw&goog...
  • https://id.rlcdn.com/1000.gif?memo=CK69HBoNCLie55MGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BWWc1cVBMRUM4MWI0cTVOcDF6UnFSeUVzd212XzhmSF9aNW1pdFh6d09yeU14RE5tdG1RXzdLSGtEVFp0dHRTNTJCMlNRX2tWMmIyWUdtT1lRRUxscn...
  • https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcweTNoVHd5dnFJWFEtczIwLWtLb1JVN1c1aVZNYk54b3V2WTNVRE1HTUx6bw==&google_push
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcweTNoVHd5dnFJWFEtczIwLWtLb1JVN1c1aVZNYk54b3V2WTNVRE1HTUx6bw==&google_push
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&adk=926476324&adf=3768921151&pi=t.aa~a.4263631882~rp.4&w=360&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=360x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1811&idt=-M&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0&nras=2&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=QPZnfKCTaI&p=https%3A//safelink12345.icu&dtd=47
Protocol
H3
Server
142.250.74.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Tue, 10 May 2022 02:34:32 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcweTNoVHd5dnFJWFEtczIwLWtLb1JVN1c1aVZNYk54b3V2WTNVRE1HTUx6bw==&google_push
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
pixel
cm.g.doubleclick.net/ Frame 281D
Redirect Chain
  • https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPJSQx3d...
  • https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPJSQx3d...
  • https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjA1MTAwMjM0MzIwMDAxNzY4MjkxMzk0NA%3D%3D&google_push=AYg5qPJSQx3d1ZO5_I3cpE4AnbaAcG-sBkPBpjSRvZ5HCP4Wqm4JLyx-dQyb0HLsOu28zr...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjA1MTAwMjM0MzIwMDAxNzY4MjkxMzk0NA%3D%3D&google_push=AYg5qPJSQx3d1ZO5_I3cpE4AnbaAcG-sBkPBpjSRvZ5HCP4Wqm4JLyx-dQyb0HLsOu28zrdRwqr0awpPgfzOECORd7h-gkjkowFV
Protocol
H3
Server
142.250.74.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjA1MTAwMjM0MzIwMDAxNzY4MjkxMzk0NA%3D%3D&google_push=AYg5qPJSQx3d1ZO5_I3cpE4AnbaAcG-sBkPBpjSRvZ5HCP4Wqm4JLyx-dQyb0HLsOu28zrdRwqr0awpPgfzOECORd7h-gkjkowFV
pragma
no-cache
date
Tue, 10 May 2022 02:34:32 GMT
cache-control
max-age=0, no-cache, no-store
content-length
0
strict-transport-security
max-age=2628000
expires
Tue, 10 May 2022 02:34:32 GMT
dds
rtb.openx.net/sync/ Frame 281D 		43 B
350 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.openx.net/sync/dds?google_gid=CAESEMKcw25_SyjVVPT0yojcQIk&google_cver=1&google_push=AYg5qPKCdE7TvUpvpbRMbRJxhOhAtbeCT-GbJR1YZXa3uv_VrYCima5PVgwydrYeflzW8q7IXId4Cw_QmY03aATS6Rp4KHqNv7Lt
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&adk=926476324&adf=3768921151&pi=t.aa~a.4263631882~rp.4&w=360&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=360x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1811&idt=-M&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0&nras=2&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=QPZnfKCTaI&p=https%3A//safelink12345.icu&dtd=47
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
Cowboy /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:32 GMT
via
1.1 google
server
Cowboy
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
null
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-request-id
81etts7ak72das09mp8383mho14de3nk
pixel
cm.g.doubleclick.net/ Frame 281D
Redirect Chain
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=JEr6yR7HQ7Ca_VCCRFMxvQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=JEr6yR7HQ7Ca_VCCRFMxvQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPK-zRHwwYDDpcIcK6xgHRWmx5QUauZ1GrqwnyfDOG_GxM-EQpVH2WxmlZFE4HrHQr25lZDgWfpJcD2kH9J20bwZaWo_GgiF
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&adk=926476324&adf=3768921151&pi=t.aa~a.4263631882~rp.4&w=360&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=360x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1811&idt=-M&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0&nras=2&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=QPZnfKCTaI&p=https%3A//safelink12345.icu&dtd=47
Protocol
H3
Server
142.250.74.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=JEr6yR7HQ7Ca_VCCRFMxvQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPK-zRHwwYDDpcIcK6xgHRWmx5QUauZ1GrqwnyfDOG_GxM-EQpVH2WxmlZFE4HrHQr25lZDgWfpJcD2kH9J20bwZaWo_GgiF
date
Tue, 10 May 2022 02:34:32 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
pixel
cm.g.doubleclick.net/ Frame 281D
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPYw1hAIouIQO8276sxUq3M&google_cver=1&google_push=AYg5qPIEnTQTP5tocHJbk_SMwBEod-yFei6izT8MNaIBtG0LXAmx1beNEzvcZddlFg05oQgmF0S...
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDJaSkhVUE8tMTItRkZENg==&google_push=AYg5qPIEnTQTP5tocHJbk_SMwBEod-yFei6izT8MNaIBtG0LXAmx1beNEzvcZddlFg05oQgmF0S-Xsn6z4qxtuUaI5BVOADcFIr_
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDJaSkhVUE8tMTItRkZENg==&google_push=AYg5qPIEnTQTP5tocHJbk_SMwBEod-yFei6izT8MNaIBtG0LXAmx1beNEzvcZddlFg05oQgmF0S-Xsn6z4qxtuUaI5BVOADcFIr_
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&adk=926476324&adf=3768921151&pi=t.aa~a.4263631882~rp.4&w=360&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=360x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1811&idt=-M&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0&nras=2&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=QPZnfKCTaI&p=https%3A//safelink12345.icu&dtd=47
Protocol
H3
Server
142.250.74.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDJaSkhVUE8tMTItRkZENg==&google_push=AYg5qPIEnTQTP5tocHJbk_SMwBEod-yFei6izT8MNaIBtG0LXAmx1beNEzvcZddlFg05oQgmF0S-Xsn6z4qxtuUaI5BVOADcFIr_
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
37b22a0c36bd84993dd2cda4a5e04b1d
Expires
0
pixel
cm.g.doubleclick.net/ Frame 281D
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENp-VlaZl5yW1UuGQOZRp34&google_cver=1&googl...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YnnPOI3QBzqm4LeLo_u9oQAABKAAAAAB&google_gid=CAESENp-VlaZl5yW1UuGQOZRp34&google_cver=1&google_push=AYg5qPJQdLXmQCtel2itlrNSGI9vpBbkMnDz0...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YnnPOI3QBzqm4LeLo_u9oQAABKAAAAAB&google_gid=CAESENp-VlaZl5yW1UuGQOZRp34&google_cver=1&google_push=AYg5qPJQdLXmQCtel2itlrNSGI9vpBbkMnDz0AQlvlaVM3kXBhZPIaPVH_WQEzmXe2VUUHcCQkdWPwfGXs3ozdjIgvSNN2jcK5vb
