trfnews.i234.me Open in urlscan Pro
64.235.70.98 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://trfnews.i234.me/
Effective URL:
https://trfnews.i234.me/wordpress/
Submission: On December 28 via api (December 28th 2023, 3:36:25 am UTC) from US — Scanned from DE

Summary HTTP 143 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 44 IPs in 7 countries across 29 domains to perform 143 HTTP transactions. The main IP is 64.235.70.98, located in Fosston, United States and belongs to GVTEL, US. The main domain is trfnews.i234.me.
TLS certificate: Issued by R3 on December 12th 2023. Valid for: 3 months.

This is the only time trfnews.i234.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 17	64.235.70.98 64.235.70.98	25769 (GVTEL) (GVTEL)
5	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
1 34	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2	167.71.57.196 167.71.57.196	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	2a00:1450:400... 2a00:1450:4001:803::200e	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2600:9000:225... 2600:9000:2250:4000:a:e047:753:a221	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:10:... 2606:4700:10::ac43:266a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	65.9.66.104 65.9.66.104	16509 (AMAZON-02) (AMAZON-02)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2606:4700::68... 2606:4700::6810:5614	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	172.64.152.89 172.64.152.89	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
1	157.230.100.179 157.230.100.179	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
4	167.71.54.9 167.71.54.9	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	108.128.142.196 108.128.142.196	16509 (AMAZON-02) (AMAZON-02)
1	141.95.98.65 141.95.98.65	16276 (OVH) (OVH)
1 3	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	192.0.77.48 192.0.77.48	2635 (AUTOMATTIC) (AUTOMATTIC)
1 2	34.120.135.53 34.120.135.53	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	35.244.159.8 35.244.159.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
21	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:806::2006	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
6 8	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
4 8	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 6	37.252.171.85 37.252.171.85	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
2	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
1	142.250.185.102 142.250.185.102	15169 (GOOGLE) (GOOGLE)
1 5	78.46.90.238 78.46.90.238	24940 (HETZNER-AS) (HETZNER-AS)
1	2a0b:4d07:101::1 2a0b:4d07:101::1	44239 (PROINITY ...) (PROINITY PROINITY)
1 2	216.58.206.38 216.58.206.38	15169 (GOOGLE) (GOOGLE)
2	18.132.155.124 18.132.155.124	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	18.66.147.120 18.66.147.120	16509 (AMAZON-02) (AMAZON-02)
2	13.42.80.79 13.42.80.79	() ()
143	44

17 64.235.70.98 (Fosston, United States) 1 redirects

ASN25769 (GVTEL, US)
PTR: 64-235-70-98.Gvtel.net

trfnews.i234.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 167.71.57.196 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)

cdn.webpushr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:4000:a:e047:753:a221 (United States)

ASN16509 (AMAZON-02, US)

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:266a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.66.104 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-104.fra56.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.152.89 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn-ima.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.230.100.179 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)

bot.webpushr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 167.71.54.9 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)

analytics.webpushr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.128.142.196 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-142-196.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.98.65 (France)

ASN16276 (OVH, FR)
PTR: ns3216659.ip-141-95-98.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:3::c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.48 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: s.w.org

s.w.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.135.53 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 53.135.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.159.244.35.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.185.98 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.18.36.155 (None, ) 4 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 37.252.171.85 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.102 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 78.46.90.238 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.238.90.46.78.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hal900019.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:101::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.206.38 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lhr35s10-in-f6.1e100.net

8019191.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.132.155.124 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-132-155-124.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.147.120 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-120.fra60.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.42.80.79 (None, )

ASN- ()

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
46	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 148	530 KB
27	doubleclick.net 8 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196 googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 219 ad.doubleclick.net — Cisco Umbrella Rank: 139 8019191.fls.doubleclick.net — Cisco Umbrella Rank: 270869	358 KB
17	i234.me 1 redirects trfnews.i234.me	356 KB
8	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 578	5 KB
7	webpushr.com cdn.webpushr.com — Cisco Umbrella Rank: 32989 bot.webpushr.com — Cisco Umbrella Rank: 48444 analytics.webpushr.com — Cisco Umbrella Rank: 39484	54 KB
6	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 229	5 KB
5	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 37721 hal900019.redintelligence.net — Cisco Umbrella Rank: 277154	11 KB
5	gstatic.com www.gstatic.com fonts.gstatic.com	66 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 206	258 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	301 KB
3	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 24395 api.webgains.io	19 KB
3	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 93	2 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	4 KB
3	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 1639 google-bidout-d.openx.net — Cisco Umbrella Rank: 1643	797 B
3	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 424 mug.criteo.com — Cisco Umbrella Rank: 2811	7 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2189	21 KB
2	webgains.com track.webgains.com — Cisco Umbrella Rank: 49821	44 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 138
2	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 979 bcp.crwdcntrl.net — Cisco Umbrella Rank: 850	12 KB
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 893 id5-sync.com — Cisco Umbrella Rank: 425	34 KB
1	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 128498	923 B
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 300	86 KB
1	w.org s.w.org — Cisco Umbrella Rank: 3043	762 B
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 631	13 KB
1	33across.com cdn-ima.33across.com — Cisco Umbrella Rank: 1352	5 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 1740	8 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 313	1 KB
1	creativecdn.com invstatic101.creativecdn.com — Cisco Umbrella Rank: 2133	1 KB
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 2789	3 KB
143	29

	Domain	Requested by
23	pagead2.googlesyndication.com	trfnews.i234.me pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net securepubads.g.doubleclick.net www.googletagservices.com
21	tpc.googlesyndication.com	googleads.g.doubleclick.net trfnews.i234.me 11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com tpc.googlesyndication.com securepubads.g.doubleclick.net
17	trfnews.i234.me	1 redirects trfnews.i234.me
11	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com trfnews.i234.me 11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com
8	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
8	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
6	ib.adnxs.com	4 redirects googleads.g.doubleclick.net
5	securepubads.g.doubleclick.net	trfnews.i234.me securepubads.g.doubleclick.net
4	hal900019.redintelligence.net	1 redirects googleads.g.doubleclick.net hal900019.redintelligence.net
4	www.gstatic.com	googleads.g.doubleclick.net trfnews.i234.me 11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com
4	www.googletagservices.com	googleads.g.doubleclick.net trfnews.i234.me
4	analytics.webpushr.com	cdn.webpushr.com
4	www.googletagmanager.com	trfnews.i234.me www.googletagmanager.com adv.office-partner.de
3	fonts.googleapis.com	googleads.g.doubleclick.net 11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com trfnews.i234.me
2	api.webgains.io	analytics.webgains.io
2	track.webgains.com	hal900019.redintelligence.net
2	8019191.fls.doubleclick.net	1 redirects trfnews.i234.me
2	www.googleadservices.com	trfnews.i234.me
2	www.google.com	1 redirects tpc.googlesyndication.com
2	oajs.openx.net	1 redirects trfnews.i234.me
2	gum.criteo.com	1 redirects static.criteo.net
2	11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	cdn.webpushr.com	trfnews.i234.me
1	analytics.webgains.io	track.webgains.com
1	adservice.google.com	8019191.fls.doubleclick.net
1	adv.office-partner.de	hal900019.redintelligence.net
1	hal9000.redintelligence.net	googleads.g.doubleclick.net
1	ad.doubleclick.net	googleads.g.doubleclick.net
1	fonts.gstatic.com	fonts.googleapis.com
1	s0.2mdn.net	googleads.g.doubleclick.net
1	google-bidout-d.openx.net	oa.openxcdn.net
1	mug.criteo.com	trfnews.i234.me
1	s.w.org	trfnews.i234.me
1	id5-sync.com	cdn.id5-sync.com
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	bot.webpushr.com	cdn.webpushr.com
1	static.criteo.net	securepubads.g.doubleclick.net
1	cdn-ima.33across.com	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	cdn.jsdelivr.net	securepubads.g.doubleclick.net
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	tags.crwdcntrl.net	securepubads.g.doubleclick.net
1	cdn.id5-sync.com	securepubads.g.doubleclick.net
1	cdn.prod.uidapi.com	securepubads.g.doubleclick.net
1	region1.google-analytics.com	www.googletagmanager.com
143	46

This site contains links to these domains. Also see Links.

Domain
yt3.ggpht.com
wordpress.org
www.webpushr.com

Subject Issuer	Validity	Valid
trfnews.i234.me R3	`2023-12-12` - `2024-03-11`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.webpushr.com Sectigo RSA Domain Validation Secure Server CA	`2023-05-11` - `2024-05-17`	a year	crt.sh
cdn.prod.uidapi.com R3	`2023-11-02` - `2024-01-31`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-07` - `2024-05-06`	a year	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2023-10-08` - `2024-11-05`	a year	crt.sh
invstatic101.creativecdn.com GTS CA 1D4	`2023-12-23` - `2024-03-22`	3 months	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-11-24` - `2024-02-22`	3 months	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2023-09-06` - `2024-09-30`	a year	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-15` - `2024-03-10`	3 months	crt.sh
*.id5-sync.com R3	`2023-11-01` - `2024-01-30`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-01` - `2024-03-01`	3 months	crt.sh
*.w.org Sectigo ECC Domain Validation Secure Server CA	`2023-12-18` - `2025-01-17`	a year	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
redintelligence.net R3	`2023-12-13` - `2024-03-12`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
adv.office-partner.de R3	`2023-12-27` - `2024-03-26`	3 months	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.webgains.io Amazon RSA 2048 M01	`2023-07-24` - `2024-08-22`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh

This page contains 25 frames:

Primary Page: https://trfnews.i234.me/wordpress/
Frame ID: 7A324E7FDA52B9ECE903258C2151CCD5
Requests: 53 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/zrt_lookup_fy2021.html
Frame ID: DAD7EE5072B11D26A6AE1D2A5273ADD1
Requests: 1 HTTP requests in this frame

Frame: https://11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 79C10DA67A9D0572A73200185A6ACB18
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=trfnews.i234.me
Frame ID: 727750C4220AB1EBD7E47D525496AE6D
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3868038712334580&output=html&adk=1812271804&adf=3025194257&lmt=1703734582&plat=1%3A64%2C2%3A64%2C8%3A64%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=164x945_l%7C164x945_r&format=0x0&url=https%3A%2F%2Ftrfnews.i234.me%2Fwordpress%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703734582362&bpp=7&bdt=475&idt=238&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5812992322352&frm=20&pv=2&ga_vid=1689424002.1703734582&ga_sid=1703734582&ga_hid=905273012&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44795921%2C95320884&oid=2&pvsid=2169492246637150&tmod=2091486081&uas=0&nvt=1&fsapi=1&ref=http%3A%2F%2Ftrfnews.i234.me%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=252
Frame ID: 48BB5A650EEFBBE692810700A00997F6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3868038712334580&output=html&h=280&adk=4188038881&adf=3136344130&pi=t.aa~a.1043414356~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1703734582&rafmt=1&to=qs&pwprc=5217193664&format=1200x280&url=https%3A%2F%2Ftrfnews.i234.me%2Fwordpress%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703734582369&bpp=1&bdt=482&idt=257&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5812992322352&frm=20&pv=1&ga_vid=1689424002.1703734582&ga_sid=1703734582&ga_hid=905273012&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=383&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44795921%2C95320884&oid=2&pvsid=2169492246637150&tmod=2091486081&uas=0&nvt=1&ref=http%3A%2F%2Ftrfnews.i234.me%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=259
Frame ID: 4B1ABDBEE965AB288901603A54D873F0
Requests: 15 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: E85DA72A759ECA498E14B057E26EDEA0
Requests: 1 HTTP requests in this frame

Frame: https://11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: D7D75E9D8CB059362537B490C45B300F
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 1055A536A106795C76A4A16F43CF91CA
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: CC092A3610F872FB083CDC579FD224FF
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 0801AC1D010B5368E6C5A06E0FE3B1E5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 0D283838C34CA0D5723BB92341FFF2BD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxiknLvGATAB&v=APEucNUl8tisIiK3w275FsaJsI86voIbsy7iI50M-9pf6HC--uSwx0GZiElq-0TLNeGvlw0yS1M5KjJupozblESkIdBOruDRkrALcDnUaRKIDLCrFIGpBMkJSbPMtgj0pIrr8X9qTs7-csb6UoI8eqNePPDfflqovVfUIM_JXEExTOHYRnPTh4c
Frame ID: 0D6BA64D4774E6FFA38B1736A97E19BA
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 7FFFA0EA1248F9F00EB69C9127EEF3BE
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMe68vACEMrSk4kEGJHhwPwBMAE&v=APEucNV-HcocuLN1VKr7b0hBiJeaniBCMNjCKPQ3YF74dVPdQWOi6JCV2ZvphP3M27DQh-vkYzyryeh_7JlzwNGzu9vVbbqAp-8ixNJ4NaCCOGLPiSlO0hNcnXSHhzl_yjMdcCcUPpkX0NiRB_UJMtPtcZK631zjDRuEv5Dskv_Ktn15FD6EL6I
Frame ID: 616EF70418FC4813C3BBD89D6A12829C
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js
Frame ID: D92AE8C2DA25A29EFF55DB8301285F02
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 1F3C54F3E90B6486183A0181AADD3E30
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/gPTZx8Qg5YtqHYATuVEq7wiNXgGYJLmNtV6Q-nRIA0Y.js
Frame ID: 9F8C068C6E2CF5277BD619C2C2268A86
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/gPTZx8Qg5YtqHYATuVEq7wiNXgGYJLmNtV6Q-nRIA0Y.js
Frame ID: 499754510DA037A2F41C53E6D9FA443D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: E906E42639C371A2B3ABAEC32E71753C
Requests: 3 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 2383487D801A0F4C3B82346EA39635F7
Requests: 3 HTTP requests in this frame

Frame: https://8019191.fls.doubleclick.net/activityi;dc_pre=CKmjnfWZsYMDFYvNOwId7LgFlw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=662711703618.2462
Frame ID: 3066A27765DBD01B24C00480D56436F7
Requests: 2 HTTP requests in this frame

Frame: https://hal900019.redintelligence.net/request_content.php?s=94964300009137204444546012552019&a=f0fa326e
Frame ID: 4679A3F5CBFAE58CF4DFB399E519CBAF
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 534CF94B6F27B1E8C82FB03AB9ACE9D7
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 5CEC095434011AAA4C221D078AB2ACAD
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

TRF News – Official News Site

Page URL History Show full URLs

http://trfnews.i234.me/ Page URL
https://trfnews.i234.me/wordpress HTTP 301
https://trfnews.i234.me/wordpress/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

143
Requests

91 %
HTTPS

47 %
IPv6

29
Domains

46
Subdomains

44
IPs

7
Countries

2196 kB
Transfer

5669 kB
Size

22
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://yt3.ggpht.com/ytc/AIf8zZS3-cZU66wqE3qM-deeQgzCZUYWvuSSoQY_hC9dyp0=s48-c-k-c0x00ffffff-no-rj%7C
Title: @bugbug873

Search URL Search Domain Scan URL

URL: https://yt3.ggpht.com/ytc/AIf8zZSAkv96ff0SN1G_UkNTR_q49b-_gld3Q-ikJqdhXA=s48-c-k-c0x00ffffff-no-rj%7C
Title: @trevonhicks7069

Search URL Search Domain Scan URL

URL: https://yt3.ggpht.com/ytc/AIf8zZQuoZaNSph3VqRMEdRQArwC5UBU6NhCEw3Wd7IBIQhVpq00aLg5CvnooaMVqkFe=s48-c-k-c0x00ffffff-no-rj%7C
Title: @paulhiles2122

Search URL Search Domain Scan URL

URL: https://yt3.ggpht.com/ytc/AIf8zZTEz071NotAmbvqdz6eVNvfMRlgudMI98vnEg=s48-c-k-c0x00ffffff-no-rj%7C
Title: @michaelpalus7929

Search URL Search Domain Scan URL

URL: https://yt3.ggpht.com/ytc/AIf8zZQ_HoW7LpFWVlJsPsjqZNXxgo--SqwPVAuTkQ=s48-c-k-c0x00ffffff-no-rj%7C
Title: @markwojo727

Search URL Search Domain Scan URL

URL: https://wordpress.org/
Title: WordPress

Search URL Search Domain Scan URL

URL: https://www.webpushr.com/
Title: Webpushr

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://trfnews.i234.me/ Page URL
https://trfnews.i234.me/wordpress HTTP 301
https://trfnews.i234.me/wordpress/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 50

https://gum.criteo.com/sid/json?origin=publishertagids&domain=trfnews.i234.me&sn=ChromeSyncframe&so=0&topUrl=trfnews.i234.me&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=Dg_xXXxqWmVuQ1lXS0hGODlINXJJV3EzcVd5TDJ6U1c0aDlqSEh5QnZVNmFIaVQrUmJPUjZ1d1hEbjZEVVZrZ250SVlJT1VRUnpYWVptQXlCczNEREVBWW1OdkZKMzQzdENkWUVDdFEzMWJHc2hCRjhqZXhsbnJqZzJUNThFQlBpY1M4YzlENTltc0MzeXZHQmlKejVvUHZsRkhSSFJQMzhxTHJDeHRiSk9mQ0JlNWw0RUFLeW15Z3BRUjFHTmRBTWhGYy9nUzlzOVQvRDVyMzdZeVYrUnE4anE4T2pJVWJJZmtselRORmJqRUFrckM3bjZLbmo3bklPMytWYi9Gd09yMHJwTjkvaUxGR3FLUHlUTFY1MzJiM2c4TVduMUVlS1hlcExKTzd1cUJ1UkE5VT18&cppv=2

Request Chain 52

https://oajs.openx.net/esp?url=https%3A%2F%2Ftrfnews.i234.me%2Fwordpress%2F&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Ftrfnews.i234.me%2Fwordpress%2F&rid=esp&cc=1

Request Chain 97

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 99

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED8vJQnECMoeY6rkAl1kig0&google_cver=1

Request Chain 100

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZYztNxGZHZrXlCT4tiPrzgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED8vJQnECMoeY6rkAl1kig0&google_cver=1

Request Chain 101

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEDhlXNAzU2DUP4mKET4jfCI&google_cver=1

Request Chain 102

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkwMjE4NzU1NDI3MTM0Njk3MQ%3D%3D

Request Chain 103

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED8vJQnECMoeY6rkAl1kig0&google_cver=1

Request Chain 104

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZYztN2vcEPERooqAI0T-5QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED8vJQnECMoeY6rkAl1kig0&google_cver=1

Request Chain 105

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEDhlXNAzU2DUP4mKET4jfCI&google_cver=1

Request Chain 106

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkwMjE4NzU1NDI3MTM0Njk3MQ%3D%3D