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&adk=926476324&adf=3768921151&pi=t.aa~a.4263631882~rp.4&w=360&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=360x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1811&idt=-M&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0&nras=2&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=QPZnfKCTaI&p=https%3A//safelink12345.icu&dtd=47
Protocol
H3
Server
142.250.74.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 10 May 2022 02:34:32 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YnnPOI3QBzqm4LeLo_u9oQAABKAAAAAB&google_gid=CAESENp-VlaZl5yW1UuGQOZRp34&google_cver=1&google_push=AYg5qPJQdLXmQCtel2itlrNSGI9vpBbkMnDz0AQlvlaVM3kXBhZPIaPVH_WQEzmXe2VUUHcCQkdWPwfGXs3ozdjIgvSNN2jcK5vb
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
460
Expires
Tue, 10 May 2022 02:34:32 GMT
attr
cm.g.doubleclick.net/pixel/ Frame 281D 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IqP4pP1tEFyq0FH0RPjLaLvjprMz7ezSqJ29zYT7I8tAIYkfpCP88busHovcG_i2jT4F4B
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&adk=926476324&adf=3768921151&pi=t.aa~a.4263631882~rp.4&w=360&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=360x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1811&idt=-M&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0&nras=2&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=QPZnfKCTaI&p=https%3A//safelink12345.icu&dtd=47
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.74.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:32 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
index.html
s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/ Frame 0D8D 		10 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/index.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ed47b446e91e5bab9de6c89dc828bc03b27ade7292591b93149e40ef8e91bdc7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
68399
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
3211
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Mon, 09 May 2022 07:34:33 GMT
expires
Tue, 09 May 2023 07:34:33 GMT
last-modified
Mon, 02 May 2022 12:21:24 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame C7D6 		0
622 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv2iGD7qAf4WsJSh88mbtLs3nKGTwl-FkOaMlGhTIvymM1nJx7KjENjO8mp-fHwEYd1SyIfh6eyOSATx1-F1dp_Eq_psRGjuvDPVhTDP6o3INe0nS2e5mw3JPmgINfhhgIc2ZAmYvHdXit__7Wt22uAg9CPJywJ-6l84MveA5wxHKwu0Jcbwkx2cqTYalX0CmvkxkJt9yP1lM4cdCjeNDxZz_-fkrYNUYD1ShtHMKPmqcWgKlrvAaDCWLko2eS7fVkfcYwLwszA-1hTep8aFiQ55Qd3OunRUEeWn8ZBk4AE7zM5CL1lhow8ppRhxN3HCUoIAYOYYSCZIDHoeGunuNNnjG38l_gw7TK76QEJH9XTPAy7_r-EN0YSrep8EiuxkMOcWKTpSQ_2oWryw1eOkedkriI2j83YrlJ9DTvxjftBbKc53KlXewQNm_jGQapkfv446fRFqjtpct3LJiksrlF-XEbT6hRTddLH3NNzmbrBSo07AW_Iwz-5wbt00eqNPA1HH_n8_W1MLLdkM2zT3PPC7MxXkRA-yyRaU8ibvcIg2beLrJGIBVJCIP52oRv1WUEepL5bgSmS3XWk3G1VeIVRGDVrxeKyx8g_QKzf5xvUHfPKYWoZZlA3wqUabGIoiUHTBC8MsXdCFuuVOGxt-kwDL4ru4PmAwcQ-53pQT3xBpajAKBHYKYfH_nenIueVk-jtM2enUaIfWhucxPmyGlpuCfo9lwxkbo1msDbY0UfvCxNLzMV4GmLyN9BXNBybUBsodLf_sSwJb73TikdND2MzkKLChpOkpLhff-LJikpSGxCevgADeVO3C6YT-4ifPddm0ImpRanI8R3pYkwp0rvCVMbieHEOTNiqAvXhL_uncVjqCmVOdX5jSIxwlVkIRn1NX_j3BuSoyJZ1_CSABcMB32zIJ_qPtzAhqlyZJWKNnfySHi-b3PKSgdGM7b5LSpGnKH876ToOob9QHV97EGCnxJJYD2lb9O6gFDtDSjj0SALTJAtUcsClqdiKkroWMkNpGNLSsD6ZxSc64uFX1q5pn8AoFLpPIC98UkwsmEnJg0kK_QkAm03q5u-jYYWsI35lKTE4R5qfEdgx3C4B_HRGnav-JIe1TyCH9UGCI_ZYsbMzmffUIRUvLIQ8PFLNWvpY6o37mjcJBGwEW7kg3wiI4CJHOHE7yrezPXTmWXllV-pPOqU7duNC2tkxXh6labiKlLuvk-JB2ecTGm1v&sai=AMfl-YQjHeVAeMbS0o_xdIvHDlD6eBPQBnAZtwLtGoa2Ah5Bdeppb5IxOjdNthOU1PxQuN2ctLPqyVPH292l-S2W_VDnCnbM-BDGh0Qa_jDZMvUJ9qnV83YZd7g3rwTiZCXsIbsFRIMbk77sLSpfTvrB-sl0WKvz6OfuqzW53x8A7rgY9MTFusG14-mxRVi8I--VlqGt08GlMH_UaGEddGCDCQ&sig=Cg0ArKJSzJ0gguu_mvezEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=222&cbvp=1&cstd=220&cisv=r20220505.15823&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date
Tue, 10 May 2022 02:34:32 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
87D0VuGGyd8o4x1zT1VlOmQj8xrGMl1xcSeEyGhgSwY.js
pagead2.googlesyndication.com/bg/ Frame 513F 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/87D0VuGGyd8o4x1zT1VlOmQj8xrGMl1xcSeEyGhgSwY.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f3b0f456e186c9df28e31d734f55653a6423f31ac6325d71712784c868604b06
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 17:58:22 GMT
content-encoding
br
x-content-type-options
nosniff
age
30970
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13472
x-xss-protection
0
last-modified
Mon, 02 May 2022 13:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 09 May 2023 17:58:22 GMT
87D0VuGGyd8o4x1zT1VlOmQj8xrGMl1xcSeEyGhgSwY.js
pagead2.googlesyndication.com/bg/ Frame ADF8 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/87D0VuGGyd8o4x1zT1VlOmQj8xrGMl1xcSeEyGhgSwY.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f3b0f456e186c9df28e31d734f55653a6423f31ac6325d71712784c868604b06
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 17:58:22 GMT
content-encoding
br
x-content-type-options
nosniff
age
30970
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13472
x-xss-protection
0
last-modified
Mon, 02 May 2022 13:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 09 May 2023 17:58:22 GMT
bg.jpg
s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/img/ Frame 0D8D 		41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/img/bg.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
aa53d0b0ffeeda282e45361043ca8815dd8608055c87175c4a340e7ee37a6504
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 07:34:33 GMT
x-content-type-options
nosniff
age
68399
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41645
x-xss-protection
0
last-modified
Mon, 02 May 2022 12:21:24 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 09 May 2023 07:34:33 GMT
text1.png
s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/img/ Frame 0D8D 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/img/text1.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b0f4967fc7c16660db52c4d63d7d6aa858f6a2087700e53994a8162c7bf570ab
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 07:34:33 GMT
x-content-type-options
nosniff
age
68399
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1686
x-xss-protection
0
last-modified
Mon, 02 May 2022 12:21:24 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 09 May 2023 07:34:33 GMT
text2.png
s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/img/ Frame 0D8D 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/img/text2.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c34eab3dfb8e7edc06708039a789d2e5044f19b35eec8b09a3518b107e3908aa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 07:34:33 GMT
x-content-type-options
nosniff
age
68399
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2498
x-xss-protection
0
last-modified
Mon, 02 May 2022 12:21:24 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 09 May 2023 07:34:33 GMT
text3.png
s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/img/ Frame 0D8D 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/img/text3.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
be1a99dd6790359bd638f7879dbe72651ddc359365c09c58c99de8064e6fcf61
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 07:34:33 GMT
x-content-type-options
nosniff
age
68399
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3043
x-xss-protection
0
last-modified
Mon, 02 May 2022 12:21:24 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 09 May 2023 07:34:33 GMT
text4.png
s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/img/ Frame 0D8D 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/img/text4.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b69a7adc78b723966b1103284233f8e679940ae56bc51878be6fa175241720b1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 07:34:33 GMT
x-content-type-options
nosniff
age
68399
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2402
x-xss-protection
0
last-modified
Mon, 02 May 2022 12:21:24 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 09 May 2023 07:34:33 GMT
legal1.png
s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/img/ Frame 0D8D 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/img/legal1.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e038b4e28fbd821825e505ea5c05e23086eb98d54b4785b75f8cda40c30fd8ea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 07:34:33 GMT
x-content-type-options
nosniff
age
68399
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19674
x-xss-protection
0
last-modified
Mon, 02 May 2022 12:21:24 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 09 May 2023 07:34:33 GMT
cta.png
s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/img/ Frame 0D8D 		832 B
859 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/img/cta.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5e2109ea5be04e19065582f452991eaab5aaa981234951901f235d0276f3dd0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Wed, 04 May 2022 15:28:31 GMT
x-content-type-options
nosniff
age
471961
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
832
x-xss-protection
0
last-modified
Mon, 02 May 2022 12:21:24 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 04 May 2023 15:28:31 GMT
logo.png
s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/img/ Frame 0D8D 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/img/logo.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
168569b93fb309aa05252baa0279555a2c25a83eb52fc8d4370029bf9ea8c91d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 07:34:33 GMT
x-content-type-options
nosniff
age
68399
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1984
x-xss-protection
0
last-modified
Mon, 02 May 2022 12:21:24 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 09 May 2023 07:34:33 GMT
klimaneutral.png
s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/img/ Frame 0D8D 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/img/klimaneutral.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9666c1dc3f770c8c7153bd19d6a4bcc6d1a520fad9ece28c70d4edda2777baec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 07:34:33 GMT
x-content-type-options
nosniff
age
68399
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2129
x-xss-protection
0
last-modified
Mon, 02 May 2022 12:21:24 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 09 May 2023 07:34:33 GMT
logo2.png
s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/img/ Frame 0D8D 		701 B
728 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/img/logo2.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7f265ae600594e6177fe026dd2279b45e556b84848a1f4d7c8fbebcdd815ce49
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 07:34:33 GMT
x-content-type-options
nosniff
age
68399
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
701
x-xss-protection
0
last-modified
Mon, 02 May 2022 12:21:24 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 09 May 2023 07:34:33 GMT
stoerer.png
s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/img/ Frame 0D8D 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/img/stoerer.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
04f0316bafa3b54df24922d9119407c2ba0469cc3c91ac8ce82899eee3c7f9ca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 07:34:33 GMT
x-content-type-options
nosniff
age
68399
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1625
x-xss-protection
0
last-modified
Mon, 02 May 2022 12:21:24 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 09 May 2023 07:34:33 GMT
tweenmax_1.19.0_643d6911392a3398cb1607993edabfa7_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame 0D8D 		109 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.19.0_643d6911392a3398cb1607993edabfa7_min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
36c0ec05d79bd9d3164effc3eca0f1962cd6f82bb1f41cb212e080910be24153
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/5408986660973303700/43-IWE-eSUV3-Mrec-300x250-Zukunft1/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37530
x-xss-protection
0
last-modified