Request Chain 113

https://googleads.g.doubleclick.net/pagead/adview?ai=CtkPuNu2MZcibJ8iD1PIPgNOD0A_N1ZHmdK2arfGMCcri0uCyARABILablWVglfrwgYwHoAGlvY3KA8gBCakCg5KcQImhsj6oAwHIA8sEqgSQAk_QPiPrS-h5xfN-t1On6n7xdtZZLeIYOwhf6C5OYSXvVdBiuKM8kjgONCVZSwvfXQcFNt_1kMJKlNnQ2I4gAxwQhC563LMIJj1Je-PnMlJftRYiO-LjjDp_MPjFpyohL_wZxvqvleAOTBAMkEQ8PAvAOWo0TYHOziQyM1DxaawAxb9qu5pHKshb1mGEk6yZCQWZ1RoYqgzyAQomEq95NHrWyhczm8SJz0kleQ5HlpR79Y0aL8j3kHINg5oAdQpwPZ09ujOHBxxnqS1w_9A8_5OhFI8CLkKRQqwNNAt7Vg16W8D9MhjB6r5SLii8hyYlcAPq57JJw2jXFcY4JmuE35C-ElGNU4un-WHk3K545mwCwASanpCEiQKIBfSkpuwGkgUECAQYAZIFBAgFGASgBi6AB8PC8jWoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBCrwyfSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WLD32_SZsYMDmgkaaHR0cHM6Ly93d3cubXlza3l3aW5kLmNvbS-ACgHICwGiDBQqEgoQ5LSxAu61sQK1uLECu7uxAtgTDYgULNAVAZgWAYAXAbIXHAoaCAASFHB1Yi0zODY4MDM4NzEyMzM0NTgwGACyGAMiAQA&sigh=EzVgtvV9UTY&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwAvHhf_LwtYWKiD3PGAHFbYBj8pX10_mNBo3bmxthm8JyrgQMMj3Wq3lWxOoZxeATcxGwZtsc3g7geRgXPrpHNAoo0qsde56PLiLRzwy98YAQ&template_id=5000&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2210608348795368569313%22,%22debug_reporting%22:true,%22destination%22:%22https://myskywind.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22960716453%22],%2222%22:[%22true%22],%224%22:[%2212-28%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%222402015001087831009%22}&andc=true

Request Chain 120

https://hal900019.redintelligence.net/request.php?zone=kjmi9fqzw10q&nw=20&renderingType=javascript&namespace=954398f1fd&subid=&uid=42fb68d8141e842a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCfr3nNu2MZay9JpWM1PIPldaMsAnr0sGhad3z3vTFD_AuEAEgtpuVZWCVqrOCwAfIAQmpAoOSnECJobI-qAMByAObBKoEmgJP0JReJNEmvZN2wfmQnWAd60aHdDjQiMz2BeFXTL9OZUunzc4MnMnYsIbnVXSuzZe9f9iG9jUT4uqX8-5DGTpLZCegKzKTVxvl_ERka6gil8DdHe_yF-L5i-sV1WLF2zA9gHOi9-TbzRuo7V93Xq7o1Ly998S0hEYrs5fZ0euhL3zWM21b3yb1PLLni06EgIRCB_P1MH2wDwiAQDSe5oFIrtVbJlIrkBW_nbiG_caN85RLx3qNfeGp1oRvaLVzlsEXVsuc9rSqGnx9lTPaFgmg6ew3wq6W0N0jL8CUkSuLvQd2njrXgUbIkGNoNCjkiMWr8xlq3-Cpf_4OEA5JXeIW6qk4NI7tgDNMm4GJnc8QwPAstjv1X9-BKOnABL6O6uT5A-AEA4gFvdSKiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYv5jb9JmxgwOACgGYCwHICwGADAGiDBQqEgoQ5LSxAu61sQK1uLECrLqxAqoNAkRFsBOH77EV0BMA2BMDiBQC2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwAvHhf_3EC0cKJBaQWadLCWzvz1YTq4KBbdSrzFaYXieTbWa9nhgAyQbEjO5A2lX-6PG9hjoAxVOl4xC647Qlph1bTbHHWmHvJ_oFKsOyIYAQ%26sig%3DAOD64_2OWkdaGONJGacQTQDM41JlhjYqzw%26client%3Dca-pub-3868038712334580%26dbm_c%3DAKAmf-AL7KLk5-26A7c16YYv7_FAs5NrsHVVAXYPBDRpjBoSt-p7t1zugzGAmXD2fBLNaj6aMgL4-jAnFRRWWSB58D0eZtSntJY5yZO5IP8ezlmJwOpRszagdh_v8805mbfZbD1ICNgoRystcuC6fT0WfJeYBrk-b3KstoHD7DyJiUIvG31kIxU%26cry%3D1%26dbm_d%3DAKAmf-CtCbyWZjm4m4PUmbb8J0TgNek9PwrP-f-slgH9o-xMvwKo-43VCB1B7SmDJbVksolh5lY_Uz7mjtJpmWOJTiwlKZRLgee7awV3pB1IH42rziksimvgui_pn9mBxuTEZfwdVYrjPhszcj1ikI7SsySXZ3elR4QvjVPnA5MTkT9tag1SvdzjgeEnXyfKD1GAdIHpPaIqKIKXD9AFQhQ1MIthMnSf4-Xn3y3sYgwPQapuQO0CtC-XefFaHexIN6GHOCczc6z0wfK0bgs5bxSAYDlNa-tBatdanYmH61JSZcf_c4K5GUKAbI1-XiCCClEg3N5eOuehsJapwp5RlcpjSg2txFI6PpgIBqALVL2AifzVn1z6P9fTWQ2aF279fSv5zCbV0DZu7tpQ23PVVU1NiG3GGqm3rAK9IdZqynerzTnDNkXq4s_LdDTHKwHzGcCNyWAzC5rec-gZUkVsKhc6KWt7q2Zewm2tPamLozf20yWv6uDQp9hapxcrezVHoAsfUznk_j2BGjbTdXq3eBZCq78n_yjgen8t9FXZuO7xBj0EPNUED3dN3tDWvTYzDKEZSgZCpe52%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231207%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-0-%26adk%3D1812271803%26client%3Dca-pub-3868038712334580%26fa%3D3%26ifi%3D12%26uci%3Da!c%26btvi%3D1&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Ftrfnews.i234.me&random=6752670895&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0 HTTP 302
https://hal900019.redintelligence.net/request.php?zone=kjmi9fqzw10q&nw=20&renderingType=javascript&namespace=954398f1fd&subid=&uid=42fb68d8141e842a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCfr3nNu2MZay9JpWM1PIPldaMsAnr0sGhad3z3vTFD_AuEAEgtpuVZWCVqrOCwAfIAQmpAoOSnECJobI-qAMByAObBKoEmgJP0JReJNEmvZN2wfmQnWAd60aHdDjQiMz2BeFXTL9OZUunzc4MnMnYsIbnVXSuzZe9f9iG9jUT4uqX8-5DGTpLZCegKzKTVxvl_ERka6gil8DdHe_yF-L5i-sV1WLF2zA9gHOi9-TbzRuo7V93Xq7o1Ly998S0hEYrs5fZ0euhL3zWM21b3yb1PLLni06EgIRCB_P1MH2wDwiAQDSe5oFIrtVbJlIrkBW_nbiG_caN85RLx3qNfeGp1oRvaLVzlsEXVsuc9rSqGnx9lTPaFgmg6ew3wq6W0N0jL8CUkSuLvQd2njrXgUbIkGNoNCjkiMWr8xlq3-Cpf_4OEA5JXeIW6qk4NI7tgDNMm4GJnc8QwPAstjv1X9-BKOnABL6O6uT5A-AEA4gFvdSKiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYv5jb9JmxgwOACgGYCwHICwGADAGiDBQqEgoQ5LSxAu61sQK1uLECrLqxAqoNAkRFsBOH77EV0BMA2BMDiBQC2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwAvHhf_3EC0cKJBaQWadLCWzvz1YTq4KBbdSrzFaYXieTbWa9nhgAyQbEjO5A2lX-6PG9hjoAxVOl4xC647Qlph1bTbHHWmHvJ_oFKsOyIYAQ%26sig%3DAOD64_2OWkdaGONJGacQTQDM41JlhjYqzw%26client%3Dca-pub-3868038712334580%26dbm_c%3DAKAmf-AL7KLk5-26A7c16YYv7_FAs5NrsHVVAXYPBDRpjBoSt-p7t1zugzGAmXD2fBLNaj6aMgL4-jAnFRRWWSB58D0eZtSntJY5yZO5IP8ezlmJwOpRszagdh_v8805mbfZbD1ICNgoRystcuC6fT0WfJeYBrk-b3KstoHD7DyJiUIvG31kIxU%26cry%3D1%26dbm_d%3DAKAmf-CtCbyWZjm4m4PUmbb8J0TgNek9PwrP-f-slgH9o-xMvwKo-43VCB1B7SmDJbVksolh5lY_Uz7mjtJpmWOJTiwlKZRLgee7awV3pB1IH42rziksimvgui_pn9mBxuTEZfwdVYrjPhszcj1ikI7SsySXZ3elR4QvjVPnA5MTkT9tag1SvdzjgeEnXyfKD1GAdIHpPaIqKIKXD9AFQhQ1MIthMnSf4-Xn3y3sYgwPQapuQO0CtC-XefFaHexIN6GHOCczc6z0wfK0bgs5bxSAYDlNa-tBatdanYmH61JSZcf_c4K5GUKAbI1-XiCCClEg3N5eOuehsJapwp5RlcpjSg2txFI6PpgIBqALVL2AifzVn1z6P9fTWQ2aF279fSv5zCbV0DZu7tpQ23PVVU1NiG3GGqm3rAK9IdZqynerzTnDNkXq4s_LdDTHKwHzGcCNyWAzC5rec-gZUkVsKhc6KWt7q2Zewm2tPamLozf20yWv6uDQp9hapxcrezVHoAsfUznk_j2BGjbTdXq3eBZCq78n_yjgen8t9FXZuO7xBj0EPNUED3dN3tDWvTYzDKEZSgZCpe52%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231207%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-0-%26adk%3D1812271803%26client%3Dca-pub-3868038712334580%26fa%3D3%26ifi%3D12%26uci%3Da!c%26btvi%3D1&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Ftrfnews.i234.me&random=6752670895&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1

Request Chain 125

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=662711703618.2462 HTTP 302
https://8019191.fls.doubleclick.net/activityi;dc_pre=CKmjnfWZsYMDFYvNOwId7LgFlw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=662711703618.2462

143 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
trfnews.i234.me/ 80 B
333 B 269ms
121ms Document
text/html 64.235.70.98
GVTEL

General

Check archive.org

Show headers Download Go to

Full URL: http://trfnews.i234.me/
Protocol: HTTP/1.1
Server: 64.235.70.98 Fosston, United States, ASN25769 (GVTEL, US),
Reverse DNS: 64-235-70-98.Gvtel.net
Software: nginx /
Resource Hash: 87dce6ff0b5da285ceace3afdcf68edf75563d6dc1e2e7752ffa895127a62661

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Length: 80
Content-Type: text/html
Date: Thu, 28 Dec 2023 03:36:20 GMT
ETag: "638b2e86-50"
Keep-Alive: timeout=20
Last-Modified: Sat, 03 Dec 2022 11:09:58 GMT
Server: nginx

GET
H2

200

Primary Request / Show response
trfnews.i234.me/wordpress/
Redirect Chain

https://trfnews.i234.me/wordpress
https://trfnews.i234.me/wordpress/

95 KB
17 KB

305ms
305ms

Document
text/html

64.235.70.98
GVTEL

General

Check archive.org

Show headers Download Go to

Full URL: https://trfnews.i234.me/wordpress/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 64.235.70.98 Fosston, United States, ASN25769 (GVTEL, US),
Reverse DNS: 64-235-70-98.Gvtel.net
Software: nginx /
Resource Hash: d4cf94b530e4411adc336841bb9753cb9723fcc7431467942a39e30293475837

Request headers

Referer: http://trfnews.i234.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-length: 17539
content-type: text/html; charset=UTF-8
date: Thu, 28 Dec 2023 03:36:21 GMT
link: <https://trfnews.i234.me/wordpress/wp-json/>; rel="https://api.w.org/"
server: nginx
vary: Accept-Encoding

Redirect headers

content-length: 162
content-type: text/html
date: Thu, 28 Dec 2023 03:36:21 GMT
location: wordpress/
server: nginx

GET
H2 200 style.min.css
trfnews.i234.me/wordpress/wp-includes/css/dist/block-library/ 93 KB
15 KB 126ms
125ms Stylesheet
text/css 64.235.70.98
GVTEL

General

Check archive.org

Show headers Download Go to

Full URL: https://trfnews.i234.me/wordpress/wp-includes/css/dist/block-library/style.min.css
Requested by: Host: trfnews.i234.me
URL: https://trfnews.i234.me/wordpress/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 64.235.70.98 Fosston, United States, ASN25769 (GVTEL, US),
Reverse DNS: 64-235-70-98.Gvtel.net
Software: nginx /
Resource Hash: c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/wordpress/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:21 GMT
content-encoding: gzip
last-modified: Tue, 14 Mar 2023 09:23:23 GMT
server: nginx
etag: "172a9-5f6d8c77118c0-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 15494

GET
H2 200 custom-color-overrides.css
trfnews.i234.me/wordpress/wp-content/themes/twentytwentyone/assets/css/ 130 B
299 B 124ms
123ms Stylesheet
text/css 64.235.70.98
GVTEL

General

Check archive.org

Show headers Download Go to

Full URL: https://trfnews.i234.me/wordpress/wp-content/themes/twentytwentyone/assets/css/custom-color-overrides.css
Requested by: Host: trfnews.i234.me
URL: https://trfnews.i234.me/wordpress/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 64.235.70.98 Fosston, United States, ASN25769 (GVTEL, US),
Reverse DNS: 64-235-70-98.Gvtel.net
Software: nginx /
Resource Hash: 54e310005e904894ed9c3e6582efae4f8e57e695cba3adb1e304bec2e68a5951

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/wordpress/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:21 GMT
content-encoding: gzip
last-modified: Sun, 29 Oct 2023 13:53:54 GMT
server: nginx
etag: "82-608db409a5e60-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 119

GET
H2 200 classic-themes.min.css
trfnews.i234.me/wordpress/wp-includes/css/ 217 B
369 B 124ms
124ms Stylesheet
text/css 64.235.70.98
GVTEL

General

Check archive.org

Show headers Download Go to

Full URL: https://trfnews.i234.me/wordpress/wp-includes/css/classic-themes.min.css
Requested by: Host: trfnews.i234.me
URL: https://trfnews.i234.me/wordpress/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 64.235.70.98 Fosston, United States, ASN25769 (GVTEL, US),
Reverse DNS: 64-235-70-98.Gvtel.net
Software: nginx /
Resource Hash: 5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/wordpress/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:21 GMT
content-encoding: gzip
last-modified: Tue, 14 Mar 2023 09:23:23 GMT
server: nginx
etag: "d9-5f6d8c77118c0-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 189

GET
H2 200 dashicons.min.css
trfnews.i234.me/wordpress/wp-includes/css/ 58 KB
36 KB 242ms
242ms Stylesheet
text/css 64.235.70.98
GVTEL

General

Check archive.org

Show headers Download Go to

Full URL: https://trfnews.i234.me/wordpress/wp-includes/css/dashicons.min.css
Requested by: Host: trfnews.i234.me
URL: https://trfnews.i234.me/wordpress/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 64.235.70.98 Fosston, United States, ASN25769 (GVTEL, US),
Reverse DNS: 64-235-70-98.Gvtel.net
Software: nginx /
Resource Hash: c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/wordpress/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:21 GMT
content-encoding: gzip
last-modified: Tue, 14 Mar 2023 09:23:23 GMT
server: nginx
etag: "e688-5f6d8c77118c0-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes

GET
H2 200 frontend.min.css
trfnews.i234.me/wordpress/wp-content/plugins/post-views-counter/css/ 217 B
338 B 122ms
122ms Stylesheet
text/css 64.235.70.98
GVTEL

General

Check archive.org

Show headers Download Go to

Full URL: https://trfnews.i234.me/wordpress/wp-content/plugins/post-views-counter/css/frontend.min.css
Requested by: Host: trfnews.i234.me
URL: https://trfnews.i234.me/wordpress/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 64.235.70.98 Fosston, United States, ASN25769 (GVTEL, US),
Reverse DNS: 64-235-70-98.Gvtel.net
Software: nginx /
Resource Hash: cc2a604a1e6f73444e8db5d749a64c62899943e68ad07feeee39050b4fdb32cb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/wordpress/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:21 GMT
content-encoding: gzip
last-modified: Tue, 21 Nov 2023 11:46:35 GMT
server: nginx
etag: "d9-60aa82799fa95-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 158

GET
H2 200 twenty-twenty-one-style.min.css
trfnews.i234.me/wordpress/wp-content/themes/twentytwentyone/ 126 KB
22 KB 247ms
247ms Stylesheet
text/css 64.235.70.98
GVTEL

General

Check archive.org

Show headers Download Go to

Full URL: https://trfnews.i234.me/wordpress/wp-content/themes/twentytwentyone/twenty-twenty-one-style.min.css
Requested by: Host: trfnews.i234.me
URL: https://trfnews.i234.me/wordpress/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 64.235.70.98 Fosston, United States, ASN25769 (GVTEL, US),
Reverse DNS: 64-235-70-98.Gvtel.net
Software: nginx /
Resource Hash: a6e850b9391d2a4278ca8363f5b18ff921f22a1b0d4260c7d123e96a4b0b734d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/wordpress/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:21 GMT
content-encoding: gzip
last-modified: Sun, 29 Oct 2023 13:53:55 GMT
server: nginx
etag: "1f8fb-608db409aa2c0-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 22142

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 90 KB
29 KB 104ms
83ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: trfnews.i234.me
URL: https://trfnews.i234.me/wordpress/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

45cecf0c00a62d45f78b6144e597af7fa42a566f26e89ea49ae6dbc1252ef9dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29478
x-xss-protection: 0
server: cafe
etag: 0 / 19719 / m202312060101 / config-hash: 17400476758908410755
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 03:36:22 GMT

GET
H2 200 wp-emoji-release.min.js Show response
trfnews.i234.me/wordpress/wp-includes/js/ 18 KB
6 KB 123ms
123ms Script
application/javascript 64.235.70.98
GVTEL

General

Check archive.org

Show headers Download Go to

Full URL: https://trfnews.i234.me/wordpress/wp-includes/js/wp-emoji-release.min.js
Requested by: Host: trfnews.i234.me
URL: https://trfnews.i234.me/wordpress/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 64.235.70.98 Fosston, United States, ASN25769 (GVTEL, US),
Reverse DNS: 64-235-70-98.Gvtel.net
Software: nginx /
Resource Hash: 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/wordpress/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:22 GMT
content-encoding: gzip
last-modified: Tue, 14 Mar 2023 09:23:23 GMT
server: nginx
etag: "48b9-5f6d8c77118c0-gzip"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 5611

GET
H2 200 twenty-twenty-one-print-style.min.css
trfnews.i234.me/wordpress/wp-content/themes/twentytwentyone/assets/css/ 2 KB
1 KB 125ms
124ms Stylesheet
text/css 64.235.70.98
GVTEL

General

Check archive.org

Show headers Download Go to

Full URL: https://trfnews.i234.me/wordpress/wp-content/themes/twentytwentyone/assets/css/twenty-twenty-one-print-style.min.css
Requested by: Host: trfnews.i234.me
URL: https://trfnews.i234.me/wordpress/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 64.235.70.98 Fosston, United States, ASN25769 (GVTEL, US),
Reverse DNS: 64-235-70-98.Gvtel.net
Software: nginx /
Resource Hash: 041e252170e75ae03b0d0a9655053a18e5fac4f1858785af34a9ff6e65444748