Tue, 06 Sep 2016 20:51:14 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 10 May 2022 02:34:32 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame ADF8 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bq5WDOM95YrygAZiX3gP205LQDgAAAAA4AeAEAg&bg=!6uml6a3NAAZX5TVhd-U7ACkAdvg8WkniBZbOIosQEdiAmzTKgOFOo_3tPQfH7bh6myOKSNiE0WT_awIAAABmUgAAAAFoAQcKAFEy7LzeH1JJqYPq-2MKbn_JA26MKdMjscmho6xPwWazNm40-3bS4u-qA0vlTOeTVpoGYWi7nDzxIR_xupAUa0I8iokfb9d90KWHFknHK5Jc--CZAvBmXgx6EQ_mt1-EI2HATTxC5KU9ImhKFcslotz6dodMtjvRWs2DJL6ufDUPIba1C3rKuo8yOSzrKz2CDoAf3SdAtyxn5deNu_nqXARelzFrEHZmTNr73WAHsjROMCS-ZBUoqA7db93kw4TugyEqpTWPS9v6jZuFFNX5xAjof1jVG-D7Wcx4Enu2YkTZUggAomx281MrLHb0tHt5pyHQHZO1D8zstrnvQuNL6e08wwOoCwYYsz_n8Xk8hPUf7pvZuN2VJF-qR_TFZtpDFUzhOwRWbvqOI6tHHDhRID0xzP7_ePB33jN7XGdu3lDDmkzth-hTGlqjGGuMN1BmLs5lntnaX259GavUrpivqWvrv_HWYOX5cXhGEN8VcdJ0nLC0YQ-ulLaaDEla3JuUTro49kTevJKp8NHsb_KQeFUBbpZtzgHzbxmviR9iKXnCVcBjamZgEBF1d5Mnh2phyJlBCiQta_CJfz5HMYE-SOYzwa3ohFqyJfoWxy1IQA5hKqRi-YeI1DUUebpZ1pGdXD7YAVCpW_XDP4fqAnLKHculAP61qfX6xnlTgd_e6XHZ1s_sjlAptCgMw4baxbwdEidHjP8_za_jOR-qGQ-6aozEWOn7XFiZSvitzpK2Qv9352lYO_gfqrQiRuWZRqkgdB1wu8GbroE2ktACNer_2YOVXz1icdX2S3xJ_eg5MEzeOBRL9dLKMDr0saQMlpoyrvUozqZ57b28DfqlSCi_oj_ZBVFL5-wVWF2ENDSaig3zCRDDxkQqxROkZK6ziwDuwtwrkpNJpPF1JiiCvrAGPVpmg6CtEhaQ2eZfwEWdEpvENj9u9elJVTp6wWjr2n_LVjpwjLthkFyziJ5K3fCZ6lrNDZAj5Iu4Jlfo5zgarnSDhvGuyKyxf9f7IZHUIPdfcEvyP0oZzKHZ5rL1vJULa-takomW9MEQ9dQlie0dYPZE2-SyOkIOlmrau5i3WpkcHezD0leBSW5KOzQXScLKvfRTHO5ZOg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=280&adk=926476324&adf=3768921151&pi=t.aa~a.4263631882~rp.4&w=360&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=360x280&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1811&idt=-M&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0&nras=2&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1040&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=QPZnfKCTaI&p=https%3A//safelink12345.icu&dtd=47
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:32 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame C7D6 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv2iGD7qAf4WsJSh88mbtLs3nKGTwl-FkOaMlGhTIvymM1nJx7KjENjO8mp-fHwEYd1SyIfh6eyOSATx1-F1dp_Eq_psRGjuvDPVhTDP6o3INe0nS2e5mw3JPmgINfhhgIc2ZAmYvHdXit__7Wt22uAg9CPJywJ-6l84MveA5wxHKwu0Jcbwkx2cqTYalX0CmvkxkJt9yP1lM4cdCjeNDxZz_-fkrYNUYD1ShtHMKPmqcWgKlrvAaDCWLko2eS7fVkfcYwLwszA-1hTep8aFiQ55Qd3OunRUEeWn8ZBk4AE7zM5CL1lhow8ppRhxN3HCUoIAYOYYSCZIDHoeGunuNNnjG38l_gw7TK76QEJH9XTPAy7_r-EN0YSrep8EiuxkMOcWKTpSQ_2oWryw1eOkedkriI2j83YrlJ9DTvxjftBbKc53KlXewQNm_jGQapkfv446fRFqjtpct3LJiksrlF-XEbT6hRTddLH3NNzmbrBSo07AW_Iwz-5wbt00eqNPA1HH_n8_W1MLLdkM2zT3PPC7MxXkRA-yyRaU8ibvcIg2beLrJGIBVJCIP52oRv1WUEepL5bgSmS3XWk3G1VeIVRGDVrxeKyx8g_QKzf5xvUHfPKYWoZZlA3wqUabGIoiUHTBC8MsXdCFuuVOGxt-kwDL4ru4PmAwcQ-53pQT3xBpajAKBHYKYfH_nenIueVk-jtM2enUaIfWhucxPmyGlpuCfo9lwxkbo1msDbY0UfvCxNLzMV4GmLyN9BXNBybUBsodLf_sSwJb73TikdND2MzkKLChpOkpLhff-LJikpSGxCevgADeVO3C6YT-4ifPddm0ImpRanI8R3pYkwp0rvCVMbieHEOTNiqAvXhL_uncVjqCmVOdX5jSIxwlVkIRn1NX_j3BuSoyJZ1_CSABcMB32zIJ_qPtzAhqlyZJWKNnfySHi-b3PKSgdGM7b5LSpGnKH876ToOob9QHV97EGCnxJJYD2lb9O6gFDtDSjj0SALTJAtUcsClqdiKkroWMkNpGNLSsD6ZxSc64uFX1q5pn8AoFLpPIC98UkwsmEnJg0kK_QkAm03q5u-jYYWsI35lKTE4R5qfEdgx3C4B_HRGnav-JIe1TyCH9UGCI_ZYsbMzmffUIRUvLIQ8PFLNWvpY6o37mjcJBGwEW7kg3wiI4CJHOHE7yrezPXTmWXllV-pPOqU7duNC2tkxXh6labiKlLuvk-JB2ecTGm1v&sai=AMfl-YQjHeVAeMbS0o_xdIvHDlD6eBPQBnAZtwLtGoa2Ah5Bdeppb5IxOjdNthOU1PxQuN2ctLPqyVPH292l-S2W_VDnCnbM-BDGh0Qa_jDZMvUJ9qnV83YZd7g3rwTiZCXsIbsFRIMbk77sLSpfTvrB-sl0WKvz6OfuqzW53x8A7rgY9MTFusG14-mxRVi8I--VlqGt08GlMH_UaGEddGCDCQ&sig=Cg0ArKJSzJ0gguu_mvezEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=498&vt=11&dtpt=276&dett=3&cstd=220&cisv=r20220505.15823&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=
Requested by
Host: safelink12345.icu
URL: https://safelink12345.icu/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 10 May 2022 02:34:32 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
sodar
pagead2.googlesyndication.com/getconfig/ 		14 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220505&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205040101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1583720269494912&plah=safelink12345.icu&bust=31067450
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e0899cacc154e8c959e9e689758b0cae5030b64a84cfbd817f38df4fef0dbed2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 10 May 2022 02:34:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10723
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202205040101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1583720269494912&plah=safelink12345.icu&bust=31067450
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 10 May 2022 02:34:32 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 37D0 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safelink12345.icu/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
20108
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 09 May 2022 20:59:24 GMT
expires
Tue, 09 May 2023 20:59:24 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 778D 		783 B
534 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
616ac1ba2458b4c19c704511367608c38c444c079138e1094cc0659f4107cf2e
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-LniRFXVrCwzq8gwY2tIzvw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://safelink12345.icu/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
512
content-security-policy
script-src 'report-sample' 'nonce-LniRFXVrCwzq8gwY2tIzvw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 10 May 2022 02:34:32 GMT
expires
Tue, 10 May 2022 02:34:32 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
activeview
pagead2.googlesyndication.com/pcs/ Frame 39A4 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu2vmslGjYFjSH8BggmF5W59jhAfYtiJDwnjOy8akQhUtIzpQiyNL_8RgQwya0I_zoXxwz7IYM9QNPDfCy5gXs90cQDVevxslxu7mxOr5XN-A8g4ssWgQgQkNp0&sai=AMfl-YSCgl5iikrOVGtxkmqyNSj8bXPeKBgbOTfJwFiARcZ1LWtSoawKl4WW3aOBq1_m8t-JSErUXDSJ2kOb&sig=Cg0ArKJSzF-eIn1EfNKOEAE&id=lidar2&mcvt=1001&p=0,0,250,300&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20220509&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=2944592922&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1652150070776&rpt=1093&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:32 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame EDB8 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstGKe5W3a59DVo_UoHiveDeI-mEFZ_qpOxhcMmUJzbFjrnctIUCPRh5mC1RiolwNRfVtPNEV8gKb8xrx22Y4YsPH9BvXQBh2RhkGX_mAsOqujj3lIEuQ39QugFu&sai=AMfl-YTcsC-GoR8w5sn3BEHdMJwy2MnjGrF-wGjNMn8ehSHk1SYFURcbtdQeBC8TQPxK_1f1-h-sVaep1LbQ&sig=Cg0ArKJSzC4uNxWFPN10EAE&id=lidar2&mcvt=1002&p=0,0,280,820&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20220509&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1423993661&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1652150070754&rpt=1151&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:32 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 76CB 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvbb0MbSoWg2m41rcVmDrMtQbmnYY1Rq9WVhn71M-rl8RJNxQMNo_FsSn6wBUXNe1IW3pMcHjrHo6juiTtptq3H7-abC7VI7OBpwf5Gax9pG8rQ5vLJ8E48mf1A&sai=AMfl-YQG4pA9KxH_xGEYpEA2obinfcZPVzxOv1yca88eAOzgMdxFs6HKxmofV4DegoaY7TvmZf3nY_AEvd6M&sig=Cg0ArKJSzCGIt9TZuWBdEAE&id=lidar2&mcvt=1003&p=0,0,280,1200&mtos=1003,1003,1003,1003,1003&tos=1003,0,0,0,0&v=20220509&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=3563942368&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1652150070743&rpt=1151&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:32 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
87D0VuGGyd8o4x1zT1VlOmQj8xrGMl1xcSeEyGhgSwY.js
pagead2.googlesyndication.com/bg/ Frame 37D0 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/87D0VuGGyd8o4x1zT1VlOmQj8xrGMl1xcSeEyGhgSwY.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f3b0f456e186c9df28e31d734f55653a6423f31ac6325d71712784c868604b06
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 09 May 2022 17:58:22 GMT
content-encoding
br
x-content-type-options
nosniff
age
30970
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13472
x-xss-protection
0
last-modified
Mon, 02 May 2022 13:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 09 May 2023 17:58:22 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 778D 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220505&jk=4073828262775418&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers
activeview
pagead2.googlesyndication.com/pcs/ Frame E5FB 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssnS5du1rTYay-iO1VNtNn4tx_HEi4SNvlZpKw7-DZVSywWT9P3PyBQpqBckWsiQ1RYMLUaB2nVgTTEYtakISNte5FTUBIh8fbkQC_61YiPhN8WIpVzP-nZenqn&sai=AMfl-YQiFnZh1IAbbRRCpq8sirxiA58UOAmEG0twwgXY4-6aU9O_mcib-1TtBZp6nB1Om4ZplbuE7iyWadQB&sig=Cg0ArKJSzGfrqNOLg0RsEAE&id=lidar2&mcvt=1008&p=0,1,124.25,1006&mtos=0,752,1008,1008,1008&tos=0,752,256,0,0&v=20220509&bin=7&avms=nio&bs=0,0&mc=0.82&if=1&vu=1&app=0&itpl=2&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1652150071514&rpt=497&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:33 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
generate_204
tpc.googlesyndication.com/ Frame 37D0 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?I6SNzg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 02:34:33 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220505&jk=4073828262775418&bg=!RUalRgLNAAZX5TVhd-U7ACkAdvg8WnJ3ipc-JLy3gRs1wZo1Wl48_Z4iUePyjDs34Seb1pOIM9o1ZwIAAABfUgAAAANoAQcKAAkRmuwpROW9Y7eZApn2ZjmY4wYIvo9O_uQEhZQ17i-LvlbUb0w8bbd9CvAtU-ad2sPW1QZB_Lkfbjt2xx0AtgTFRENmyjr24lQnSz9bsxwKt3TJ3Z-sxHzGOgfif5NceO1-qYfEVa9cYjc3S56_HPnBosShBaTrtdWYCrvx0y7GUEpoHO2rfMiZFa8-W487fDvX8ir8XxDCgYE1rUkQ_Zh98PjUcix7QwqLHTbXaWhjD8lySuFYlnyGs_3mzLQaLiDNlCcOkDKHPWYp__ppMIiXkw_x_zmBknYPa0A7AIbg8Jop26n3Jtb5ajti-3wImDC7svZB5oMqGkTBX9kt0dSov1pa8CqfvtvC8H6w5bqVTU1eUlFPsRiCFtbDwGH1P1bBNzVMcMqT_Pbe2OEX6CxYWJvVpCetij8u6xPCKBVnld9OyqjuahFbDuWFbfegR_1XWxPfdEgRxHnWbjPTsyI600wr7PdXg8hozddFzso48iFO9sBMA3fJt3h5NAR7enGyLsOlY_aYdq5R5ReRQBSgZRq82ttQ0QNar-yMvDqXbSM6sudp22ft33Xt8NpQwBZctfet1rAT3W7wYfIGnbIUniBYl0EiuYGf2rCo2AYzmlc4KorzZNrBoKEln0OqD0o0iBmbv8Yu4ZfjH-JeCZdGM1VNkK288S5aW_e5q7Gl3hYrRfYp7Kd_-yv9muI6P0YMyAedz_cZ9jZIyy2B3ceSeNpxFWWSiYDpjeOJW-HWMzF2bsGd30U0C8h0FS0-BuMzT23JyOGtGP37-_ajiVINiVQFOKlbiGkTM_qoxd2XEMQ-Wme4iKVYTiSt30mIHbikdtIHqSKPs-NNK9y_4JThw4A9Eo79VLdsXGVqxKJmFrB3Jhhzty8-DX1B_TEKk6W166wWaw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://safelink12345.icu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers
67781566
mc.yandex.com/webvisor/ 		43 B
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.com/webvisor/67781566?wmode=0&wv-part=1&wv-hit=1000866796&page-url=https%3A%2F%2Fsafelink12345.icu%2F&rn=521853271&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1652150074%3Aw%3A1600x1200%3Av%3A791%3Az%3A0%3Ai%3A20220510023433%3Au%3A1652150070113072662%3Avf%3Aa8mjecangl5v275zywhk%3Awe%3A1%3Ast%3A1652150074&t=gdpr(14)ti(2)
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://safelink12345.icu/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:33 GMT
last-modified
Tue, 10-May-2022 02:34:33 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://safelink12345.icu
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Tue, 10-May-2022 02:34:33 GMT
67781566
mc.yandex.com/webvisor/ 		43 B
73 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.com/webvisor/67781566?wmode=0&wv-part=1&wv-hit=1000866796&page-url=https%3A%2F%2Fsafelink12345.icu%2F&rn=360124306&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1652150074%3Aw%3A1600x1200%3Av%3A791%3Az%3A0%3Ai%3A20220510023433%3Au%3A1652150070113072662%3Avf%3Aa8mjecangl5v275zywhk%3Awe%3A1%3Ast%3A1652150074&t=gdpr(14)ti(2)
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://safelink12345.icu/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:33 GMT
last-modified
Tue, 10-May-2022 02:34:33 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://safelink12345.icu
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Tue, 10-May-2022 02:34:33 GMT
67781566
mc.yandex.com/webvisor/ 		43 B
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.com/webvisor/67781566?wmode=0&wv-part=2&wv-hit=1000866796&page-url=https%3A%2F%2Fsafelink12345.icu%2F&rn=689007559&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1652150075%3Aw%3A1600x1200%3Av%3A791%3Az%3A0%3Ai%3A20220510023434%3Au%3A1652150070113072662%3Avf%3Aa8mjecangl5v275zywhk%3Awe%3A1%3Ast%3A1652150075&t=gdpr(14)ti(2)
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://safelink12345.icu/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 10 May 2022 02:34:34 GMT
last-modified
Tue, 10-May-2022 02:34:34 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://safelink12345.icu
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Tue, 10-May-2022 02:34:34 GMT

Verdicts & Comments Add Verdict or Comment