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/wordpress/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:22 GMT
content-encoding: gzip
last-modified: Sun, 29 Oct 2023 13:53:54 GMT
server: nginx
etag: "77e-608db408b6080-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 844

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 186 KB
68 KB 44ms
22ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-129116107-3

Requested by

Host: trfnews.i234.me
URL: https://trfnews.i234.me/wordpress/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c0a56a6c907855e5ca531a8bb1eeaae817b03316cb91a9d68c0175eb79dd8cc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:22 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 69001
x-xss-protection: 0
last-modified: Thu, 28 Dec 2023 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 28 Dec 2023 03:36:22 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 145 KB
51 KB 77ms
55ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3868038712334580

Requested by

Host: trfnews.i234.me
URL: https://trfnews.i234.me/wordpress/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2135b9218095e4fb577dcffd98ff08c1fec7ae25437ee320e331ada7d2d2edb5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trfnews.i234.me/
Origin: https://trfnews.i234.me
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51385
x-xss-protection: 0
server: cafe
etag: 5266644759460036599
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 03:36:22 GMT

GET
H2 200 lazysizes.min.js Show response
trfnews.i234.me/wordpress/wp-content/plugins/sg-cachepress/assets/js/ 8 KB
4 KB 124ms
123ms Script
application/javascript 64.235.70.98
GVTEL

General

Check archive.org

Show headers Download Go to

Full URL: https://trfnews.i234.me/wordpress/wp-content/plugins/sg-cachepress/assets/js/lazysizes.min.js
Requested by: Host: trfnews.i234.me
URL: https://trfnews.i234.me/wordpress/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 64.235.70.98 Fosston, United States, ASN25769 (GVTEL, US),
Reverse DNS: 64-235-70-98.Gvtel.net
Software: nginx /
Resource Hash: cb34d2ee2a93fd11b734c124a6fc661339585c63382d08eb31bf921b66519eac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/wordpress/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:22 GMT
content-encoding: gzip
last-modified: Tue, 12 Dec 2023 11:53:08 GMT
server: nginx
etag: "1ed0-60c4eb1ab4258-gzip"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 3666

GET
H2 200 twenty-twenty-one-primary-navigation-script.min.js Show response
trfnews.i234.me/wordpress/wp-content/uploads/siteground-optimizer-assets/ 4 KB
1 KB 123ms
123ms Script
application/javascript 64.235.70.98
GVTEL

General

Check archive.org

Show headers Download Go to

Full URL: https://trfnews.i234.me/wordpress/wp-content/uploads/siteground-optimizer-assets/twenty-twenty-one-primary-navigation-script.min.js
Requested by: Host: trfnews.i234.me
URL: https://trfnews.i234.me/wordpress/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 64.235.70.98 Fosston, United States, ASN25769 (GVTEL, US),
Reverse DNS: 64-235-70-98.Gvtel.net
Software: nginx /
Resource Hash: d29d950d2b0f3b7d4df11dd0e5f552f101c53b042c4005e17a23714cbf6a9398

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/wordpress/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:22 GMT
content-encoding: gzip
last-modified: Sun, 29 Oct 2023 13:53:55 GMT
server: nginx
etag: "e93-608db409aa2c0-gzip"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 1184

GET
H2 200 twenty-twenty-one-responsive-embeds-script.min.js Show response
trfnews.i234.me/wordpress/wp-content/uploads/siteground-optimizer-assets/ 511 B
473 B 122ms
122ms Script
application/javascript 64.235.70.98
GVTEL

General

Check archive.org

Show headers Download Go to

Full URL: https://trfnews.i234.me/wordpress/wp-content/uploads/siteground-optimizer-assets/twenty-twenty-one-responsive-embeds-script.min.js
Requested by: Host: trfnews.i234.me
URL: https://trfnews.i234.me/wordpress/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 64.235.70.98 Fosston, United States, ASN25769 (GVTEL, US),
Reverse DNS: 64-235-70-98.Gvtel.net
Software: nginx /
Resource Hash: 1fdd4531dbd3e48083eb1b7a435dec19add796bf6dabfe766686d2b9cf16c582

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/wordpress/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:22 GMT
content-encoding: gzip
last-modified: Sun, 29 Oct 2023 13:53:55 GMT
server: nginx
etag: "1ff-608db409aa2c0-gzip"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 283

GET
H2 200 smush-lazy-load.min.js Show response
trfnews.i234.me/wordpress/wp-content/plugins/wp-smushit/app/assets/js/ 8 KB
4 KB 126ms
125ms Script
application/javascript 64.235.70.98
GVTEL

General

Check archive.org

Show headers Download Go to

Full URL: https://trfnews.i234.me/wordpress/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js
Requested by: Host: trfnews.i234.me
URL: https://trfnews.i234.me/wordpress/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 64.235.70.98 Fosston, United States, ASN25769 (GVTEL, US),
Reverse DNS: 64-235-70-98.Gvtel.net
Software: nginx /
Resource Hash: f65784e5e7332dc1e4bbeacbec70fdeef4a1bea84f16ce2ee144999719d195ce

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/wordpress/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:22 GMT
content-encoding: gzip
last-modified: Thu, 21 Dec 2023 11:25:59 GMT
server: nginx
etag: "1ef2-60d035d2744c7-gzip"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 3834

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 app.min.js Show response
cdn.webpushr.com/ 43 KB
13 KB 49ms
7ms Script
application/javascript 167.71.57.196
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.webpushr.com/app.min.js
Requested by: Host: trfnews.i234.me
URL: https://trfnews.i234.me/wordpress/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 167.71.57.196 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 8cb138b7157ea8c227921bb1a82d03f1bb3e81366b0f3d84baabbe61c310ed43

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:22 GMT
content-encoding: gzip
last-modified: Mon, 23 Oct 2023 18:34:56 GMT
server: nginx/1.16.1
etag: W/"6536bcd0-aca6"
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/javascript
x-gg-cache-status: HIT, HIT
cache-control: max-age=86400
expires: Fri, 29 Dec 2023 03:36:22 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 226 KB
80 KB 21ms
20ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-N1RWX7F25R&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-129116107-3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

63979666f2fefee896863ad307e8066f8539396a226c5c0128d06a21f350e8ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:22 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 81704
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 28 Dec 2023 03:36:22 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 34ms
9ms Script
text/javascript 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-129116107-3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 28 Dec 2023 01:48:17 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 6485
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 28 Dec 2023 03:48:17 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/ 399 KB
135 KB 84ms
68ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3868038712334580&plah=trfnews.i234.me

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3868038712334580

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b8697ab51e4a0f46540e2db9f137bdf4baca26ff960f5bbc12e75768b876ccba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137961
x-xss-protection: 0
server: cafe
etag: 11785214029093752088
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 03:36:22 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/ Frame DAD7 9 KB
4 KB 31ms
7ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3868038712334580

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trfnews.i234.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 15449
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 27 Dec 2023 23:18:53 GMT
etag: 5585625838579639069
expires: Wed, 10 Jan 2024 23:18:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
region1.google-analytics.com/g/ 0
254 B 36ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-N1RWX7F25R&gtm=45je3bt0v9114420562&_p=1703734582265&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1689424002.1703734582&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAAI&_s=1&sid=1703734582&sct=1&seg=0&dl=https%3A%2F%2Ftrfnews.i234.me%2Fwordpress%2F&dr=http%3A%2F%2Ftrfnews.i234.me%2F&dt=TRF%20News%20%E2%80%93%20Official%20News%20Site&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1183
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N1RWX7F25R&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:22 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://trfnews.i234.me
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/ 431 KB
135 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

108cdb682e1d256ba58174d96775ec12fe2e9515ffa2ca7edfff49343a4d97ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 21:01:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23717
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138180
x-xss-protection: 0
server: cafe
etag: 6854214708762155125
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Thu, 26 Dec 2024 21:01:05 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
206 B 15ms
15ms XHR
text/plain 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=905273012&t=pageview&_s=1&dl=https%3A%2F%2Ftrfnews.i234.me%2Fwordpress%2F&ul=en-us&de=UTF-8&dt=TRF%20News%20%E2%80%93%20Official%20News%20Site&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1854615441&gjid=261381034&cid=1689424002.1703734582&tid=UA-129116107-3&_gid=315307203.1703734582&_r=1&gtm=457e3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&jsscut=1&z=995819869

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://trfnews.i234.me/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:22 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://trfnews.i234.me
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 logo-no-backround.png
trfnews.i234.me/wordpress/wp-content/uploads/2023/04/ 29 KB
29 KB 124ms
123ms Image
image/png 64.235.70.98
GVTEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trfnews.i234.me/wordpress/wp-content/uploads/2023/04/logo-no-backround.png
Requested by: Host: trfnews.i234.me
URL: https://trfnews.i234.me/wordpress/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 64.235.70.98 Fosston, United States, ASN25769 (GVTEL, US),
Reverse DNS: 64-235-70-98.Gvtel.net
Software: nginx /
Resource Hash: 8590a1cc49716e2d1f16ec57db4c0aaf4245dfdcd349674de8ead8e857f5220c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/wordpress/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:22 GMT
last-modified: Sun, 30 Apr 2023 13:09:31 GMT
server: nginx
accept-ranges: bytes
etag: "7268-5fa8d6abf2f23"
content-length: 29288
content-type: image/png

GET
H2 200 1703733007_Fargo-Police-Dispatch-Logs-1568x1153.jpg
trfnews.i234.me/wordpress/wp-content/uploads/2023/12/ 218 KB
219 KB 124ms
124ms Image
image/jpeg 64.235.70.98
GVTEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trfnews.i234.me/wordpress/wp-content/uploads/2023/12/1703733007_Fargo-Police-Dispatch-Logs-1568x1153.jpg?v=1703733028
Requested by: Host: trfnews.i234.me
URL: https://trfnews.i234.me/wordpress/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 64.235.70.98 Fosston, United States, ASN25769 (GVTEL, US),
Reverse DNS: 64-235-70-98.Gvtel.net
Software: nginx /
Resource Hash: 8852c670fb95b903364c567bf93e3f81a6e076211cf542bc858b9e4e55c517ce

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/wordpress/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:22 GMT
last-modified: Thu, 28 Dec 2023 03:10:36 GMT
server: nginx
accept-ranges: bytes
etag: "368fc-60d894268cb7a"
content-length: 223484
content-type: image/jpeg

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 3 KB
3 KB 73ms
7ms Script
text/javascript 2600:9000:2250:4000:a:e047:753:a221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:4000:a:e047:753:a221 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-amz-version-id: KP_OVZMS6roEW_XJdOd.KnSEmM8GWiP3
Date: Wed, 27 Dec 2023 07:24:47 GMT
Via: 1.1 d20f19c14113bb86116d01e6cb4e2844.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P2
Age: 72696
x-amz-server-side-encryption: AES256
X-Cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 2776
Last-Modified: Thu, 19 Oct 2023 06:40:11 GMT
Server: AmazonS3
ETag: "a3a9a9ee8e72db69d54e805f0586c651"
Content-Type: text/javascript
Accept-Ranges: bytes
X-Amz-Cf-Id: fGDciYKSxN4QQLwYUGqfFVtweFN7_s24zboALctAdmNlQU-tT34L1w==

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 152 KB
34 KB 49ms
18ms Script
text/javascript 2606:4700:10::ac43:266a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:266a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65d03eb82a79a732d7c0180593c4f5dc98a8fac5c20c3a5446c4f14bf93d280a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:22 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 07 Dec 2023 12:57:20 GMT
server: cloudflare
x-amz-request-id: 66DQ5AATCXY2WP34
age: 421
etag: W/"5fcefeebf5ddc7b2ddf2435967e63de9"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 83c6c2348be35d57-FRA
x-amz-id-2: LgyxPuSgdxWm6QeOo8F40RM1LPQ0PkSTUloHvLTYaQx9cx5uIuXfY2sziuJLgz0pYNCrYPDiUPu4vtwsqXIolA==

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 39 KB
12 KB 28ms
7ms Script
text/javascript 65.9.66.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-104.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 05:37:12 GMT
content-encoding: gzip
via: 1.1 28ccbefb54459137bb0b0d946fd75e48.cloudfront.net (CloudFront)
last-modified: Wed, 06 Sep 2023 15:56:57 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 79151
etag: W/"e073e71ed7a44e6f9cdd72904fda5940"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=86400
x-amz-cf-id: X8vdS7xTeFaXw20cymTk068BpVmNYG_1OQJuO-N_RSmdbZ8r_9nt1g==

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 1 KB
1 KB 62ms
28ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:22 GMT
via: 1.1 google, 1.1 google
last-modified: Thu, 03 Aug 2023 03:28:51 GMT
server: Google Frontend
etag: fc4e6bfe266081c4873c6f08c8298e5c
content-type: text/javascript; charset=utf-8
x-cloud-trace-context: 15ce7349321793274297bd0e50d7ca47
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1207

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
1 KB 33ms
14ms Script
application/javascript 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 26329
x-jsd-version: master
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230088-FRA
x-jsd-version-type: branch
server: cloudflare
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zpL1BXQ67wT7PRz37%2FrhT3a%2Bd8Psj1MpdOIobnGR%2Ft65ZtS9G%2F7bnlHEE3LYoS24S2UJlptQSGi0WjvKWC4%2BlI9eWqPGrRI82Q3YTiHD1AXRmuElxrdgWus0vLyMplrm9K58PhE6pXuuoMpB3mk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 83c6c2347aba37fb-FRA

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 77ms
7ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 18:27:07 GMT
content-encoding: gzip
age: 1847355
x-guploader-uploadid: ABPtcPrGkX9WdEfraM_2GOgvO4XFku4h6LV8hSZGRCBWDldVHkLv6s4LjI-J4Ekw5y2K4Y2B5aE
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Thu, 05 Dec 2024 18:27:07 GMT

GET
H2 200 ob.js Show response
cdn-ima.33across.com/ 11 KB
5 KB 47ms
13ms Script
application/javascript 172.64.152.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-ima.33across.com/ob.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.152.89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c707d5798e40035ef5aa307db04e295703514d654b1e65fa62b04492c687c255

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:22 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 20 Dec 2023 19:21:40 GMT
server: cloudflare
age: 27059
etag: W/"65833ec4-2d18"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 83c6c2349df20487-FRA
expires: Sun, 31 Dec 2023 03:36:22 GMT

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 42 KB
13 KB 56ms
24ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

30fe2b25061c04e45888d4eccbe63e113ad09715a8ee40d87485f188a526aa2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:22 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 21 Dec 2023 07:50:16 GMT
server: nginx
etag: W/"6583ee38-a9b8"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 29 Dec 2023 03:36:22 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 757 B
374 B 238ms
237ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2169492246637150&correlator=3263607731977813&eid=31080124%2C31079960%2C31068825&output=ldjh&gdfp_req=1&vrg=202312060101&ptt=17&impl=fifs&iu_parts=21849154601%3A23021974033%2CAd.Plus-Anchor&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ifi=3&didk=2908278319&sfv=1-0-40&ists=1&fas=1&sc=1&cookie_enabled=1&abxe=1&dt=1703734582450&lmt=1703734582&adxs=-9&adys=-9&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Ftrfnews.i234.me%2Fwordpress%2F&ref=http%3A%2F%2Ftrfnews.i234.me%2F&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=1689424002.1703734582&ga_sid=1703734582&ga_hid=905273012&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQYsLn688oxSABSAghkEhsKDDMzYWNyb3NzLmNvbRiwufrzyjFIAFICCGQSGQoKcHViY2lkLm9yZxiwufrzyjFIAFICCGQSFwoIcnRiaG91c2UYsLn688oxSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGLC5-vPKMUgAUgIIZBIZCgp1aWRhcGkuY29tGLC5-vPKMUgAUgIIZBIUCgVvcGVueBiwufrzyjFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGLC5-vPKMUgAUgIIZA..&dlt=1703734581887&idt=545&adks=2086632925&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8ad821de4d3d832e93ba0ceeee283cfb6a444b33f0eac51d0c28a5060f4bd9c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:22 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 343
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://trfnews.i234.me
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 188 KB
52 KB 535ms
534ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2169492246637150&correlator=3263607731977813&eid=31080124%2C31079960%2C31068825&output=ldjh&gdfp_req=1&vrg=202312060101&ptt=17&impl=fifs&iu_parts=21849154601%3A23021974033%2CAd.Plus-Interstitial&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ifi=4&didk=3427883176&sfv=1-0-40&ists=1&fas=8&sc=1&cookie_enabled=1&abxe=1&dt=1703734582455&lmt=1703734582&adxs=-9&adys=-9&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Ftrfnews.i234.me%2Fwordpress%2F&ref=http%3A%2F%2Ftrfnews.i234.me%2F&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=1689424002.1703734582&ga_sid=1703734582&ga_hid=905273012&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQYsLn688oxSABSAghkEhsKDDMzYWNyb3NzLmNvbRiwufrzyjFIAFICCGQSGQoKcHViY2lkLm9yZxiwufrzyjFIAFICCGQSFwoIcnRiaG91c2UYsLn688oxSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGLC5-vPKMUgAUgIIZBIZCgp1aWRhcGkuY29tGLC5-vPKMUgAUgIIZBIUCgVvcGVueBiwufrzyjFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGLC5-vPKMUgAUgIIZA..&dlt=1703734581887&idt=545&adks=3525078868&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f24d6a2a575d004e391084bc27a8ddc8051ddf7cb278eeefc9cb935dd01a51d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:22 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53168
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://trfnews.i234.me
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 79C1 6 KB
3 KB 78ms
15ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trfnews.i234.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 03:36:22 GMT
expires: Fri, 27 Dec 2024 03:36:22 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_page_level_ads.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/ 39 KB
14 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl_page_level_ads.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

04d549a4f168546afdc3608bc6ef4ad67a16a2bf2baf8c6770f88f524c924d11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 22:21:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18868
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13835
x-xss-protection: 0
server: cafe
etag: 9174524701941205614
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Thu, 26 Dec 2024 22:21:54 GMT

POST
H/1.1 200
OK get_info Show response
bot.webpushr.com/prompt/ 29 KB
8 KB 57ms
7ms Fetch
text/html 157.230.100.179
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://bot.webpushr.com/prompt/get_info
Requested by: Host: cdn.webpushr.com
URL: https://cdn.webpushr.com/app.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.230.100.179 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: bccd7936eeee7b5ae5933179fbd2bad8da35fa353212321fd1a2a72be710b323

Request headers

Referer: https://trfnews.i234.me/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

server_name: lookup3
Date: Thu, 28 Dec 2023 03:36:22 GMT
Content-Encoding: gzip
Server: nginx/1.14.0 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Content-Type: text/html; charset=UTF-8
X-Fastcgi-Cache: MISS
Access-Control-Allow-Origin: https://trfnews.i234.me
Access-Control-Allow-Credentials: true
proxy_server_name: fr1_lookup_proxy
Connection: keep-alive
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
X-Proxy-Cache: HIT