112 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails function| gtag object| dataLayer function| ym object| _wpemojiSettings object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| Ya object| yaCounter67781566 object| wlpush object| wdw object| adsbygoogle object| gaplugins object| gaGlobal object| gaData number| LAST_CORRECT_EVENT_TIME number| _259766530 function| fa object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac object| google_persistent_state_async boolean| google_measure_js_timing object| google_reactive_ads_global_state boolean| _gfp_a_ object| google_sa_queue function| google_process_slots boolean| google_apltlad function| google_spfd number| google_lpabyc number| google_unique_id object| google_sv_map string| google_user_agent_client_hint object| runtime object| regeneratorRuntime function| google_sa_impl object| googleToken object| googleIMState boolean| _gfp_p_ function| processGoogleToken number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages function| setImmediate function| clearImmediate object| wpcf7 object| twemoji object| wp object| generatepressMenu object| q2w3_sidebar_options function| extendStatics function| __extends function| __assign function| reactive function| StaticOffsets function| DynamicOffsets string| StopWidgetClassName string| FixedWidgetClassName function| Widget function| getWidgetContainer function| compatabilty_FW_v5 function| queryElements function| findWithProperty object| sidebars function| PositionWidget function| FixedWidget function| StickyWidget function| StopWidget function| Sidebar function| Sidebars function| onDocumentLoaded function| s function| f9ZZ function| m7rr object| google_image_requests object| google_llp function| E6ff function| f2AA function| H1ww function| B1ww function| i2oo object| googletag object| __AMP_LOG object| __AMP_ERRORS boolean| ampInaboxInitialized object| __AMP_MODE function| __AMP_REPORT_ERROR object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager object| AMP object| GoogleGcLKhOms

46 Cookies

Domain/Path Name / Value
.cdn-server.top/ Name: yxpi
Value: d41d8cd98f00b204e9800998ecf8427e
.safelink12345.icu/ Name: _ym_uid
Value: 1652150070113072662
.safelink12345.icu/ Name: _ym_d
Value: 1652150070
.mc.yandex.com/ Name: sync_cookie_csrf
Value: 3617677043fake
.mc.yandex.ru/ Name: sync_cookie_csrf
Value: 2659853772fake
.safelink12345.icu/ Name: _ga
Value: GA1.2.342346004.1652150070
.safelink12345.icu/ Name: _gid
Value: GA1.2.1836417473.1652150070
.safelink12345.icu/ Name: _gat_gtag_UA_49247768_6
Value: 1
.yandex.com/ Name: yandexuid
Value: 6246495041652150070
.yandex.com/ Name: yuidss
Value: 6246495041652150070
mc.yandex.com/ Name: yabs-sid
Value: 2117715031652150070
.yandex.com/ Name: i
Value: 6Y64ubbQ+zv3j8Q0VBMXC1urp785vVgMTPYDSS4/eD0CaFCM6Z+W59omDDUgWYmh6+eFw7rqKsJniVG9geNOc7MQHRI=
.yandex.com/ Name: ymex
Value: 1683686070.yrts.1652150070#1683686070.yrtsi.1652150070
.safelink12345.icu/ Name: _ym_visorc
Value: w
freychang.fun/ Name: csu
Value: 1045107954305473@1@1652150070
.safelink12345.icu/ Name: _ym_isad
Value: 2
.safelink12345.icu/ Name: __gads
Value: ID=5f3fd573a83cc373-22f905468fcd00bb:T=1652150070:RT=1652150070:S=ALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q
.adfarm1.adition.com/ Name: UserID1
Value: 7095930523029931221
.adfarm1.adition.com/ Name: lv_5155136
Value: w=4599678|t=1652150071
.doubleclick.net/ Name: IDE
Value: AHWqTUnayyoqfsmq72dcjMZb_az0XiQgvxkzvpqx4u39Os_NQltSThEErIaKzkKc2R4
at.bahn.de/ Name: exactag_new_gk
Value: a2eb654a28d5463482e1b7ecd7e24a2c%7c09.07.2022+02%3a34%3a30
at.bahn.de/ Name: exactag_new_uk
Value: eaadfa2b58104a1b91d7ecd873a27d4c%7c
at.bahn.de/ Name: session_session
Value: 0b03830a955944e296c82d72
.doubleclick.net/ Name: DSID
Value: NO_DATA
.casalemedia.com/ Name: CMID
Value: YnnPOI3QBzqm4LeLo-u9oQAA
.casalemedia.com/ Name: CMPS
Value: 3267
.adnxs.com/ Name: uuid2
Value: 1961973162054676817
.casalemedia.com/ Name: CMPRO
Value: 1184
.casalemedia.com/ Name: CMST
Value: YnnPOGJ5zzgA
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2Il^hfn1#!]tbPl1M>e)ZlrFUfJ+tGXxp6KD]r?S/s7/D>HatEAkUGUA7wxYZQs<hV9'o3If)y3KL9D3I?+]^spSe
.casalemedia.com/ Name: CMRUM3
Value: 2d6279cf382760CAESEF10a8NWaATfPAGHjOfR0fk
.quantserve.com/ Name: d
Value: EDMBCQGNJoEA
.quantserve.com/ Name: mc
Value: 6279cf38-75521-051c9-0f478
.pubmatic.com/ Name: KTPCACOOKIE
Value: YES
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 244AFAC9-1EC7-43B0-9AFD-5082445331BD
.rlcdn.com/ Name: rlas3
Value: d7vKhO/zfgn2SUS0B5Azzlcpimf6TY17mOYDcmzH7gQ=
.e.dlx.addthis.com/ Name: na_tc
Value: Y
.rlcdn.com/ Name: pxrc
Value: CLie55MGEgUI6AcQABIGCOndKhAA
.addthis.com/ Name: na_id
Value: 2022051002343200017682913944
.addthis.com/ Name: na_tc
Value: Y
.addthis.com/ Name: uid
Value: 6279cf387bcb4e8d
.addthis.com/ Name: ouid
Value: 6279cf3800011b7f56c43c641cde09e5aa254c0034423d989f4a
.dlx.addthis.com/ Name: na_rn
Value: 0
.dlx.addthis.com/ Name: na_sr
Value: 20220510
.dlx.addthis.com/ Name: na_srp
Value: 3614
.dlx.addthis.com/ Name: na_sc_e
Value: 0

5 Console Messages

Source Level URL
Text
network error URL: https://mc.yandex.com/sync_cookie_image_decide?token=9633.xPfFMfaL4edfCj-hO6EI5FbOVxTLaahBJOTGsEeYw3wUko5Wez5lQhXE_zacnPkLvid-CZ0L76lk_KBpd3v-Ew%2C%2C.dqFDKCbSNYzYyOqS-owL2zFG5wA%2C
Message:
Failed to load resource: the server responded with a status of 400 ()
other warning URL: https://cdn.ampproject.org/rtv/012203150226000/v0/amp-ad-exit-0.1.mjs(Line 1)
Message:
Unrecognized feature: 'attribution-reporting'.
security error URL: https://googleads.g.doubleclick.net/pagead/html/r20220505/r20110914/zrt_lookup.html?fsb=1(Line 21)
Message:
The Content Security Policy 'child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/SPE_AOI_KL_Paris_728x90.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18152525612819427694/SPE_AOI_KL_Paris_728x90.html' was delivered via a <meta> element outside the document's <head>, which is disallowed. The policy has been ignored.
security error URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&adk=3075158702&adf=1856860424&pi=t.aa~a.573379464~rp.3&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1810&idt=1&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0%2C360x280&nras=3&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=3529&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=LqVVgPPmHd&p=https%3A//safelink12345.icu&dtd=52
Message:
Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/1510524910526288399/SPE_AOI_KL_Paris_300x600.html".