POST
H/1.1 200
OK session Show response
analytics.webpushr.com/impression/ 0
538 B 42ms
7ms Fetch
text/html 167.71.54.9
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webpushr.com/impression/session
Requested by: Host: cdn.webpushr.com
URL: https://cdn.webpushr.com/app.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 167.71.54.9 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://trfnews.i234.me/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Thu, 28 Dec 2023 03:36:22 GMT
Content-Encoding: gzip
Server: nginx/1.14.0 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: https://trfnews.i234.me
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 60 B
334 B 97ms
30ms XHR
application/json 108.128.142.196
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.128.142.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-108-128-142-196.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 66b981d0719d3dfc13c5ab9d6acab6095f704a8c178f26436b0260e8e29edf72

Request headers

Referer: https://trfnews.i234.me/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:22 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://trfnews.i234.me
cache-control: no-cache
x-server: 10.45.2.119
access-control-allow-credentials: true
content-length: 60
expires: 0

GET
H2 204 increment Show response
id5-sync.com/api/esp/ 0
231 B 43ms
7ms XHR
text/plain 141.95.98.65
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.65 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3216659.ip-141-95-98.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://trfnews.i234.me/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://trfnews.i234.me
date: Thu, 28 Dec 2023 03:36:21 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 7277 14 KB
6 KB 40ms
14ms Document
text/html 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=trfnews.i234.me

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

cf66b1a88c1b59fe8d1068ff7ec392816c6a8a43a1d0647bd940591f09974446

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://trfnews.i234.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 03:36:21 GMT
server: Kestrel
server-processing-duration-in-ticks: 392423
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
x-robots-tag: noindex

POST
H/1.1 200
OK impression Show response
analytics.webpushr.com/notification_card/ 0
538 B 7ms
7ms Fetch
text/html 167.71.54.9
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webpushr.com/notification_card/impression
Requested by: Host: cdn.webpushr.com
URL: https://cdn.webpushr.com/app.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 167.71.54.9 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://trfnews.i234.me/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Thu, 28 Dec 2023 03:36:22 GMT
Content-Encoding: gzip
Server: nginx/1.14.0 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: https://trfnews.i234.me
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H/1.1 200
OK prompt Show response
analytics.webpushr.com/impression/ 0
538 B 12ms
7ms Fetch
text/html 167.71.54.9
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webpushr.com/impression/prompt
Requested by: Host: cdn.webpushr.com
URL: https://cdn.webpushr.com/app.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 167.71.54.9 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://trfnews.i234.me/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Thu, 28 Dec 2023 03:36:22 GMT
Content-Encoding: gzip
Server: nginx/1.14.0 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: https://trfnews.i234.me
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H/1.1 200
OK prompt Show response
analytics.webpushr.com/impression/ 0
538 B 20ms
7ms Fetch
text/html 167.71.54.9
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webpushr.com/impression/prompt
Requested by: Host: cdn.webpushr.com
URL: https://cdn.webpushr.com/app.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 167.71.54.9 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://trfnews.i234.me/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Thu, 28 Dec 2023 03:36:22 GMT
Content-Encoding: gzip
Server: nginx/1.14.0 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: https://trfnews.i234.me
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

GET
H2 200 Zr9ZvM2xVU.png
cdn.webpushr.com/siteassets/ 31 KB
31 KB 7ms
7ms Image
image/png 167.71.57.196
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.webpushr.com/siteassets/Zr9ZvM2xVU.png
Requested by: Host: trfnews.i234.me
URL: https://trfnews.i234.me/wordpress/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 167.71.57.196 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: d32218526ba1dc93e86d08729322899539973912d6875c533d5f4debbcb290f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:22 GMT
last-modified: Sun, 14 May 2023 15:10:12 GMT
server: nginx/1.16.1
etag: "6460f9d4-7b6b"
content-type: image/png
access-control-allow-origin: *
x-gg-cache-status: HIT
accept-ranges: bytes
content-length: 31595

GET
H2 200 26a1.svg
s.w.org/images/core/emoji/14.0.0/svg/ 451 B
762 B 27ms
6ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/14.0.0/svg/26a1.svg

Requested by

Host: trfnews.i234.me
URL: https://trfnews.i234.me/wordpress/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

d3a6d0c18f6887f771aa3cd51db375e7a9588e1af63801cc100cd9bcc5bccaac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 28 Dec 2023 03:36:22 GMT
x-content-type-options: nosniff
last-modified: Tue, 12 Apr 2022 03:53:44 GMT
server: nginx
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 451
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 48BB 186 KB
56 KB 370ms
370ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3868038712334580&output=html&adk=1812271804&adf=3025194257&lmt=1703734582&plat=1%3A64%2C2%3A64%2C8%3A64%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=164x945_l%7C164x945_r&format=0x0&url=https%3A%2F%2Ftrfnews.i234.me%2Fwordpress%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703734582362&bpp=7&bdt=475&idt=238&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5812992322352&frm=20&pv=2&ga_vid=1689424002.1703734582&ga_sid=1703734582&ga_hid=905273012&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44795921%2C95320884&oid=2&pvsid=2169492246637150&tmod=2091486081&uas=0&nvt=1&fsapi=1&ref=http%3A%2F%2Ftrfnews.i234.me%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=252

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3868038712334580&plah=trfnews.i234.me

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c38c89e435b09017b716919d8a2d9926a54a0a8133dd837d81a9465997caaf5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trfnews.i234.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 57597
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 03:36:22 GMT
expires: Thu, 28 Dec 2023 03:36:22 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

sid Show response
mug.criteo.com/ Frame 7277
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=trfnews.i234.me&sn=ChromeSyncframe&so=0&topUrl=trfnews.i234.me&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=Dg_xXXxqWmVuQ1lXS0hGODlINXJJV3EzcVd5TDJ6U1c0aDlqSEh5QnZVNmFIaVQrUmJPUjZ1d1hEbjZEVVZrZ250SVlJT1VRUnpYWVptQXlCczNEREVBWW1OdkZKMzQzdENkWUVDdFEzMWJHc2hCRjhqZXhsbnJqZzJUNT...

427 B
650 B

15ms
14ms

Fetch
application/json

2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=Dg_xXXxqWmVuQ1lXS0hGODlINXJJV3EzcVd5TDJ6U1c0aDlqSEh5QnZVNmFIaVQrUmJPUjZ1d1hEbjZEVVZrZ250SVlJT1VRUnpYWVptQXlCczNEREVBWW1OdkZKMzQzdENkWUVDdFEzMWJHc2hCRjhqZXhsbnJqZzJUNThFQlBpY1M4YzlENTltc0MzeXZHQmlKejVvUHZsRkhSSFJQMzhxTHJDeHRiSk9mQ0JlNWw0RUFLeW15Z3BRUjFHTmRBTWhGYy9nUzlzOVQvRDVyMzdZeVYrUnE4anE4T2pJVWJJZmtselRORmJqRUFrckM3bjZLbmo3bklPMytWYi9Gd09yMHJwTjkvaUxGR3FLUHlUTFY1MzJiM2c4TVduMUVlS1hlcExKTzd1cUJ1UkE5VT18&cppv=2

Requested by

Host: trfnews.i234.me
URL: https://trfnews.i234.me/wordpress/

Protocol

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

94aca785a9a34c314490c4e8a712cd5e5fee9da7d6318feb9362cdeab8c28797

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:22 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1680782
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:22 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=Dg_xXXxqWmVuQ1lXS0hGODlINXJJV3EzcVd5TDJ6U1c0aDlqSEh5QnZVNmFIaVQrUmJPUjZ1d1hEbjZEVVZrZ250SVlJT1VRUnpYWVptQXlCczNEREVBWW1OdkZKMzQzdENkWUVDdFEzMWJHc2hCRjhqZXhsbnJqZzJUNThFQlBpY1M4YzlENTltc0MzeXZHQmlKejVvUHZsRkhSSFJQMzhxTHJDeHRiSk9mQ0JlNWw0RUFLeW15Z3BRUjFHTmRBTWhGYy9nUzlzOVQvRDVyMzdZeVYrUnE4anE4T2pJVWJJZmtselRORmJqRUFrckM3bjZLbmo3bklPMytWYi9Gd09yMHJwTjkvaUxGR3FLUHlUTFY1MzJiM2c4TVduMUVlS1hlcExKTzd1cUJ1UkE5VT18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 308649
content-length: 0
expires: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4B1A 132 KB
42 KB 409ms
408ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3868038712334580&output=html&h=280&adk=4188038881&adf=3136344130&pi=t.aa~a.1043414356~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1703734582&rafmt=1&to=qs&pwprc=5217193664&format=1200x280&url=https%3A%2F%2Ftrfnews.i234.me%2Fwordpress%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703734582369&bpp=1&bdt=482&idt=257&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5812992322352&frm=20&pv=1&ga_vid=1689424002.1703734582&ga_sid=1703734582&ga_hid=905273012&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=383&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44795921%2C95320884&oid=2&pvsid=2169492246637150&tmod=2091486081&uas=0&nvt=1&ref=http%3A%2F%2Ftrfnews.i234.me%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=259

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7b97d2ccc814178e0d588db6ad749776f2b6290db6686ae8daade885de1cdb4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trfnews.i234.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 43137
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 03:36:23 GMT
expires: Thu, 28 Dec 2023 03:36:23 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Ftrfnews.i234.me%2Fwordpress%2F&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Ftrfnews.i234.me%2Fwordpress%2F&rid=esp&cc=1

85 B
193 B

119ms
119ms

Fetch
application/json

34.120.135.53
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Ftrfnews.i234.me%2Fwordpress%2F&rid=esp&cc=1
Requested by: Host: trfnews.i234.me
URL: https://trfnews.i234.me/wordpress/
Protocol: H2
Server: 34.120.135.53 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 53.135.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: 9823237c2eaa28fc4efddf36f57328a95160a1e3395efd108092d48a99ae7984

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:22 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-6sL8rcIbksyeYgxRD5h8EY0oMQE"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://trfnews.i234.me
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Thu, 28 Dec 2023 03:36:22 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://trfnews.i234.me
location: /esp?url=https%3A%2F%2Ftrfnews.i234.me%2Fwordpress%2F&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame E85D 199 B
298 B 66ms
15ms Document
text/html 35.244.159.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: de259eb7ba7a0e45575deb33946f1fbc695c97c33145ae4e49af0069d010868e

Request headers

Referer: https://trfnews.i234.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 151
content-type: text/html
date: Thu, 28 Dec 2023 03:36:22 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/ 160 KB
55 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

845f85e1514e9daf9bbdce8848cfb2291516fd1c08b33b5442866771fdcae064

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56013
x-xss-protection: 0
server: cafe
etag: 12003103348929325532
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 03:36:23 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_auto_rs&sts=pfno&evt=place&vh=1200&eid=44759876%2C44759927%2C44759837%2C44795921%2C95320884&hl=en&pvc=2169492246637150

Requested by

Host: trfnews.i234.me
URL: https://trfnews.i234.me/wordpress/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D7D7 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trfnews.i234.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 03:36:22 GMT
expires: Fri, 27 Dec 2024 03:36:22 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame 4B1A 14 KB
2 KB 38ms
16ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3868038712334580&output=html&h=280&adk=4188038881&adf=3136344130&pi=t.aa~a.1043414356~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1703734582&rafmt=1&to=qs&pwprc=5217193664&format=1200x280&url=https%3A%2F%2Ftrfnews.i234.me%2Fwordpress%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703734582369&bpp=1&bdt=482&idt=257&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5812992322352&frm=20&pv=1&ga_vid=1689424002.1703734582&ga_sid=1703734582&ga_hid=905273012&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=383&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44795921%2C95320884&oid=2&pvsid=2169492246637150&tmod=2091486081&uas=0&nvt=1&ref=http%3A%2F%2Ftrfnews.i234.me%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=259

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 28 Dec 2023 03:36:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 28 Dec 2023 03:05:11 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 28 Dec 2023 03:36:23 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 4B1A 2 KB
875 B 30ms
8ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 21:29:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21994
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Jan 2024 21:29:49 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 4B1A 23 KB
9 KB 16ms
9ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 21:29:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21993
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9269
x-xss-protection: 0
server: cafe
etag: 11706523405290302210
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Jan 2024 21:29:50 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 4B1A 3 KB
1 KB 18ms
12ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 21:29:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21993
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Jan 2024 21:29:50 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 4B1A 20 KB
9 KB 29ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 21:29:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21994
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Jan 2024 21:29:49 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4B1A 203 KB
65 KB 72ms
22ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Dec 2023 03:36:23 GMT

GET
H2 200 f9d9b65dbd646119ce96bad0f484d579.js Show response
www.gstatic.com/mysidia/ Frame 4B1A 37 KB
16 KB 32ms
10ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f9d9b65dbd646119ce96bad0f484d579.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 25 Dec 2023 13:56:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 221980
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15460
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 24 Mar 2024 13:56:43 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/10832574113670414510/ Frame 4B1A 14 KB
14 KB 16ms
13ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10832574113670414510/14763004658117789537?w=600&h=314&tw=1&q=75

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76e40bd73665bc898831cb963e300c2cc6a057c86af09aced535c28cf2a4d865

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Thu, 26 Dec 2024 15:06:03 GMT
date: Wed, 27 Dec 2023 15:06:03 GMT
x-content-type-options: nosniff
age: 45020
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14345
x-xss-protection: 0
last-modified: Tue, 28 Jun 2022 06:33:18 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
DATA 200
OK truncated
/ Frame 4B1A 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 4B1A 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 css2
fonts.googleapis.com/ Frame D7D7 4 KB
744 B 17ms
17ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: 11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com
URL: https://11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 28 Dec 2023 03:36:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 28 Dec 2023 01:58:52 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 28 Dec 2023 03:36:23 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 1055 14 KB
1 KB 25ms
25ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: trfnews.i234.me
URL: http://trfnews.i234.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 28 Dec 2023 03:36:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 28 Dec 2023 02:00:10 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 28 Dec 2023 03:36:23 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 1055 2 KB
856 B 7ms
4ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: trfnews.i234.me
URL: http://trfnews.i234.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 21:29:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21994
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Jan 2024 21:29:49 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 1055 23 KB
9 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Host: trfnews.i234.me
URL: http://trfnews.i234.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 21:29:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21993
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9269
x-xss-protection: 0
server: cafe
etag: 11706523405290302210
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Jan 2024 21:29:50 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CC09 143 B
166 B 8ms
7ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: trfnews.i234.me
URL: http://trfnews.i234.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3479
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 02:38:24 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 1055 3 KB
1 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: trfnews.i234.me
URL: http://trfnews.i234.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 21:29:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21993
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Jan 2024 21:29:50 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 1055 20 KB
8 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: trfnews.i234.me
URL: http://trfnews.i234.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 21:29:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21994
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Jan 2024 21:29:49 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1055 203 KB
64 KB 68ms
54ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: trfnews.i234.me
URL: http://trfnews.i234.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Dec 2023 03:36:23 GMT

GET
H2 200 f9d9b65dbd646119ce96bad0f484d579.js Show response
www.gstatic.com/mysidia/ Frame 1055 37 KB
15 KB 13ms
11ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f9d9b65dbd646119ce96bad0f484d579.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: trfnews.i234.me
URL: http://trfnews.i234.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 25 Dec 2023 13:56:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 221980
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15460
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 24 Mar 2024 13:56:43 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame D7D7 22 KB
9 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: 11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com
URL: https://11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

db2bdaad0dc9232fadb3de900bf039a0f356521698f213df1edf601e02a5870d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 02:25:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4247
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9210
x-xss-protection: 0
server: cafe
etag: 13914886398874665762
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 11 Jan 2024 02:25:36 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame D7D7 205 B
518 B 15ms
15ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: 11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com
URL: https://11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 00:55:34 GMT
x-content-type-options: nosniff
age: 9649
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 27 Dec 2024 00:55:34 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame D7D7 604 B
694 B 16ms
16ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: 11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com
URL: https://11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 01:13:33 GMT
x-content-type-options: nosniff
age: 8570
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 27 Dec 2024 01:13:33 GMT

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/ Frame 0801 9 KB
4 KB 7ms
6ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trfnews.i234.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 20339
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 27 Dec 2023 21:57:24 GMT
etag: 5585625838579639069
expires: Wed, 10 Jan 2024 21:57:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/ Frame 0D28 9 KB
4 KB 7ms
7ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trfnews.i234.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 20339
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 27 Dec 2023 21:57:24 GMT
etag: 5585625838579639069
expires: Wed, 10 Jan 2024 21:57:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0D6B 624 B
246 B 49ms
47ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxiknLvGATAB&v=APEucNUl8tisIiK3w275FsaJsI86voIbsy7iI50M-9pf6HC--uSwx0GZiElq-0TLNeGvlw0yS1M5KjJupozblESkIdBOruDRkrALcDnUaRKIDLCrFIGpBMkJSbPMtgj0pIrr8X9qTs7-csb6UoI8eqNePPDfflqovVfUIM_JXEExTOHYRnPTh4c

Requested by

Host: trfnews.i234.me
URL: http://trfnews.i234.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 03:36:23 GMT
expires: Thu, 28 Dec 2023 03:36:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 7FFF 89 KB
31 KB 66ms
65ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: trfnews.i234.me
URL: http://trfnews.i234.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 03:36:23 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 7FFF 3 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: trfnews.i234.me
URL: http://trfnews.i234.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 21:29:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21993
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Jan 2024 21:29:50 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 7FFF 20 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: trfnews.i234.me
URL: http://trfnews.i234.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 21:29:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21994
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Jan 2024 21:29:49 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7FFF 203 KB
64 KB 24ms
22ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: trfnews.i234.me
URL: http://trfnews.i234.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Dec 2023 03:36:23 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7FFF 42 B
63 B 42ms
41ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B9rHSHL9yqTAuxv3cihf3Y0d-eEGSMTulDEfqW3_V5blZyn_nLnizbtyR3WXYTmaQkWJUt64CQcr39Cb52UNE59eyZPBy58t_YI6aa_rWYRDr3iVg

Requested by

Host: trfnews.i234.me
URL: http://trfnews.i234.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 616E 624 B
246 B 48ms
48ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMe68vACEMrSk4kEGJHhwPwBMAE&v=APEucNV-HcocuLN1VKr7b0hBiJeaniBCMNjCKPQ3YF74dVPdQWOi6JCV2ZvphP3M27DQh-vkYzyryeh_7JlzwNGzu9vVbbqAp-8ixNJ4NaCCOGLPiSlO0hNcnXSHhzl_yjMdcCcUPpkX0NiRB_UJMtPtcZK631zjDRuEv5Dskv_Ktn15FD6EL6I

Requested by

Host: trfnews.i234.me
URL: http://trfnews.i234.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 03:36:23 GMT
expires: Thu, 28 Dec 2023 03:36:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame D92A 23 KB
9 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Host: trfnews.i234.me
URL: http://trfnews.i234.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 20:43:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24803
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9269
x-xss-protection: 0
server: cafe
etag: 11706523405290302210
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Jan 2024 20:43:00 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame D92A 7 KB
3 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: trfnews.i234.me
URL: http://trfnews.i234.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 02:43:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3177
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 11 Jan 2024 02:43:26 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame D92A 41 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: trfnews.i234.me
URL: http://trfnews.i234.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 13:49:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 136027
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 25 Dec 2024 13:49:16 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame D92A 3 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: trfnews.i234.me
URL: http://trfnews.i234.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 21:29:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21993
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Jan 2024 21:29:50 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame D92A 20 KB
8 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: trfnews.i234.me
URL: http://trfnews.i234.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 21:29:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21994
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Jan 2024 21:29:49 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame D92A 203 KB
64 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: trfnews.i234.me
URL: http://trfnews.i234.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Dec 2023 03:36:23 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame D92A 42 B
63 B 41ms
41ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DRJydODurZAr91zSEjRX6ir5P1Qk1bvSwIlzksOSBm83BZvzMMfxy3bcMu_GAjAqmnHgdPKStOFYESrESG-1CMRIVdBINmDYrQtUl0dBU6aMdkuu8

Requested by

Host: trfnews.i234.me
URL: http://trfnews.i234.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 17387322268292009911
s0.2mdn.net/simgad/ Frame D92A 86 KB
86 KB 38ms
7ms Image
image/jpeg 2a00:1450:4001:806::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/17387322268292009911

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3565d0d0087185def97bbbb4116fccacea668100a0e19bfe073dba8cf43fe85c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Sat, 21 Dec 2024 10:04:27 GMT
date: Fri, 22 Dec 2023 10:04:27 GMT
x-content-type-options: nosniff
age: 495116
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 87637
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:27:34 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
DATA 200
OK truncated
/ Frame 4B1A 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4a5a5f972e607d20b54ecec7d3fe5e67152b21bbc7f1f4e31841bc067c3fe5cd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CC09
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

17ms
16ms

Document
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com
URL: https://11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 03:36:23 GMT
expires: Thu, 28 Dec 2023 03:36:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 03:36:23 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 1F3C 38 KB
13 KB 7ms
7ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 134144
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 26 Dec 2023 14:20:39 GMT
expires: Wed, 25 Dec 2024 14:20:39 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 0D6B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED8vJQnECMoeY6rkAl1kig0&google_cver=1

43 B
339 B

27ms
27ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED8vJQnECMoeY6rkAl1kig0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxiknLvGATAB&v=APEucNUl8tisIiK3w275FsaJsI86voIbsy7iI50M-9pf6HC--uSwx0GZiElq-0TLNeGvlw0yS1M5KjJupozblESkIdBOruDRkrALcDnUaRKIDLCrFIGpBMkJSbPMtgj0pIrr8X9qTs7-csb6UoI8eqNePPDfflqovVfUIM_JXEExTOHYRnPTh4c
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:23 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H5cQE6Mur0YQclESH%2FzQfah2vfDugaTsziVhy4V1RYP9eNbq2TvekxUsH3DAP%2BlPCOkXm30ndzeonQU4E3rIox7stHpMINC3wlzz%2F0xISQLp2n%2FwVzU%2FXPqoPAxWwbY2l8LvQ2RgjSiZ1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 83c6c239cb955d5f-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED8vJQnECMoeY6rkAl1kig0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 0D6B
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZYztNxGZHZrXlCT4tiPrzgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED8vJQnECMoeY6rkAl1kig0&google_cver=1

43 B
735 B

22ms
22ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED8vJQnECMoeY6rkAl1kig0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxiknLvGATAB&v=APEucNUl8tisIiK3w275FsaJsI86voIbsy7iI50M-9pf6HC--uSwx0GZiElq-0TLNeGvlw0yS1M5KjJupozblESkIdBOruDRkrALcDnUaRKIDLCrFIGpBMkJSbPMtgj0pIrr8X9qTs7-csb6UoI8eqNePPDfflqovVfUIM_JXEExTOHYRnPTh4c
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:23 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V2FYMlQz8c9VUpK%2FEiKdhx4rv2N86LhCngQSCATENp9JtSfhm7Q9IRYz%2FXcfYjk1TvYmls%2Bn6zWU26XqPyJmcP6lywrMhN0bh%2BRXc1LXO13c6AL3SePm8n4mWhJl8q%2BS2ZRWeuVubzAQag%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 83c6c23a4f062bd2-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED8vJQnECMoeY6rkAl1kig0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 0D6B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEDhlXNAzU2DUP4mKET4jfCI&google_cver=1

43 B
837 B

8ms
8ms

Image
image/gif

37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEDhlXNAzU2DUP4mKET4jfCI&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxiknLvGATAB&v=APEucNUl8tisIiK3w275FsaJsI86voIbsy7iI50M-9pf6HC--uSwx0GZiElq-0TLNeGvlw0yS1M5KjJupozblESkIdBOruDRkrALcDnUaRKIDLCrFIGpBMkJSbPMtgj0pIrr8X9qTs7-csb6UoI8eqNePPDfflqovVfUIM_JXEExTOHYRnPTh4c

Protocol

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:23 GMT
an-x-request-uuid: a2075ed4-69c7-4e5d-9315-cd125f78b885
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 81.95.5.35; 81.95.5.35; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEDhlXNAzU2DUP4mKET4jfCI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 0D6B
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkwMjE4NzU1NDI3MTM0Njk3MQ%3D%3D

170 B
232 B

17ms
16ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkwMjE4NzU1NDI3MTM0Njk3MQ%3D%3D

Requested by

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:23 GMT
an-x-request-uuid: 9f57e106-4ecc-40b3-bc6a-3da652847c22
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkwMjE4NzU1NDI3MTM0Njk3MQ%3D%3D
x-proxy-origin: 81.95.5.35; 81.95.5.35; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 616E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED8vJQnECMoeY6rkAl1kig0&google_cver=1

43 B
768 B

23ms
22ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED8vJQnECMoeY6rkAl1kig0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMe68vACEMrSk4kEGJHhwPwBMAE&v=APEucNV-HcocuLN1VKr7b0hBiJeaniBCMNjCKPQ3YF74dVPdQWOi6JCV2ZvphP3M27DQh-vkYzyryeh_7JlzwNGzu9vVbbqAp-8ixNJ4NaCCOGLPiSlO0hNcnXSHhzl_yjMdcCcUPpkX0NiRB_UJMtPtcZK631zjDRuEv5Dskv_Ktn15FD6EL6I
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:23 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4PI4IWq8Bimu%2F9I0lZAJRYlBhFZ2tRRkx6J1DZ118VPtBi70cNcKpsAOOnpR4tVBvx6O%2BfRr7xYblHN%2BImuRkIm%2Fe3RCDlOuf5UjCFeyihLRyoetmt20umrtmPCh61rJSCGPspa778qWMg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 83c6c239ded52bd2-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED8vJQnECMoeY6rkAl1kig0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 616E
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZYztN2vcEPERooqAI0T-5QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED8vJQnECMoeY6rkAl1kig0&google_cver=1

43 B
733 B

23ms
22ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED8vJQnECMoeY6rkAl1kig0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMe68vACEMrSk4kEGJHhwPwBMAE&v=APEucNV-HcocuLN1VKr7b0hBiJeaniBCMNjCKPQ3YF74dVPdQWOi6JCV2ZvphP3M27DQh-vkYzyryeh_7JlzwNGzu9vVbbqAp-8ixNJ4NaCCOGLPiSlO0hNcnXSHhzl_yjMdcCcUPpkX0NiRB_UJMtPtcZK631zjDRuEv5Dskv_Ktn15FD6EL6I
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:23 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BDVjm8TrTDTYUiNaNzxfIcHqbKdyWnKkhiZQ3DfkCSsCL7rd51h8KWP2om9AE%2F7eIpp6bg%2FiWpcEbVoXw5kMyBy6ZzRe4atQmHioil4BaXqCSPP2EyxIJ7u8Szq0LHEoJ%2FofvYvZuKQNpA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 83c6c23a1ef22bd2-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED8vJQnECMoeY6rkAl1kig0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 616E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEDhlXNAzU2DUP4mKET4jfCI&google_cver=1

43 B
837 B

8ms
7ms

Image
image/gif

37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEDhlXNAzU2DUP4mKET4jfCI&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMe68vACEMrSk4kEGJHhwPwBMAE&v=APEucNV-HcocuLN1VKr7b0hBiJeaniBCMNjCKPQ3YF74dVPdQWOi6JCV2ZvphP3M27DQh-vkYzyryeh_7JlzwNGzu9vVbbqAp-8ixNJ4NaCCOGLPiSlO0hNcnXSHhzl_yjMdcCcUPpkX0NiRB_UJMtPtcZK631zjDRuEv5Dskv_Ktn15FD6EL6I

Protocol

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:23 GMT
an-x-request-uuid: 26b099f4-ec6e-4b57-a1fc-2daacb061442
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 81.95.5.35; 81.95.5.35; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEDhlXNAzU2DUP4mKET4jfCI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 616E
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkwMjE4NzU1NDI3MTM0Njk3MQ%3D%3D

170 B
243 B

16ms
16ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkwMjE4NzU1NDI3MTM0Njk3MQ%3D%3D

Requested by

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:23 GMT
an-x-request-uuid: 4aef9a00-196f-461e-9e4f-a03ff33a51a4
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODkwMjE4NzU1NDI3MTM0Njk3MQ%3D%3D
x-proxy-origin: 81.95.5.35; 81.95.5.35; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 4B1A 33 KB
34 KB 27ms
7ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 21:01:51 GMT
x-content-type-options: nosniff
age: 23672
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 26 Dec 2024 21:01:51 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7FFF 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8641846087525&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7FFF 0
20 B 42ms
42ms Ping
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8641846087525&version=m202309260101&ct=77&x=1&cor=1648429615912246500

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7FFF 20 KB
13 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A1FkqCtvmO4iOYer-kytI5BHR_vycqG-XT1-1UUxMqTvVnBVFz-PtbrA451t7GpGerXd83X_asNOuz_65_na49WRjqprTIaPYjMMs1ttVyWmEblqzfyFu9JCweHO-MpxSRLs0QiYkcd9EYeuSZ93r0GJj6gQoL5e9w6qxedaG7XCB-pE8&cry=1&dbm_d=AKAmf-BED47K7Y4lKVp8hn4apmhqQ2xk3K0QJuFjy_ZK-_x9YQ5bmEkd_-_EDyhZd1VsNN38wd0kJ5TgAPMOwPq1AD0IdzMJ19bvlwhT42-PqlIozxn-vJWtcPmgcOzRq6tW4AnL5jqCGOPJEhUkxFLO857vY6rUcZGF9a5qCoUxTn8jIA6jyxHhshKszVb9rhcfTIYx-e7ZxoRJuZSHlGqJAWnOj9JxNrJBxKKO3A1U2Z9VKB_aCitCtwhCseu51D9QU0E5ijcHGdJRUKVstY7ITesVjKPpOrUlx3uxrCmg1tjGqwdMgloFTjyy8gbTni3cAauoQBRo1GUljbxZxryPQIPfiAZUqvPAGPhJrNzjaN2DuTqIp7bp1J0QSdRwsZnWXCL1XpxggbdFQdrW36TB-LKQjffpqSHYkGZ2gL_3wUhxYC_qpmN7FSrrvQpBaeR7cWvsKOQ5R09d92i6wLOMo2PqtzogAkMokPgYvSQnc2yLzd3ICQ3P-7J_Ymy7xYp1D6NK8I8OzjN7R6tVBW7KTaOooK9suMS_R0EKhQBl-cENKv1LvenaBni0D2vkYGSKWOSgh0J71kIjsOktnyP4ZUWpg9xGYjhQRruNLi3UjzMYo1SXfjb4iZaKecvwSH1mmmfMLO07UECM_h8x5czOmeLDkJuUN2Uw3lChhTCOcJXMP2dT86VQa6Bue3F_u9KvkgFpsLADvsUp9fzA49rE2tEO2hv6AHlfYYF90wAc3n-JmtT8SbqhXUbfb0sTxdc1cGeuS70nZPm-JSBHKrhThRgbmKj3g8BzY0KCePxJRvM5cXokTDVsJCos_g2ZpAv6T883JeIxvcwYP0mYj5wgEJaNgnTCQWh1So3XAfQW5AkAZ2VpOKQ89Sxuf3j4ZWcxZq1KVQLhnz2F8FtmpK_5KmidHdbF9dVfRJRt1WEKcolU2qhE9K_SbLFMwQdA8Uvio6xUcfSNWn1un694S5G15M2VIPhDM1Gxm9vD5w9uYtyzBIODEZHPbH-NK17aAtgam1BifOwH4HHG5beRTJ-GT-tPWDpOZRcw3xOWOv5crjkmjk6pgwuknwFOzonH3iWnnsmIy2y7c9HC2JdSa4wooN6Rx85o8R8Krx_tJ-q5DfjyMxWQEPo6yvCXI-ebCr539OFhSNAJUCZsPSI4YNHt_rLrR3X1-LBSFHu5JoRAOrSMLQuWogVNXcUVCxC9ZdL8dCB_jJW7aIk1_jhFaQtV4LoyiPhQjFfZ5cXBVx6c6d8JsyeHRn2TVXPZ3ijiL56zvNrAZQlac7uZavZXWRo1RjM8SRcQSaqd-bJu4c05gClM97eYkrK3YU6GbVM6HFebn5sPDOgeWzL-kVzYnm3laxIg0P0qgyCruy6ous_cnLHkaR9Tvh8axthtHBKC2X_ihJZ5uNt_nrDJZLF3WyEhwlqLSoVXwGf5bTgQlnk1GGDlyejdxruypv9QJjB3fvsGL_bvm0o_uLrCSTD9-dkXFCo5A2bCCwATeLNF2Vu7i4dIvvGvvJPbtMR8xXJ342XgyDNrC8Ih-wuFaoI9s36Uvm1NMV9wAnt7qYxdzy1ML0_g-XaZ8JlIn03Aq4bp-Rdx9JnoHt1vIY1lJvyIn1Gk82a1EABmXYD-vDD3mwJx9mYH-i5gNDZw5JQ4Yif8e1JhIRn6kvrEDt4d1juhmtwMaSGw45AQrQOJYOu2L8vqGapQS0qJqBYpmE1sj7z2TPSX9lkUOyabnu6sX-ImPTNOzxI3wkvftSiUGKkffMBh5phEsDY803DVnoSJeWdmKQ2OfEalJCrApX3P7ddtpiuKXDB755EdTPaONm7Q0X6WDptl_oF41ZU1Z8AMM7XTP5ZoE_w03XEFGxoVekbUBOftFVmCSA7i7k-ySosC85dNnQ09Ky8D0XsdS-MKGw3n5LWdDo2dcAhRjE_a1a6S-zQTSRbnTip8PcYVsnrNa4F71awJBqI_abka9-1H7aD8wexO3b3ngOz6Upuz2Ip0SXyyxyM49BrvvLpFMMzaRun4_0VJGgoLUYSVpGhhbOKLdxps5uJnlxP7RTJbeI-WkD8Q6ka3ENKvWTOC3galqci8BV7rxy7Xeq_VGn8tof6BLdM9HeeniY6QCjaMVTvtwkrKi86NcYwVWVZXjJ4tMw4BfhjlI_1oeVA-eE3Lvs5askImlgeNleGN2OKwqP47BkLt9Ax7VXkTzb_yK6QTJdJdMiaAtuY59LnbrX14RUOeRLje5U87LQGRd_912bTRIvDfwk0QSwZkXU4MEqialvknddUmRbgSVlrOpsKyfdfJpBMRnquzf8jekw_knH_Chr71n_fuv7VonFF0HvB6sAc-4msro904nMwLR3OlXtlMiXUAI6e4UP6pVj7ZNiUuVjbTSJdMMvObHa5cIogcuQ39dyaWv8HqY30lTckn6pHINzpghccs0tjsJNOGTL4c2fZX-jNLze5d3Hy5MEP4A5lm-DqDGQSfNebL3SjjHp-KSYKKfO1anV6hNGJFjrdXgrKYd48uJLnjK5YOhbjBDqx7efn79_vfbK-zMarxJk-8yPZoDYNFV1q6I6IMQ4gB21YTMQN3C_iPLLvv-ET83vBCMJICzuuJzuHf-DRTvH_hoa77omC4SVQpB40Ny7JdeZJUaoJUSnwmLUwA8wo_l6A5Ut-72PGahKy01RL7JZFmr_CH20i1fw7Z_xAeMp5xEkPI9tkYq5Z41NzxMqvRVQJfbf46zQyBUqP95C317Y1thkMWKSM65GSHh0elAKfs9HNrf4lYwDgx5GE6QMmicCPexyOayq9FRpETDJD9FWSGvfeQDR2dGFKKYzDVjlLx2NGHeLVNfpaucVgWQRRxXleTYVMb6Jc2U3Fl42z6uhr1lEEH3SgVgKV5QUms_qnzHmLZEZCU_-jLmy5abhHvJq946LtZQigwvfo4ZuWfYKjEMHOIZQJwq1rHzAY5y2qi3fftFDf6EEWGMNDkwNkpRyBE-sZjfOnHZEf7sEvl9EGp5olXkGwnzNtWPXGpuZash9-DV_8bWXMzMHU0FxcO72CKt6klehYIr11ky-8Zfrc-qadoj22RzMmxEbnMQO0XacvPX8-GFPKRgQMAGLMnvCA26BfrjZ-HUY93YsZVM86F2RhvfqHIQDzhhXo-ZIzWiSw-OfcI8LJnOpaFzH7DrWpPPfaUmekXl2H-l3p9t8wr46sNVl1ZLTOcSuktL7bix253sQ6rWrxSnk3Bs0pLeRlSGYrwvRUEyUgOhIeItZ33x2ahAxZWe_eIo3z0qYeAyWgU5biGE6eVJ8I92ZmyFuBSZSAuJBlchjiIphq8iTTYz779Aj9P-71N3juCQ_AoIJPQkyr_2-KxEkc94r7NBAgATWs0edLpqUxSBv1tA628scqxlngc4ykuwh5BeThmXLC_Okxwhg6fii8otTDvJsICgpbNPSze3ViGdh1BSPOy7XWmSdt3vn2cLX_9RZrFOdvYaDaUKVNzMI7NoO-tI8OI3yBYGRD1-5hVPdTXCvOfQhHrkTNMdBoEY0cMyV38t8QDcnAoMIxisJgBiX-rvP61_6zYdrEyDtLDv-Wi9KJWpDUoeVMfd9qB5j_Z60NkSGYjWtznpcyah2hIfQmtuB6dyKo3Yn6Cx0URMX-FwO1Q94etanfQT_1aS7KinBIrTHQnLa5OALrV8CWYcAWNh34B9mgl5ruNVJZFGnczOkC2onGZCUEKB9WP0r3HVXqY-AM6pTB3z1CdEoXaapbtx_4WxmHKktEsOlky4ha3FpBYnlfY-URACEQlgkhvb5hg431KbIQcMCAkksQfhn8yvgADeZ0mLMv7Zzhmk9pkEWiegoVLi41-U7znT9lNNlLQCb53Oy7FSM3__hFT94iRXZA9Jc2m2rJHfXJBsP7Cd77sI2enxeZHXwPZW1MdWtFuKcQnxTqIJAfsGAMFVf3W-247lC8Me_BeTFLGJwYAoCZKeFIDUoTNDCIm&cid=CAQSTwAvHhf_3EC0cKJBaQWadLCWzvz1YTq4KBbdSrzFaYXieTbWa9nhgAyQbEjO5A2lX-6PG9hjoAxVOl4xC647Qlph1bTbHHWmHvJ_oFKsOyIYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Ftrfnews.i234.me%2F&ds=l&xdt=1&iif=1&cor=1648429615912246500&adk=1877897942&idt=93&cac=0&dtd=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

43f91e85f95b0a2078fa0240272e9fc35a1da0c5a529c67de1db47adf0cf167e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13780
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gPTZx8Qg5YtqHYATuVEq7wiNXgGYJLmNtV6Q-nRIA0Y.js Show response
pagead2.googlesyndication.com/bg/ Frame 9F8C 50 KB
19 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gPTZx8Qg5YtqHYATuVEq7wiNXgGYJLmNtV6Q-nRIA0Y.js

Requested by

Host: trfnews.i234.me
URL: http://trfnews.i234.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80f4d9c7c420e58b6a1d8013b9512aef088d5e019824b98db55e90fa74480346

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 13:49:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 136027
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19632
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 25 Dec 2024 13:49:16 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 1F3C 39 KB
15 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 15:53:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42165
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 26 Dec 2024 15:53:38 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 4B1A
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CtkPuNu2MZcibJ8iD1PIPgNOD0A_N1ZHmdK2arfGMCcri0uCyARABILablWVglfrwgYwHoAGlvY3KA8gBCakCg5KcQImhsj6oAwHIA8sEqgSQAk_QPiPrS-h5xfN-t1On6n7xdtZZLeIYOwh...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2210608348795368569313%22,%22debug_reporting%22:true,%22destination%22:%22https://myskywind.com%22,%22event_report_window%22...