security error URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1583720269494912&output=html&h=600&adk=3075158702&adf=1856860424&pi=t.aa~a.573379464~rp.3&w=280&fwrn=4&fwrnh=100&lmt=1652150069&rafmt=1&to=qs&pwprc=5277639605&psa=0&format=280x600&url=https%3A%2F%2Fsafelink12345.icu%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1652150071393&bpp=1&bdt=1810&idt=1&shv=r20220505&mjsv=m202205040101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5f3fd573a83cc373-22f905468fcd00bb%3AT%3D1652150070%3ART%3D1652150070%3AS%3DALNI_MYE9zbF_3BjFCLjG4B1UMgLjKLd3Q&prev_fmts=1200x280%2C820x280%2C300x250%2C280x600%2C0x0%2C360x280&nras=3&correlator=7912665475533&frm=20&pv=1&ga_vid=342346004.1652150070&ga_sid=1652150071&ga_hid=153598432&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1080&ady=3529&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44719339%2C31067450%2C31067488&oid=2&pvsid=4073828262775418&pem=124&tmod=81723138&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=LqVVgPPmHd&p=https%3A//safelink12345.icu&dtd=52
Message:
Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/1510524910526288399/SPE_AOI_KL_Paris_300x600.html".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad2.adfarm1.adition.com
adservice.google.com
adservice.google.de
at.bahn.de
cdn-server.top
cdn.ampproject.org
cm.g.doubleclick.net
cms.quantserve.com
djm080u34wfc5.cloudfront.net
dsum-sec.casalemedia.com
e.dlx.addthis.com
fnyfiexpectth.xyz
fonts.googleapis.com
fonts.gstatic.com
freychang.fun
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
id.rlcdn.com
image6.pubmatic.com
imagesrv.adition.com
mc.yandex.com
mc.yandex.ru
pagead2.googlesyndication.com
parentful.club
partner.googleadservices.com
pixel.rubiconproject.com
rbiscussexb.xyz
rtb.openx.net
s0.2mdn.net
safelink12345.icu
ssum-sec.casalemedia.com
static.doubleclick.net
tpc.googlesyndication.com
transmith.xyz
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
104.111.215.191
107.22.28.167
142.250.186.66
142.250.74.194
143.204.98.36
185.66.200.222
198.47.127.19
213.202.235.9
217.79.188.11
217.79.188.21
23.35.236.247
2606:4700:3030::ac43:dadd
2606:4700:3031::ac43:c811
2606:4700:3033::ac43:86f2
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2a00:1450:4001:801::2001
2a00:1450:4001:803::2008
2a00:1450:4001:809::200a
2a00:1450:4001:80e::2001
2a00:1450:4001:810::2002
2a00:1450:4001:811::2002
2a00:1450:4001:812::2002
2a00:1450:4001:827::200e
2a00:1450:4001:828::2002
2a00:1450:4001:829::2003
2a00:1450:4001:82a::2004
2a00:1450:4001:82a::2006
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2002
2a00:1450:4001:831::2006
2a02:6b8::1:119
35.227.252.103
35.244.174.68
37.252.173.38
44.195.137.121
69.173.144.139
99.86.1.225
0046edf48ba3760cd3ba2e489b43a553399b47f2046458473e025ca21d40f914
01284adf0039080c4d89732ef83440fd31b310a7bf3867b83b030f99ffd1f1c1
0232009b6a37904421312ac1025a574c37239166eacd3461dc3de0b5a8042837
044f584f1a9baaf0ac098cdc5afec3571962755149558e865515753fdcdb0c57
04f0316bafa3b54df24922d9119407c2ba0469cc3c91ac8ce82899eee3c7f9ca
0b43999f77e447254a78e068f55a6cc9075071b252277337b901e095e607e474
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0efc53d98f21fefc32d8ad84c673919c539b0b3feb2dc96598cbeb58883bd04c
1022567fccdbd3c790551cd2a39386535513ab6e0981eeb2d16c842e7688c7f5
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1464a132444c87fab8b265950a993c38b3c660b7077d37c06e9ad9d66eef872a
168569b93fb309aa05252baa0279555a2c25a83eb52fc8d4370029bf9ea8c91d
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
19eeb1c5b9a38d4f92f6ccd7a42bf8b52ce05e5cefe1354e271134ec1831f957
1d2b9a6b9bdf9ddbee5386c215c3a71090bbf12ed1920808af2980b416fcd3dd
1fc68702e852d06b9eab7e4f485f272633c17d4adf5b0f8ad32361e05ed1be27
213738a8de7a1e55874dcbc92825c84599256579b64f60f19c2514e61844e6bb
2872056c02ea70f31f0102c9f9b36d009ef22efaf1dfe6fa751ab02e3e53ba6a
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396
2de04103f08c2faae71aa8925ca761c164e1aaf2d4d3ff24de2f38cbdea1691c
2eb2a641ec9143273f4f5ba4f1526364fd4b1a040b628b4be54b77dbe362690f
32e14b3cd56f81235aaeb7d03ed1c7dc4ebf9917be35165798aabf6b82470542
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
360d179380bc90c336fe1361492e0fdecdaed71719555e3d20a9b20ff51ddbf7
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
36998456859e35cf76812894575b0203d48ad8ac11d3165c5449d1fa73f19800
36c0ec05d79bd9d3164effc3eca0f1962cd6f82bb1f41cb212e080910be24153
3768f04f42b79eb4e04658f9afcdab75362a71eed99e851b05312b74964907aa
37f7fb2def661546f0c7d14d165da8268dc9d45e842c68e5f605d61b1750207e
41a6a17d47cf9673e0142a58b845ae4e43b88b671ddf8c80aa665942c404666a
42b853168bb627593eb95b83db66183f7b3bd442db24c37398f1958d1451acd6
43944b1d0f3a9d73febdd95f633c7da079606eac5dc9912e1c1632bddfa773ab
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
4537a29929547063205a1bd5ca59dd679d2eac598b604b84615ee324aab70b67
45fa0b0c3721879683f93ac27dc7d5e012a45ed1115985f033b76e91695c6fbe
464db0771f1ab3055cab31a882499224a1aff66a2e59a89ab4fdda18f5f5ab71
4b1d66db42cfbcbb132f89b1468fe83982065671af27d6aa716b69cc3ace8d04
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
507e35125cc851a8df40be14c121c6473ac06bf612867da305eb67186dbb1492
513db1539e2636a80095ea5400aba7f55aa44b4d78eb0440cc87b6d693cf6090
53d890df0e63223c024065efcac5841d227ccf0c95e296caad2610de3213de31
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5902d838a8e67a2c17cee7ee6508fe2987cfc8326fadcdb01e23bb7a82682462
5c1c42e1a0a5d428646009535d29adb6d570b1118ff76f057da6b7d6e038b9e4
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5fb3bdb7f966c852579fb6b0574517445d5b2d171c804d66227ee67b1bffca9c
61028d59f434656a12997ef0539b4f0167dfaf302f9b607a815cfeaf0f093599
616ac1ba2458b4c19c704511367608c38c444c079138e1094cc0659f4107cf2e
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62d7ccc1923db76ca0d24a8ff8ba721aea01295ed799f8e99bd9876954ee3c19
63d83adb7760714b40f3441b7fe0b3a2bd4c4d3590e729bffc6754b20b5f6af2
652d8afe4739c95a4e295c8e479618c8d85004edea705a2787b353c6913c9663
679e44f9b4bbbc2ad0c4000c1413fd3a88627d83f1cba8ebdac26f81bc7edb78
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bb6c5a1b062a9f6564c6deb036b7b0bf99390733beca599de480bee7467cb71
714c7c167c33c1ef8ffefd8f02fb89b0d1e442c07792e89616088f0c92d7000b