0
0

57ms
42ms

Fetch
text/css

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2210608348795368569313%22,%22debug_reporting%22:true,%22destination%22:%22https://myskywind.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22960716453%22],%2222%22:[%22true%22],%224%22:[%2212-28%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%222402015001087831009%22}&andc=true

Requested by

Host: trfnews.i234.me
URL: https://trfnews.i234.me/wordpress/

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:23 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"10608348795368569313","debug_reporting":true,"destination":"https://myskywind.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["960716453"],"22":["true"],"4":["12-28"],"6":["true"]},"priority":"500","source_event_id":"2402015001087831009"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 28 Dec 2023 03:36:23 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 28 Dec 2023 03:36:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"10608348795368569313","debug_reporting":true,"destination":"https://myskywind.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["960716453"],"22":["true"],"4":["12-28"],"6":["true"]},"priority":"500","source_event_id":"2402015001087831009"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 gPTZx8Qg5YtqHYATuVEq7wiNXgGYJLmNtV6Q-nRIA0Y.js Show response
pagead2.googlesyndication.com/bg/ Frame 4997 50 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gPTZx8Qg5YtqHYATuVEq7wiNXgGYJLmNtV6Q-nRIA0Y.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80f4d9c7c420e58b6a1d8013b9512aef088d5e019824b98db55e90fa74480346

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 13:49:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 136027
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19632
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 25 Dec 2024 13:49:16 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 7FFF 41 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A1FkqCtvmO4iOYer-kytI5BHR_vycqG-XT1-1UUxMqTvVnBVFz-PtbrA451t7GpGerXd83X_asNOuz_65_na49WRjqprTIaPYjMMs1ttVyWmEblqzfyFu9JCweHO-MpxSRLs0QiYkcd9EYeuSZ93r0GJj6gQoL5e9w6qxedaG7XCB-pE8&cry=1&dbm_d=AKAmf-BED47K7Y4lKVp8hn4apmhqQ2xk3K0QJuFjy_ZK-_x9YQ5bmEkd_-_EDyhZd1VsNN38wd0kJ5TgAPMOwPq1AD0IdzMJ19bvlwhT42-PqlIozxn-vJWtcPmgcOzRq6tW4AnL5jqCGOPJEhUkxFLO857vY6rUcZGF9a5qCoUxTn8jIA6jyxHhshKszVb9rhcfTIYx-e7ZxoRJuZSHlGqJAWnOj9JxNrJBxKKO3A1U2Z9VKB_aCitCtwhCseu51D9QU0E5ijcHGdJRUKVstY7ITesVjKPpOrUlx3uxrCmg1tjGqwdMgloFTjyy8gbTni3cAauoQBRo1GUljbxZxryPQIPfiAZUqvPAGPhJrNzjaN2DuTqIp7bp1J0QSdRwsZnWXCL1XpxggbdFQdrW36TB-LKQjffpqSHYkGZ2gL_3wUhxYC_qpmN7FSrrvQpBaeR7cWvsKOQ5R09d92i6wLOMo2PqtzogAkMokPgYvSQnc2yLzd3ICQ3P-7J_Ymy7xYp1D6NK8I8OzjN7R6tVBW7KTaOooK9suMS_R0EKhQBl-cENKv1LvenaBni0D2vkYGSKWOSgh0J71kIjsOktnyP4ZUWpg9xGYjhQRruNLi3UjzMYo1SXfjb4iZaKecvwSH1mmmfMLO07UECM_h8x5czOmeLDkJuUN2Uw3lChhTCOcJXMP2dT86VQa6Bue3F_u9KvkgFpsLADvsUp9fzA49rE2tEO2hv6AHlfYYF90wAc3n-JmtT8SbqhXUbfb0sTxdc1cGeuS70nZPm-JSBHKrhThRgbmKj3g8BzY0KCePxJRvM5cXokTDVsJCos_g2ZpAv6T883JeIxvcwYP0mYj5wgEJaNgnTCQWh1So3XAfQW5AkAZ2VpOKQ89Sxuf3j4ZWcxZq1KVQLhnz2F8FtmpK_5KmidHdbF9dVfRJRt1WEKcolU2qhE9K_SbLFMwQdA8Uvio6xUcfSNWn1un694S5G15M2VIPhDM1Gxm9vD5w9uYtyzBIODEZHPbH-NK17aAtgam1BifOwH4HHG5beRTJ-GT-tPWDpOZRcw3xOWOv5crjkmjk6pgwuknwFOzonH3iWnnsmIy2y7c9HC2JdSa4wooN6Rx85o8R8Krx_tJ-q5DfjyMxWQEPo6yvCXI-ebCr539OFhSNAJUCZsPSI4YNHt_rLrR3X1-LBSFHu5JoRAOrSMLQuWogVNXcUVCxC9ZdL8dCB_jJW7aIk1_jhFaQtV4LoyiPhQjFfZ5cXBVx6c6d8JsyeHRn2TVXPZ3ijiL56zvNrAZQlac7uZavZXWRo1RjM8SRcQSaqd-bJu4c05gClM97eYkrK3YU6GbVM6HFebn5sPDOgeWzL-kVzYnm3laxIg0P0qgyCruy6ous_cnLHkaR9Tvh8axthtHBKC2X_ihJZ5uNt_nrDJZLF3WyEhwlqLSoVXwGf5bTgQlnk1GGDlyejdxruypv9QJjB3fvsGL_bvm0o_uLrCSTD9-dkXFCo5A2bCCwATeLNF2Vu7i4dIvvGvvJPbtMR8xXJ342XgyDNrC8Ih-wuFaoI9s36Uvm1NMV9wAnt7qYxdzy1ML0_g-XaZ8JlIn03Aq4bp-Rdx9JnoHt1vIY1lJvyIn1Gk82a1EABmXYD-vDD3mwJx9mYH-i5gNDZw5JQ4Yif8e1JhIRn6kvrEDt4d1juhmtwMaSGw45AQrQOJYOu2L8vqGapQS0qJqBYpmE1sj7z2TPSX9lkUOyabnu6sX-ImPTNOzxI3wkvftSiUGKkffMBh5phEsDY803DVnoSJeWdmKQ2OfEalJCrApX3P7ddtpiuKXDB755EdTPaONm7Q0X6WDptl_oF41ZU1Z8AMM7XTP5ZoE_w03XEFGxoVekbUBOftFVmCSA7i7k-ySosC85dNnQ09Ky8D0XsdS-MKGw3n5LWdDo2dcAhRjE_a1a6S-zQTSRbnTip8PcYVsnrNa4F71awJBqI_abka9-1H7aD8wexO3b3ngOz6Upuz2Ip0SXyyxyM49BrvvLpFMMzaRun4_0VJGgoLUYSVpGhhbOKLdxps5uJnlxP7RTJbeI-WkD8Q6ka3ENKvWTOC3galqci8BV7rxy7Xeq_VGn8tof6BLdM9HeeniY6QCjaMVTvtwkrKi86NcYwVWVZXjJ4tMw4BfhjlI_1oeVA-eE3Lvs5askImlgeNleGN2OKwqP47BkLt9Ax7VXkTzb_yK6QTJdJdMiaAtuY59LnbrX14RUOeRLje5U87LQGRd_912bTRIvDfwk0QSwZkXU4MEqialvknddUmRbgSVlrOpsKyfdfJpBMRnquzf8jekw_knH_Chr71n_fuv7VonFF0HvB6sAc-4msro904nMwLR3OlXtlMiXUAI6e4UP6pVj7ZNiUuVjbTSJdMMvObHa5cIogcuQ39dyaWv8HqY30lTckn6pHINzpghccs0tjsJNOGTL4c2fZX-jNLze5d3Hy5MEP4A5lm-DqDGQSfNebL3SjjHp-KSYKKfO1anV6hNGJFjrdXgrKYd48uJLnjK5YOhbjBDqx7efn79_vfbK-zMarxJk-8yPZoDYNFV1q6I6IMQ4gB21YTMQN3C_iPLLvv-ET83vBCMJICzuuJzuHf-DRTvH_hoa77omC4SVQpB40Ny7JdeZJUaoJUSnwmLUwA8wo_l6A5Ut-72PGahKy01RL7JZFmr_CH20i1fw7Z_xAeMp5xEkPI9tkYq5Z41NzxMqvRVQJfbf46zQyBUqP95C317Y1thkMWKSM65GSHh0elAKfs9HNrf4lYwDgx5GE6QMmicCPexyOayq9FRpETDJD9FWSGvfeQDR2dGFKKYzDVjlLx2NGHeLVNfpaucVgWQRRxXleTYVMb6Jc2U3Fl42z6uhr1lEEH3SgVgKV5QUms_qnzHmLZEZCU_-jLmy5abhHvJq946LtZQigwvfo4ZuWfYKjEMHOIZQJwq1rHzAY5y2qi3fftFDf6EEWGMNDkwNkpRyBE-sZjfOnHZEf7sEvl9EGp5olXkGwnzNtWPXGpuZash9-DV_8bWXMzMHU0FxcO72CKt6klehYIr11ky-8Zfrc-qadoj22RzMmxEbnMQO0XacvPX8-GFPKRgQMAGLMnvCA26BfrjZ-HUY93YsZVM86F2RhvfqHIQDzhhXo-ZIzWiSw-OfcI8LJnOpaFzH7DrWpPPfaUmekXl2H-l3p9t8wr46sNVl1ZLTOcSuktL7bix253sQ6rWrxSnk3Bs0pLeRlSGYrwvRUEyUgOhIeItZ33x2ahAxZWe_eIo3z0qYeAyWgU5biGE6eVJ8I92ZmyFuBSZSAuJBlchjiIphq8iTTYz779Aj9P-71N3juCQ_AoIJPQkyr_2-KxEkc94r7NBAgATWs0edLpqUxSBv1tA628scqxlngc4ykuwh5BeThmXLC_Okxwhg6fii8otTDvJsICgpbNPSze3ViGdh1BSPOy7XWmSdt3vn2cLX_9RZrFOdvYaDaUKVNzMI7NoO-tI8OI3yBYGRD1-5hVPdTXCvOfQhHrkTNMdBoEY0cMyV38t8QDcnAoMIxisJgBiX-rvP61_6zYdrEyDtLDv-Wi9KJWpDUoeVMfd9qB5j_Z60NkSGYjWtznpcyah2hIfQmtuB6dyKo3Yn6Cx0URMX-FwO1Q94etanfQT_1aS7KinBIrTHQnLa5OALrV8CWYcAWNh34B9mgl5ruNVJZFGnczOkC2onGZCUEKB9WP0r3HVXqY-AM6pTB3z1CdEoXaapbtx_4WxmHKktEsOlky4ha3FpBYnlfY-URACEQlgkhvb5hg431KbIQcMCAkksQfhn8yvgADeZ0mLMv7Zzhmk9pkEWiegoVLi41-U7znT9lNNlLQCb53Oy7FSM3__hFT94iRXZA9Jc2m2rJHfXJBsP7Cd77sI2enxeZHXwPZW1MdWtFuKcQnxTqIJAfsGAMFVf3W-247lC8Me_BeTFLGJwYAoCZKeFIDUoTNDCIm&cid=CAQSTwAvHhf_3EC0cKJBaQWadLCWzvz1YTq4KBbdSrzFaYXieTbWa9nhgAyQbEjO5A2lX-6PG9hjoAxVOl4xC647Qlph1bTbHHWmHvJ_oFKsOyIYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Ftrfnews.i234.me%2F&ds=l&xdt=1&iif=1&cor=1648429615912246500&adk=1877897942&idt=93&cac=0&dtd=4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 13:49:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 136027
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 25 Dec 2024 13:49:16 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMzczNDU4MzMyMjMxNAogIHNlcnZlcl9pcDogMTM1Mzk2OTI3CiAgcHJvY2Vzc19pZDogNjg3OTA5MzU4Cn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDExODY4OTQz...
ad.doubleclick.net/ddm/activity/ Frame 7FFF 0
866 B 79ms
45ms Image
image/png 142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMzczNDU4MzMyMjMxNAogIHNlcnZlcl9pcDogMTM1Mzk2OTI3CiAgcHJvY2Vzc19pZDogNjg3OTA5MzU4Cn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDExODY4OTQzCmFkdmVydGlzZXJfZG9tYWluOiAiaHR0cHM6Ly9yZWRpbnRlbGxpZ2VuY2UubmV0Igp4ZmFfYXR0cmlidXRpb25faW50ZXJhY3Rpb25fdHlwZTogVklFVwppbXByZXNzaW9uX3ByaW9yaXR5OiAwCmltcHJlc3Npb25fZXhwaXJ5X2luX2RheXM6IDMwCmV2ZW50X2ltcHJlc3Npb25faWQ6IDIzNzgzMDI5NzM2MzQzNTk2NTAKZGVidWdfa2V5OiA4NjAwNzM0MTUxNDEwMTM5NTMxCmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiMjAyMy0xMi0yOCIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDExODY4OTQzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0NPUkVfUExBVEZPUk1fU0VSVklDRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFURk9STV9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1FVRVJZX0NPVU5UUlkKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiVVMiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQUNFTUVOVF9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMzMyMzE1MTQ2CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19BRFZFUlRJU0VSX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA4NzgyNDM2OTYKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMTY2NTk5NTAxNDEKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0NSRUFUSVZFX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA0MTYyMDYzNzIKICB9Cn0KYXJjaGV0eXBlX2lkOiAxMgphcmNoZXR5cGVfaWQ6IDEzCmFyY2hldHlwZV9pZDogMTQKYXJjaGV0eXBlX2lkOiAxNQphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2RlYnVnY29udmVyc2lvbmRvbWFpbjEuY29tIgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vZGVidWdjb252ZXJzaW9uZG9tYWluMi5jb20iCmltcHJlc3Npb25fZXZlbnRfcmVwb3J0aW5nX3dpbmRvd19kYXlzOiA0CmJyb3dzZXJfYXR0cmlidXRpb25fYXBpX3JlcXVlc3RfcHJvY2Vzc2luZ19iaXRzOiA3MzgxOTc1MDQK

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:23 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0x73873211fe1fca080000000000000000","13":"0x149b840c20a2ff630000000000000000","14":"0x8266ddcbd2a710720000000000000000","15":"0x7cffe4a0d8e0a7ea0000000000000000"},"debug_key":"8600734151410139531","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"21":[],"8":["11868943"]},"priority":"0","source_event_id":"2378302973634359650"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK kjmi9fqzw10q Show response
hal9000.redintelligence.net/zone/ Frame 7FFF 12 KB
4 KB 41ms
8ms Script
text/html 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/kjmi9fqzw10q?subid=&gdpr=&gdpr_consent=&rnd=1703734582630444&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCfr3nNu2MZay9JpWM1PIPldaMsAnr0sGhad3z3vTFD_AuEAEgtpuVZWCVqrOCwAfIAQmpAoOSnECJobI-qAMByAObBKoEmgJP0JReJNEmvZN2wfmQnWAd60aHdDjQiMz2BeFXTL9OZUunzc4MnMnYsIbnVXSuzZe9f9iG9jUT4uqX8-5DGTpLZCegKzKTVxvl_ERka6gil8DdHe_yF-L5i-sV1WLF2zA9gHOi9-TbzRuo7V93Xq7o1Ly998S0hEYrs5fZ0euhL3zWM21b3yb1PLLni06EgIRCB_P1MH2wDwiAQDSe5oFIrtVbJlIrkBW_nbiG_caN85RLx3qNfeGp1oRvaLVzlsEXVsuc9rSqGnx9lTPaFgmg6ew3wq6W0N0jL8CUkSuLvQd2njrXgUbIkGNoNCjkiMWr8xlq3-Cpf_4OEA5JXeIW6qk4NI7tgDNMm4GJnc8QwPAstjv1X9-BKOnABL6O6uT5A-AEA4gFvdSKiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYv5jb9JmxgwOACgGYCwHICwGADAGiDBQqEgoQ5LSxAu61sQK1uLECrLqxAqoNAkRFsBOH77EV0BMA2BMDiBQC2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwAvHhf_3EC0cKJBaQWadLCWzvz1YTq4KBbdSrzFaYXieTbWa9nhgAyQbEjO5A2lX-6PG9hjoAxVOl4xC647Qlph1bTbHHWmHvJ_oFKsOyIYAQ%26sig%3DAOD64_2OWkdaGONJGacQTQDM41JlhjYqzw%26client%3Dca-pub-3868038712334580%26dbm_c%3DAKAmf-AL7KLk5-26A7c16YYv7_FAs5NrsHVVAXYPBDRpjBoSt-p7t1zugzGAmXD2fBLNaj6aMgL4-jAnFRRWWSB58D0eZtSntJY5yZO5IP8ezlmJwOpRszagdh_v8805mbfZbD1ICNgoRystcuC6fT0WfJeYBrk-b3KstoHD7DyJiUIvG31kIxU%26cry%3D1%26dbm_d%3DAKAmf-CtCbyWZjm4m4PUmbb8J0TgNek9PwrP-f-slgH9o-xMvwKo-43VCB1B7SmDJbVksolh5lY_Uz7mjtJpmWOJTiwlKZRLgee7awV3pB1IH42rziksimvgui_pn9mBxuTEZfwdVYrjPhszcj1ikI7SsySXZ3elR4QvjVPnA5MTkT9tag1SvdzjgeEnXyfKD1GAdIHpPaIqKIKXD9AFQhQ1MIthMnSf4-Xn3y3sYgwPQapuQO0CtC-XefFaHexIN6GHOCczc6z0wfK0bgs5bxSAYDlNa-tBatdanYmH61JSZcf_c4K5GUKAbI1-XiCCClEg3N5eOuehsJapwp5RlcpjSg2txFI6PpgIBqALVL2AifzVn1z6P9fTWQ2aF279fSv5zCbV0DZu7tpQ23PVVU1NiG3GGqm3rAK9IdZqynerzTnDNkXq4s_LdDTHKwHzGcCNyWAzC5rec-gZUkVsKhc6KWt7q2Zewm2tPamLozf20yWv6uDQp9hapxcrezVHoAsfUznk_j2BGjbTdXq3eBZCq78n_yjgen8t9FXZuO7xBj0EPNUED3dN3tDWvTYzDKEZSgZCpe52%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: f38e3317b781a56ec8f6b4f1f105ad6b6c6323d4a59ed59e4038609f0e3039e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 03:36:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4245
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 80ms
42ms Preflight
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 28 Dec 2023 03:36:23 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame E906 38 KB
13 KB 7ms
7ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 134144
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 26 Dec 2023 14:20:39 GMT
expires: Wed, 25 Dec 2024 14:20:39 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

request.php Show response
hal900019.redintelligence.net/ Frame 7FFF
Redirect Chain

https://hal900019.redintelligence.net/request.php?zone=kjmi9fqzw10q&nw=20&renderingType=javascript&namespace=954398f1fd&subid=&uid=42fb68d8141e842a&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900019.redintelligence.net/request.php?zone=kjmi9fqzw10q&nw=20&renderingType=javascript&namespace=954398f1fd&subid=&uid=42fb68d8141e842a&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

3 KB
2 KB

116ms
103ms

Script
application/x-javascript

78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900019.redintelligence.net/request.php?zone=kjmi9fqzw10q&nw=20&renderingType=javascript&namespace=954398f1fd&subid=&uid=42fb68d8141e842a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCfr3nNu2MZay9JpWM1PIPldaMsAnr0sGhad3z3vTFD_AuEAEgtpuVZWCVqrOCwAfIAQmpAoOSnECJobI-qAMByAObBKoEmgJP0JReJNEmvZN2wfmQnWAd60aHdDjQiMz2BeFXTL9OZUunzc4MnMnYsIbnVXSuzZe9f9iG9jUT4uqX8-5DGTpLZCegKzKTVxvl_ERka6gil8DdHe_yF-L5i-sV1WLF2zA9gHOi9-TbzRuo7V93Xq7o1Ly998S0hEYrs5fZ0euhL3zWM21b3yb1PLLni06EgIRCB_P1MH2wDwiAQDSe5oFIrtVbJlIrkBW_nbiG_caN85RLx3qNfeGp1oRvaLVzlsEXVsuc9rSqGnx9lTPaFgmg6ew3wq6W0N0jL8CUkSuLvQd2njrXgUbIkGNoNCjkiMWr8xlq3-Cpf_4OEA5JXeIW6qk4NI7tgDNMm4GJnc8QwPAstjv1X9-BKOnABL6O6uT5A-AEA4gFvdSKiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYv5jb9JmxgwOACgGYCwHICwGADAGiDBQqEgoQ5LSxAu61sQK1uLECrLqxAqoNAkRFsBOH77EV0BMA2BMDiBQC2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwAvHhf_3EC0cKJBaQWadLCWzvz1YTq4KBbdSrzFaYXieTbWa9nhgAyQbEjO5A2lX-6PG9hjoAxVOl4xC647Qlph1bTbHHWmHvJ_oFKsOyIYAQ%26sig%3DAOD64_2OWkdaGONJGacQTQDM41JlhjYqzw%26client%3Dca-pub-3868038712334580%26dbm_c%3DAKAmf-AL7KLk5-26A7c16YYv7_FAs5NrsHVVAXYPBDRpjBoSt-p7t1zugzGAmXD2fBLNaj6aMgL4-jAnFRRWWSB58D0eZtSntJY5yZO5IP8ezlmJwOpRszagdh_v8805mbfZbD1ICNgoRystcuC6fT0WfJeYBrk-b3KstoHD7DyJiUIvG31kIxU%26cry%3D1%26dbm_d%3DAKAmf-CtCbyWZjm4m4PUmbb8J0TgNek9PwrP-f-slgH9o-xMvwKo-43VCB1B7SmDJbVksolh5lY_Uz7mjtJpmWOJTiwlKZRLgee7awV3pB1IH42rziksimvgui_pn9mBxuTEZfwdVYrjPhszcj1ikI7SsySXZ3elR4QvjVPnA5MTkT9tag1SvdzjgeEnXyfKD1GAdIHpPaIqKIKXD9AFQhQ1MIthMnSf4-Xn3y3sYgwPQapuQO0CtC-XefFaHexIN6GHOCczc6z0wfK0bgs5bxSAYDlNa-tBatdanYmH61JSZcf_c4K5GUKAbI1-XiCCClEg3N5eOuehsJapwp5RlcpjSg2txFI6PpgIBqALVL2AifzVn1z6P9fTWQ2aF279fSv5zCbV0DZu7tpQ23PVVU1NiG3GGqm3rAK9IdZqynerzTnDNkXq4s_LdDTHKwHzGcCNyWAzC5rec-gZUkVsKhc6KWt7q2Zewm2tPamLozf20yWv6uDQp9hapxcrezVHoAsfUznk_j2BGjbTdXq3eBZCq78n_yjgen8t9FXZuO7xBj0EPNUED3dN3tDWvTYzDKEZSgZCpe52%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231207%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-0-%26adk%3D1812271803%26client%3Dca-pub-3868038712334580%26fa%3D3%26ifi%3D12%26uci%3Da!c%26btvi%3D1&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Ftrfnews.i234.me&random=6752670895&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: HTTP/1.1
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 01e78bc965f7c8129ed6982df53653e86a4dcbc9df9566cf00086adb8c862577

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 28 Dec 2023 03:36:23 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 94964300009137204444546012552019
Connection: close
Content-Length: 954
Expires: Thu, 28 Dec 2023 03:36:23 +0100

Redirect headers

Pragma: no-cache
Date: Thu, 28 Dec 2023 03:36:23 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=kjmi9fqzw10q&nw=20&renderingType=javascript&namespace=954398f1fd&subid=&uid=42fb68d8141e842a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCfr3nNu2MZay9JpWM1PIPldaMsAnr0sGhad3z3vTFD_AuEAEgtpuVZWCVqrOCwAfIAQmpAoOSnECJobI-qAMByAObBKoEmgJP0JReJNEmvZN2wfmQnWAd60aHdDjQiMz2BeFXTL9OZUunzc4MnMnYsIbnVXSuzZe9f9iG9jUT4uqX8-5DGTpLZCegKzKTVxvl_ERka6gil8DdHe_yF-L5i-sV1WLF2zA9gHOi9-TbzRuo7V93Xq7o1Ly998S0hEYrs5fZ0euhL3zWM21b3yb1PLLni06EgIRCB_P1MH2wDwiAQDSe5oFIrtVbJlIrkBW_nbiG_caN85RLx3qNfeGp1oRvaLVzlsEXVsuc9rSqGnx9lTPaFgmg6ew3wq6W0N0jL8CUkSuLvQd2njrXgUbIkGNoNCjkiMWr8xlq3-Cpf_4OEA5JXeIW6qk4NI7tgDNMm4GJnc8QwPAstjv1X9-BKOnABL6O6uT5A-AEA4gFvdSKiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYv5jb9JmxgwOACgGYCwHICwGADAGiDBQqEgoQ5LSxAu61sQK1uLECrLqxAqoNAkRFsBOH77EV0BMA2BMDiBQC2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwAvHhf_3EC0cKJBaQWadLCWzvz1YTq4KBbdSrzFaYXieTbWa9nhgAyQbEjO5A2lX-6PG9hjoAxVOl4xC647Qlph1bTbHHWmHvJ_oFKsOyIYAQ%26sig%3DAOD64_2OWkdaGONJGacQTQDM41JlhjYqzw%26client%3Dca-pub-3868038712334580%26dbm_c%3DAKAmf-AL7KLk5-26A7c16YYv7_FAs5NrsHVVAXYPBDRpjBoSt-p7t1zugzGAmXD2fBLNaj6aMgL4-jAnFRRWWSB58D0eZtSntJY5yZO5IP8ezlmJwOpRszagdh_v8805mbfZbD1ICNgoRystcuC6fT0WfJeYBrk-b3KstoHD7DyJiUIvG31kIxU%26cry%3D1%26dbm_d%3DAKAmf-CtCbyWZjm4m4PUmbb8J0TgNek9PwrP-f-slgH9o-xMvwKo-43VCB1B7SmDJbVksolh5lY_Uz7mjtJpmWOJTiwlKZRLgee7awV3pB1IH42rziksimvgui_pn9mBxuTEZfwdVYrjPhszcj1ikI7SsySXZ3elR4QvjVPnA5MTkT9tag1SvdzjgeEnXyfKD1GAdIHpPaIqKIKXD9AFQhQ1MIthMnSf4-Xn3y3sYgwPQapuQO0CtC-XefFaHexIN6GHOCczc6z0wfK0bgs5bxSAYDlNa-tBatdanYmH61JSZcf_c4K5GUKAbI1-XiCCClEg3N5eOuehsJapwp5RlcpjSg2txFI6PpgIBqALVL2AifzVn1z6P9fTWQ2aF279fSv5zCbV0DZu7tpQ23PVVU1NiG3GGqm3rAK9IdZqynerzTnDNkXq4s_LdDTHKwHzGcCNyWAzC5rec-gZUkVsKhc6KWt7q2Zewm2tPamLozf20yWv6uDQp9hapxcrezVHoAsfUznk_j2BGjbTdXq3eBZCq78n_yjgen8t9FXZuO7xBj0EPNUED3dN3tDWvTYzDKEZSgZCpe52%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231207%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-0-%26adk%3D1812271803%26client%3Dca-pub-3868038712334580%26fa%3D3%26ifi%3D12%26uci%3Da!c%26btvi%3D1&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Ftrfnews.i234.me&random=6752670895&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Thu, 28 Dec 2023 03:36:23 +0100

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame E906 39 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 15:53:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42165
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 26 Dec 2024 15:53:38 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1F3C 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BUv91Nu2MZa29JpWM1PIPldaMsAkAAAAAOAHgBAI&bg=!UlGlUR7NAAY3kmNgF5I7ADQBe5WfOA6no6qCwc5fOddoURtRBGyXJAyFnZZn3-JgUsofEoNPzVPm2xx772usY7cWowbVAgAAAGxSAAAAAWgBB5kDNYZPlGIN4UKjA1kUm5QS132o6U5373g5VAjzkSUUDYL15Mwcz7KPlM3871Uz35-Nj8ZNjEAW9eUakiZpueNGuaXbGIep8rd36EjArem3aRdjZ6FTzKB-7BNnW0a11ceYxenYx70SnIwvyDD29jsIN4a-yypCKhhvlgsMrh1bb3IZ4d60J5cbdpHRQLlBMshj6Hrk7BoxTdIS_ba7kXxuPBW10xSq5z9JUS58YrUgdIK17tikiS-sWC10Qy8WmRXsFSjDk0oiuX4hYwMV0hRJbkcQJQTGwLIjygVU1hjprV31wqwHdd6aiscW5qRJ2_HLtFwePNMIJQudZol0e5VDoPxmp2syT5oNbDbGUSaF5Oxf4E_XQZqwqm1p4tssWfH-snloeLUluVkKiVFP7wRspJ-pN5JqPgBWULt-0CPxI4fldilpYGC-oU7O3Ofe_vgZicNUVEPRWJXM7QJigeHGKJ_XU8osBtYJMehZat1uRzFQkQgKDSC8bkSq04l20wurqeFvznY_3H8XTSFbYBMkTKOLfFEOQhgdF9_oRSbRvCo6SqTfLgbboYOn8NMnQP-xk_iPizZ1o5mkjGT3ObkaVmZrDFeg1mnjlbh4J11HaenxedRo94EageZOGN7NsMnb27G5X7T0_HWqB4_vXFagDS0C7AAFnJjQSw7XMgKxFctrNLJhc__2XqiFxKZr3qycMfxbgltzQ5hoK6XB6-Sn0mWdUV0YfCAH4_YSJHSJQq19LrVv8HqqXOZsVmd5imyhixJA2bflclYRPkiEhIMaR10q0zfMjHd9DkRpfNBVgXIzSwV7FhDOphpInO-HO6ZXhbMcztCMVxonAONUCFEQgp8sHpLTBCnrrxULz5eCBwBiXHdeAFCrKMARqw7kzbq7ALoIrVelgCoLuehenaqYv1ug24zMSxf8ZkNN4JZqFOSXoVg2LcxYbkZxPlsZSKhEG1JNfgRL_O8yxEP0v1T8Vhuwl9J3fGjmP8m90zJ-covBjirodE0YP6GPTkT4a75DMyUj1-O-Iq5TXrJHNF6A0HW75HHUQwgu9O4b52jqFGKN1XWv8rOUKrReZkqcM5vOigXaN4iX

Requested by

Host: trfnews.i234.me
URL: https://trfnews.i234.me/wordpress/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E906 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Bu57JN-2MZYrWE7_8x_AP7tOCyAIAAAAAOAHgBAI&bg=!enmleTbNAAY3kmNgF5I7ADQBe5WfOL85ezWqj52mixGUXmWlkm2sVUuHziNqz6N4Ysu-FNswg302kuU-0zbMn7Uv-XGDAgAAADJSAAAAAWgBB5kDQQDCqAwaQK08qNW8Aq0z1vrAQYeWnHZh9CA7BQg2_kBOdkDetRUr4Cq4mi2NIOJXS93tZQBV-aPi2arqiiEHFKrVf_7kujEbEJzRYF07gjhxgb_2Wl56cjIN3DkVOC0CSaR3Ta71O9GAIQv6-McNRYlwjG5J0SxyeKDYN8KQNwgyKlZNaTfr9FdWYXvWicwL0xJV1y03OwB6nnU71ieHHzwn7gD8H2Ix4WdLj1D-onteiIfUfqkja8FXCkGe2cmOKJFgBxI2zVhXk3j2F1ek6jFcbvq9zIkN-RbDgz344A1Noquyx56k2aRWgWmlY4swI7bRCE9ZeNChe0CNyLRJmdelAE2CVpO8HbdDu7YI-10v71se52WQHQQ3AO18Wr__IkmxZr01QyBIiMwFnfo3GdGug2-wBs9WImAmIxYhsIa9l2rU-Zg2kp5KPXKEX5DwAftdUJg2A0WFNllE5sdBv9yrOnp-7w40aoSpkQq9xFRANuYSmdWsSDLaqDzGsfVVoUzAOGN7Zk9ZciC-4mB-6sIe6OTK3ccXsxtWyAZI-i92cXfZILYBjl8PKz_z5aHluMaD-TDn7XkhuVflDQY0ukI21_jQamXcbkTHEB4TCOpVaz8t9Ca366SLBiWwpp-3nlquxwQKHxQLfFplxT1U0hsgxk3-RfzLu-VsOt8WNod1HBM8KuCxD9iJCPgM9_g8eDls-6CiAk1LkVif0CJaNl0s0oyhcKBk1hsMF9qOdDgjH-5Zbzf3Zj2h1pqoQNk59iNzJqFS5BdTpgthlK0GlWcExezgrDP4MkW4Q-TVEmfMMg50EpMQf_RnIzC_dv-BP8lIlFZaZcy2qa0EJGF_pcJMdZV3L1-SrJi6NOhKy4hiMQ91LcOvs9AfszC3lNMSyUbmuXaq_s8HCIYieSFH3ax_999tLK8VMTvtg25jmYOweafpkE9D5rr-IgKN3eviHxFXtvLsVZ2OMQrH9wyZ3soGkRPpHdMm60GFBn6-TnTIv9OKPjG2E-xQOZm0W9ggLFCzDv3LiyEvLwODUZCx6LRNDjxzuSS2L4Ts03StDM0cKo9o1vD9YamqdwIPZu2BbjLar8DJn119jfYKnVXiSnag

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
adv.office-partner.de/ Frame 2383 930 B
923 B 82ms
7ms Document
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request.php?zone=kjmi9fqzw10q&nw=20&renderingType=javascript&namespace=954398f1fd&subid=&uid=42fb68d8141e842a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCfr3nNu2MZay9JpWM1PIPldaMsAnr0sGhad3z3vTFD_AuEAEgtpuVZWCVqrOCwAfIAQmpAoOSnECJobI-qAMByAObBKoEmgJP0JReJNEmvZN2wfmQnWAd60aHdDjQiMz2BeFXTL9OZUunzc4MnMnYsIbnVXSuzZe9f9iG9jUT4uqX8-5DGTpLZCegKzKTVxvl_ERka6gil8DdHe_yF-L5i-sV1WLF2zA9gHOi9-TbzRuo7V93Xq7o1Ly998S0hEYrs5fZ0euhL3zWM21b3yb1PLLni06EgIRCB_P1MH2wDwiAQDSe5oFIrtVbJlIrkBW_nbiG_caN85RLx3qNfeGp1oRvaLVzlsEXVsuc9rSqGnx9lTPaFgmg6ew3wq6W0N0jL8CUkSuLvQd2njrXgUbIkGNoNCjkiMWr8xlq3-Cpf_4OEA5JXeIW6qk4NI7tgDNMm4GJnc8QwPAstjv1X9-BKOnABL6O6uT5A-AEA4gFvdSKiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYv5jb9JmxgwOACgGYCwHICwGADAGiDBQqEgoQ5LSxAu61sQK1uLECrLqxAqoNAkRFsBOH77EV0BMA2BMDiBQC2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwAvHhf_3EC0cKJBaQWadLCWzvz1YTq4KBbdSrzFaYXieTbWa9nhgAyQbEjO5A2lX-6PG9hjoAxVOl4xC647Qlph1bTbHHWmHvJ_oFKsOyIYAQ%26sig%3DAOD64_2OWkdaGONJGacQTQDM41JlhjYqzw%26client%3Dca-pub-3868038712334580%26dbm_c%3DAKAmf-AL7KLk5-26A7c16YYv7_FAs5NrsHVVAXYPBDRpjBoSt-p7t1zugzGAmXD2fBLNaj6aMgL4-jAnFRRWWSB58D0eZtSntJY5yZO5IP8ezlmJwOpRszagdh_v8805mbfZbD1ICNgoRystcuC6fT0WfJeYBrk-b3KstoHD7DyJiUIvG31kIxU%26cry%3D1%26dbm_d%3DAKAmf-CtCbyWZjm4m4PUmbb8J0TgNek9PwrP-f-slgH9o-xMvwKo-43VCB1B7SmDJbVksolh5lY_Uz7mjtJpmWOJTiwlKZRLgee7awV3pB1IH42rziksimvgui_pn9mBxuTEZfwdVYrjPhszcj1ikI7SsySXZ3elR4QvjVPnA5MTkT9tag1SvdzjgeEnXyfKD1GAdIHpPaIqKIKXD9AFQhQ1MIthMnSf4-Xn3y3sYgwPQapuQO0CtC-XefFaHexIN6GHOCczc6z0wfK0bgs5bxSAYDlNa-tBatdanYmH61JSZcf_c4K5GUKAbI1-XiCCClEg3N5eOuehsJapwp5RlcpjSg2txFI6PpgIBqALVL2AifzVn1z6P9fTWQ2aF279fSv5zCbV0DZu7tpQ23PVVU1NiG3GGqm3rAK9IdZqynerzTnDNkXq4s_LdDTHKwHzGcCNyWAzC5rec-gZUkVsKhc6KWt7q2Zewm2tPamLozf20yWv6uDQp9hapxcrezVHoAsfUznk_j2BGjbTdXq3eBZCq78n_yjgen8t9FXZuO7xBj0EPNUED3dN3tDWvTYzDKEZSgZCpe52%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231207%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-0-%26adk%3D1812271803%26client%3Dca-pub-3868038712334580%26fa%3D3%26ifi%3D12%26uci%3Da!c%26btvi%3D1&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Ftrfnews.i234.me&random=6752670895&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Thu, 28 Dec 2023 03:36:23 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Thu, 04 Jan 2024 03:36:23 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2

200

activityi;dc_pre=CKmjnfWZsYMDFYvNOwId7LgFlw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=662711703618.2462 Show response
8019191.fls.doubleclick.net/ Frame 3066
Redirect Chain

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=662711703618.2462?
https://8019191.fls.doubleclick.net/activityi;dc_pre=CKmjnfWZsYMDFYvNOwId7LgFlw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=662711703618.2462?