71fe15d1a3a345f63df54bf9834c237d9ea9158f18d44cd5957aa1a2ebd426a0
73577f6a8bc7096353da1b32358f42ef7499340cf39d17e1fa8847510ae8c211
793caba4b52ad29fd92de4929a8727e5b7849e40523aac00cd9294ba919902d1
7965eb423420fc758c9c3482ba52da47ecb79748214d4898b1ae1375fb4592ea
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
7d210f7d18b1a67c12052541793c3fc63a9175ec1809b7988b9b9a13a4b50e16
7ef9261d8142ef4c8b5a4dccdfdbefaee50450c1791aabe949eb43ef09986c45
7f265ae600594e6177fe026dd2279b45e556b84848a1f4d7c8fbebcdd815ce49
7f5fee99e6c3c750affac339fedc80d63d25d44a83252318728d7a8bde88e4db
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
807973606f7828f72356e66e5aaeac1ba86b97b38d26d94c9175d8e231d9eba1
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8393b0f49cbaac879bc0a89a8d6fc918081a21fd4b13e5ae4416d2c1afbcca92
8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434
8398df114273c5c500e2705ffb687ac84aa432317bb94353eff7d99889656a3a
858cd8bbf3ba7dc01cc921e1357c935fa0ac149daa58594d9f285cd596a1be09
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8ba299532ffedcd88cd357136527b09918b07eea5861c7c03176aebb490434a9
9479b3e3bef0f6427206cadb155b1f1e0197e6d87356db3a4dee7732273b2b80
94bccc9b641ce0b4d8c6e0d75736d19c549ae58bf139e9d5ba5bfe8dad4a54cc
9666c1dc3f770c8c7153bd19d6a4bcc6d1a520fad9ece28c70d4edda2777baec
989c4b6fc5f26823e8f9ea47e11c66df72416bd7bf75111a733918251e68281b
98a89eea1652c34b20691a4d652eff624666e30f53f69850858b4198d180c7d5
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9d84066b8a3f91094e470c24431a4909a21ec94d1a841ff016832998dc9c7e66
9e5a280b1d9a39509fbbf088ac50252f3fdedc5ade26de6ca2f92801b586c5de
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2ad9b6aff869f154744470066ee5ecf8f3fbe7e1ca42e427aceb608c4023990
a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a546a59fc864be661a124e4d428e8de79717000d2bdc0ecf18a383e2944181d6
a5a5e37d34b9f1abc6dbeac4a963f1524d580cca56fa1dba5dc28420677c1bef
a82bc3d786dc23eb08874041eb1f2cded70c173ec4f5904df47cfd41d5e45a8e
aa53d0b0ffeeda282e45361043ca8815dd8608055c87175c4a340e7ee37a6504
aaf02b215333824e9c2c56cfa9e061bc87e14520f243cd16bb5c2feaf58e2afc
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b
aec5ee5147fdc283bcb601dc6231c234d9bec077d32756aef2a75eeedf78038f
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b0f4967fc7c16660db52c4d63d7d6aa858f6a2087700e53994a8162c7bf570ab
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b69a7adc78b723966b1103284233f8e679940ae56bc51878be6fa175241720b1
b83149463619a5f4bbee21909e8a99a085f15713e48d6522d0a3173b94a20e1e
b94ed570e00f5bba0eaed65da67bf6f2fc5e107446a682eb045f20dbd12ab0e8
baa8d3bd604f2a4a1ac557a89e045db73777eeb824c3e30d6fd1447415ab7a69
bc55a917750e5a1591e5c6d1da6f5e2457b0e0e5a9a86f03c5d5bef6d6b4ae35
bdc0c59701784258f143dfd4201f28353f080e0900a3530a83702e08c9ff353f
be1a99dd6790359bd638f7879dbe72651ddc359365c09c58c99de8064e6fcf61
c0901279dec1117310802c450665b34a60788da4a00e066d2de367327cd13456
c1ba38634705877e57a262f1b56ceccda6291baf44945236468d1288fc3970f4
c34eab3dfb8e7edc06708039a789d2e5044f19b35eec8b09a3518b107e3908aa
c521493e0b704ee1f855b42000eca6c4808a0af5eef5c185c604041081160a95
c6f7535fff7062c83be566ba775957e89a8b60e7df7f70e66f3ce97e9c4bb154
c95b2892559c3b699b75cfc29d12916404eedcfd932c11836f984ae15a4df737
c97ee96e08faea1bb215fd210a6695a7d3a4b9c689105a696fba7b3c1c94266c
caf79806c671203c47bb6da10080390506cd2c0a23d29a1fa71645e1b3ee99aa
cc0c74f2fa1307fa7e5b2e4287c4617e8e709144fe709054b71bd89117e198cc
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cdbdaa122823601390c7dcbdd1afde33c2f1a432b8c5ff025c6137ee99ba541a
ce3bdb20624fb7325e0f594c79dd17afff914481108a6caebb474ecda2982c54
cfaf60508a77b732490cebbf93a415622f5d33fc0a63f88365807b71a21c25b0
d05ff5e707df1365d6ff3c3a6dea8b3d7d08ea04bdbd1dfa2888f9d2a9523286
d06bcad17cfca1bd4f93fcbecae50b33fd541390a3c361c023a1e109b62b4396
d134482b582256f83aad4583af70db302e0319835dda567b27b5c568d421b47e
d31104bd431537fe33a23de333f81f6ded123a795d469dbd2f01426b3cfb43e4
d3c88a41f52ad3b17304d73e7a44932e543a153629ebcbb907a5d598f8c1d8ef
d416b44096111e19fb6150f8304cd39b580f6fa9b1c49a4f6937de4d924b570a
d53403b46513ac08f391a8d4ceb5ce983ec34bda72fcac03f545f68261a22b8c
d5e689d89b4a49a81ed13280c46f8eddaddc2dd6001424592c330cea016472aa
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d7a00b3271f88b673d5fe996f53e16ba8bb58a86ff2cd999544f4408ff8686e6
db282ab29c891bdb92b0df9bda22d85097103cf5facc1aefae003e1f51b816ce
deb5f99d8b9d2737e035fb24abb4d6c96951dbae09b710aeed70ab12fc3926e6
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
df230297f8c748c5179179a884000538af4bf7e0f04676b44f7efd6157df3cde
e038b4e28fbd821825e505ea5c05e23086eb98d54b4785b75f8cda40c30fd8ea
e050dd558d291f9d5034487968b4eb0dc7b805536b3e87b8ed9dd8b4244f78e7
e0899cacc154e8c959e9e689758b0cae5030b64a84cfbd817f38df4fef0dbed2
e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3e6d7077ab67152ad1384badefce35ba26282ab056f467e4fd0131d511b3dd8
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e50f9ccd2d6582a58ba1879fa578e60d25fea4c5eedc07deafd14482b2403181
e60c452440957a835817ab7f27b8c12523445603780bbfdf24b9bdb8e32c3581
e61933434b3e7c2e9522cc2ce414be3ded745451809b5c73c0c666db97e731b4
e6b4122b94b82886e32952c07c78d342647b3a38a2834f4489e0922308a95eab
e88adda18aa09bcb1b6747436882f40a0074574df0ca4bc130779bb440e19d9d
e99085c8cdfa85075b2de5790539cc5ab06de9d5d401232b6bc2440362f3037b
ed47b446e91e5bab9de6c89dc828bc03b27ade7292591b93149e40ef8e91bdc7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f27644734b8ead437f7ae34027490dae1d295348b0fc0cdca8b839bd9ef48d46
f39fcbfd7ade61e95cec7116403e96e6377c5947beb0afb1415b6e2dba0d2131
f3b0f456e186c9df28e31d734f55653a6423f31ac6325d71712784c868604b06
f4bb38b694a4a8d9f611e6107ee836e7e9198250f38392ae6508e408cc99ebc0
f5db968b3be7baa441a6422d931b2c6c83bb2b8312dbee038e6330b8fea689a7
f5e2109ea5be04e19065582f452991eaab5aaa981234951901f235d0276f3dd0
f61dbc962d308b3d5cf4948c4afef2616eeb8da1867140a825a0e25901e3a868
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16
f6f736530e79fdacc48a2138b774ffcf4a63e0153c9282192aef6ecf74b7d91f
f7500d6c5838fe2234de504b4dd347025351ca9f23d9f287cb4095542f9f6453
fe5c8adef36c8c62b10424a5eb0fd18086fca170ed784bd685167332eeb65bdf