391 B
330 B

50ms
50ms

Document
text/html

216.58.206.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8019191.fls.doubleclick.net/activityi;dc_pre=CKmjnfWZsYMDFYvNOwId7LgFlw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=662711703618.2462?

Requested by

Host: trfnews.i234.me
URL: http://trfnews.i234.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr35s10-in-f6.1e100.net

Software

cafe /

Resource Hash

91b81121dce9a6789f25711f53fcb29b605cc2ac99511e5af8f81d783067595d

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 221
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 03:36:23 GMT
expires: Thu, 28 Dec 2023 03:36:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 03:36:23 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8019191.fls.doubleclick.net/activityi;dc_pre=CKmjnfWZsYMDFYvNOwId7LgFlw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=662711703618.2462?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900019.redintelligence.net/ Frame 4679 5 KB
2 KB 20ms
7ms Document
text/html 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900019.redintelligence.net/request_content.php?s=94964300009137204444546012552019&a=f0fa326e
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request.php?zone=kjmi9fqzw10q&nw=20&renderingType=javascript&namespace=954398f1fd&subid=&uid=42fb68d8141e842a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCfr3nNu2MZay9JpWM1PIPldaMsAnr0sGhad3z3vTFD_AuEAEgtpuVZWCVqrOCwAfIAQmpAoOSnECJobI-qAMByAObBKoEmgJP0JReJNEmvZN2wfmQnWAd60aHdDjQiMz2BeFXTL9OZUunzc4MnMnYsIbnVXSuzZe9f9iG9jUT4uqX8-5DGTpLZCegKzKTVxvl_ERka6gil8DdHe_yF-L5i-sV1WLF2zA9gHOi9-TbzRuo7V93Xq7o1Ly998S0hEYrs5fZ0euhL3zWM21b3yb1PLLni06EgIRCB_P1MH2wDwiAQDSe5oFIrtVbJlIrkBW_nbiG_caN85RLx3qNfeGp1oRvaLVzlsEXVsuc9rSqGnx9lTPaFgmg6ew3wq6W0N0jL8CUkSuLvQd2njrXgUbIkGNoNCjkiMWr8xlq3-Cpf_4OEA5JXeIW6qk4NI7tgDNMm4GJnc8QwPAstjv1X9-BKOnABL6O6uT5A-AEA4gFvdSKiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYv5jb9JmxgwOACgGYCwHICwGADAGiDBQqEgoQ5LSxAu61sQK1uLECrLqxAqoNAkRFsBOH77EV0BMA2BMDiBQC2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwAvHhf_3EC0cKJBaQWadLCWzvz1YTq4KBbdSrzFaYXieTbWa9nhgAyQbEjO5A2lX-6PG9hjoAxVOl4xC647Qlph1bTbHHWmHvJ_oFKsOyIYAQ%26sig%3DAOD64_2OWkdaGONJGacQTQDM41JlhjYqzw%26client%3Dca-pub-3868038712334580%26dbm_c%3DAKAmf-AL7KLk5-26A7c16YYv7_FAs5NrsHVVAXYPBDRpjBoSt-p7t1zugzGAmXD2fBLNaj6aMgL4-jAnFRRWWSB58D0eZtSntJY5yZO5IP8ezlmJwOpRszagdh_v8805mbfZbD1ICNgoRystcuC6fT0WfJeYBrk-b3KstoHD7DyJiUIvG31kIxU%26cry%3D1%26dbm_d%3DAKAmf-CtCbyWZjm4m4PUmbb8J0TgNek9PwrP-f-slgH9o-xMvwKo-43VCB1B7SmDJbVksolh5lY_Uz7mjtJpmWOJTiwlKZRLgee7awV3pB1IH42rziksimvgui_pn9mBxuTEZfwdVYrjPhszcj1ikI7SsySXZ3elR4QvjVPnA5MTkT9tag1SvdzjgeEnXyfKD1GAdIHpPaIqKIKXD9AFQhQ1MIthMnSf4-Xn3y3sYgwPQapuQO0CtC-XefFaHexIN6GHOCczc6z0wfK0bgs5bxSAYDlNa-tBatdanYmH61JSZcf_c4K5GUKAbI1-XiCCClEg3N5eOuehsJapwp5RlcpjSg2txFI6PpgIBqALVL2AifzVn1z6P9fTWQ2aF279fSv5zCbV0DZu7tpQ23PVVU1NiG3GGqm3rAK9IdZqynerzTnDNkXq4s_LdDTHKwHzGcCNyWAzC5rec-gZUkVsKhc6KWt7q2Zewm2tPamLozf20yWv6uDQp9hapxcrezVHoAsfUznk_j2BGjbTdXq3eBZCq78n_yjgen8t9FXZuO7xBj0EPNUED3dN3tDWvTYzDKEZSgZCpe52%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231207%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-0-%26adk%3D1812271803%26client%3Dca-pub-3868038712334580%26fa%3D3%26ifi%3D12%26uci%3Da!c%26btvi%3D1&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Ftrfnews.i234.me&random=6752670895&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: b31bb3a3e7a19f9a8cf4ed000fb1f911a0c9f1eabc6d4a520d24a0e191d8a8b3

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1652
Content-Type: text/html; charset=utf-8
Date: Thu, 28 Dec 2023 03:36:23 GMT
Expires: Thu, 28 Dec 2023 03:36:23 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK viewability Show response
hal900019.redintelligence.net/ Frame 4679 0
150 B 20ms
7ms Script
text/html 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900019.redintelligence.net/viewability?s=94964300009137204444546012552019&a=3e3fba34&vb=m
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=94964300009137204444546012552019&a=f0fa326e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/request_content.php?s=94964300009137204444546012552019&a=f0fa326e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 03:36:23 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 link.html Show response
track.webgains.com/ Frame 4679 1 KB
2 KB 135ms
64ms Script
text/html 18.132.155.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=3272835&wgcampaignid=99582&js=1&clickref=94964300009137204444546012552019&viewref=94964300009137204444546012552019&nw=1&cp=648356542
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=94964300009137204444546012552019&a=f0fa326e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.132.155.124 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-132-155-124.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: b539edffdb154b9ad97829357a6ace5a4e74d87dbbf8f7fa4729c45a08c25c8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:23 GMT
last-modified: Thu, 28 Dec 2023 03:36:23 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Thu, 28 Dec 2023 03:37:23 GMT

GET
DATA 200
OK truncated
/ Frame 4679 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame 2383 175 KB
63 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

17cfdf105682ba948d6e2b43a1302c0e1232629c8c1a56b17f11b7ecdbc24e54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64120
x-xss-protection: 0
last-modified: Thu, 28 Dec 2023 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 28 Dec 2023 03:36:23 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 2383 274 KB
91 KB 19ms
19ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

de538012331173fa5ca08711548945e19c6d71d894286c20d86cde4b681e249c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 93076
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 28 Dec 2023 03:36:23 GMT

GET
H2 200 dc_pre=CKmjnfWZsYMDFYvNOwId7LgFlw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=662711703618.2462
adservice.google.com/ddm/fls/z/ Frame 3066 42 B
401 B 67ms
46ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CKmjnfWZsYMDFYvNOwId7LgFlw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=662711703618.2462

Requested by

Host: 8019191.fls.doubleclick.net
URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=CKmjnfWZsYMDFYvNOwId7LgFlw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=662711703618.2462?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8019191.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 4679 53 KB
19 KB 61ms
8ms Script
application/javascript 18.66.147.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=3272835&wgcampaignid=99582&js=1&clickref=94964300009137204444546012552019&viewref=94964300009137204444546012552019&nw=1&cp=648356542
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-120.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fbc6bed540723f219a878e5735ae8cb1c05aa9f7012bf21870cd79e41af25bcd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 01:58:54 GMT
content-encoding: gzip
via: 1.1 dde951f556570d42a581084479d8b0e8.cloudfront.net (CloudFront)
last-modified: Sat, 09 Dec 2023 12:01:22 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 5850
x-amz-server-side-encryption: AES256
etag: W/"1180a1bfee0aad979766ecd6180b923e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: d9NCo9tvy8cRVpTCBRr1SvKUAhIAZrl4i8WgG-nEkrZZUJHLkQOyIA==

GET
H2 200 link.html
track.webgains.com/ Frame 4679 42 KB
42 KB 71ms
71ms Image
image/gif 18.132.155.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgdedup=1&wgcampaignid=99582&viewref=94964300009137204444546012552019&wglinkid=3272835
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=94964300009137204444546012552019&a=f0fa326e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.132.155.124 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-132-155-124.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 50f4c8f45b4e196feec79244176b1b9312fec9e40065e06853d0c6edf4f81c4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:23 GMT
last-modified: Thu, 28 Dec 2023 03:36:23 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Thu, 28 Dec 2023 03:37:23 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 56ms
56ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202312060101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5b98c894b948b7d4015285a029315086b91d81c85b2b43b26dd8fb118a29bb9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12055
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 28 Dec 2023 03:36:23 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 534C 13 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://trfnews.i234.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 269591
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 25 Dec 2023 00:43:12 GMT
expires: Tue, 24 Dec 2024 00:43:12 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5CEC 829 B
997 B 17ms
17ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

53094101dfd1e1c7b69826cb57dcc658ae4d12edcfd4d5ebe21384f9d5b45f73

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-SNgJ6yEUvQV_enbAiiWAow' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://trfnews.i234.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-SNgJ6yEUvQV_enbAiiWAow' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 03:36:23 GMT
expires: Thu, 28 Dec 2023 03:36:23 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 534C 39 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 15:53:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42165
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 26 Dec 2024 15:53:38 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5CEC 0
0 41ms
41ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202312060101&jk=2169492246637150&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 534C 0
10 B 6ms
6ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?U7qR9g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 03:36:24 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4B1A 42 B
64 B 45ms
44ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssiTyxZtuxuSxoh_7MVfEXuYyv2kvXQZxeh_0UZewdR5koO8E3aUxi9wYqreiUOrqIXXfLmZBtfXXvNXEfGDd2avv3yimcVE5YJ2T1wbY-ns2u4QLrWJdEuhA6Q-ol28RQN3g11UDEOX51v21bw0AcwpOFs&sai=AMfl-YTsEp7NLscG5f36CfxC6B_-R1h5x6K3JNSF8ntjXSgBas7tOJrVvUijCD3f-4atkEbx0B5HlRbJXjp99ukxzPqoSM3yofTvoS9WdBgfHXTVEni1S54HUaL6LlMeZ8nJfmbUzeiEKeGw2Fx5mQEG_g&sig=Cg0ArKJSzJuNTjUhDEf0EAE&cid=CAQSTwAvHhf_LwtYWKiD3PGAHFbYBj8pX10_mNBo3bmxthm8JyrgQMMj3Wq3lWxOoZxeATcxGwZtsc3g7geRgXPrpHNAoo0qsde56PLiLRzwy98YAQ&id=lidar2&mcvt=1079&p=0,0,280,1200&mtos=1079,1079,1079,1079,1079&tos=1079,0,0,0,0&v=20231213&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=4188038881&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1703734582628&rpt=698&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 4679 16 B
209 B 70ms
70ms Fetch
application/json 13.42.80.79

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.42.80.79 -, , ASN (),

Reverse DNS

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hal900019.redintelligence.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 28 Dec 2023 03:36:24 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 109ms
30ms Preflight 13.42.80.79

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.42.80.79 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://hal900019.redintelligence.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Thu, 28 Dec 2023 03:36:24 GMT
server: nginx

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 52ms
51ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202312060101&jk=2169492246637150&bg=!DA-lD0DNAAY3kmNgF5I7ADQBe5WfOOAn6TIF_SZ0KMEiJvakYLHbwo27dwGKSEAtcaxI4U5TI2s5-wPVnYiMJYBJo7OrAgAAADhSAAAAAmgBB5kC-fqg7IFi1RwxLgvlBWQ-Ac2zXz7gchxPrAzBXJop9wHpfInM6bXRd7SFJ8w6fRgJZzU2qy-y5Nt287kl75nEHMysiFyyv9ZX09NmXR3CoVXkHCXYEvtSKmMz0kb7WfHqVoAHkBPe7CVNlXh7GMAiMg5zlPopVc1fmpN8ca9hd9VwdRyUeljCRBc5I6FDPVV9HvReK9nNQaLAdhe72KRcQUoMqmvK2C74QltEOTmjEIPeSwsD_4Hhkv7SfTwgTMrEyBYmNVC8C0hE4j99MTex02uU7m1EGtxpjuM-wE8wUaI2F0FloBxBjxS90JLn7YjTjr8cCsQXZPZf89ImyRHeFBzoELLd0Jt8Ou2ykkNd5dQSB6W9YTkxU92-8bKGoaADj6La-BSVnP1NScfEXXV3UuCL_w_RGw57bPk9SOibEc2043IB7tMHPp_Hz2x1mtkZdEHYoc3fSSK86Z0r7-xnKfsfR2C0t1UG0SHk22c5GP0kayRAtS2dZuafvaQbxTzh_RgooWt6w8izac_mdzR2k__t8zfODc7b1b3gdxQX1ohFG6UOQNDkCR5-q7O0Dto4GbQkdBH_76Zabk4Ls_12rB73WWSNXg28m_bOLgSADyeJenlKKBgk6593hsDCGERtlxda9l-NyqenPhVkq3WF55VzW0UGffB5oTSv5otxJz4ugj6p3zYhZwgMreK6RCMdtZsYtXpDGATP7GwNj94DRDupgUKNZrX2cmweGfPkSH5gBbMYjGa6QcAEFE4U6VnCNAFzRswt9iw9EULKXtuTugOI3-R-DH0rdYLYWjmoYj3NVoUWw6sfXbFWWuQVmiwiL1N64KYqSYHf24C2BxzwIWoHrx2XHD07T-1BFocrAYcX9sTIkn5-Cmw33kOdiwsbAHJh9bYQoSRsuReOPwryl3xk-7BDvxMF5XWLn0X8DrUx2M_I_-w04kk4JzCIbseqyMZw7wqtz4bvCTWzvjero6mVX7gofSYgJb0zl9tVnyOTlEP-6LRy8ubc
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trfnews.i234.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7FFF 0
25 B 41ms
41ms Ping
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8641846087525&version=m202309260101&ct=77&x=1&cor=1648429615912246500

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 03:36:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

258 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

22 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.trfnews.i234.me/	1970-01-21 02:51:34	Name: _ga Value: GA1.3.1689424002.1703734582
.trfnews.i234.me/	1970-01-20 17:17:00	Name: _gid Value: GA1.3.315307203.1703734582
.trfnews.i234.me/	1970-01-20 17:15:34	Name: _gat_gtag_UA_129116107_3 Value: 1
.trfnews.i234.me/	1970-01-20 17:15:34	Name: lotame_domain_check Value: trfnews.i234.me
.criteo.com/	1970-01-21 02:37:10	Name: uid Value: 353a83b1-76b3-443b-89dd-0d3f176c8146
.criteo.com/	1970-01-21 02:37:10	Name: receive-cookie-deprecation Value: 1
.trfnews.i234.me/	1970-01-21 02:37:10	Name: cto_bundle Value: gwSil19jQkFPWnBueFI5Rk92QTBqeFl2MzlWTHBnUmlMSUp5ZENIeiUyRmk0R0pFeTlRa2l6akhYYzYwY3ZzbUpVaWRnTk4xY0pxdjdhNElOcW12JTJGTEE0T2VrdHJOSnk3UU5WUHBKQzRxb1ZsZnZRZHJSNHMlMkYxNzNDWVV0N2VRTGZHVHlncSUyQlZ4cURFRzNXSSUyRmFSd0VNeXJieVVRJTNEJTNE
.openx.net/	1970-01-21 02:01:10	Name: i Value: 2450575f-dbe7-458b-8042-ac5acdc5dd50\|1703734582
.doubleclick.net/	1970-01-21 02:37:10	Name: IDE Value: AHWqTUkHQKfzWfdiTi4244EZdW8AsK7lM2lYMfaKE4WXMS1fTFsMDScRTuKI7r24
.doubleclick.net/	1970-01-20 17:15:38	Name: DSID Value: NO_DATA
.adnxs.com/	1970-01-20 19:25:10	Name: uuid2 Value: 8902187554271346971
.casalemedia.com/	1970-01-20 19:25:10	Name: CMPS Value: 5300
.adnxs.com/	1970-01-21 02:51:34	Name: XANDR_PANID Value: _2hPX53uKKEVWmlLFrAW6lVGnQw3o1lvaqA4PujaUsPjy7QnmX7Lu4QNpZ1Gx_diNCxiJlP3AY_2Mb6gUGEtIsEDE9TKyYfJ2-JrCQy1KA8.
.adnxs.com/	1970-01-20 19:25:10	Name: anj Value: dTM7k!M41.D>6NRF']wIg2IlkgS__<!]tbPl1M>e)ZlrFUfJ+tGXxo7:Wa[2DtbMn=8(nM^1(5(<UQ>iZsn#4W*Jq=3If)y3KL9D3I?+lj2%A3
.casalemedia.com/	1970-01-21 02:01:10	Name: CMID Value: ZYztNxGZHZrXlCT4tiPrzgAA
.casalemedia.com/	1970-01-20 19:25:10	Name: CMPRO Value: 5300
.doubleclick.net/	1970-01-20 21:34:46	Name: APC Value: AfxxVi6iXISBkzsCchfyKTHzYBBBjQKs82cqGJAhL4bkECVAttFHZg
.doubleclick.net/	1970-01-20 17:58:46	Name: ar_debug Value: 1
.redintelligence.net/	1970-01-20 19:25:10	Name: 8lcfmzhxc8d6_uid Value: 1ecca7029f8c00df
.googleadservices.com/	1970-01-20 19:25:10	Name: ar_debug Value: 1
.trfnews.i234.me/	1970-01-21 02:51:34	Name: _ga_N1RWX7F25R Value: GS1.1.1703734582.1.0.1703734583.0.0.0
.office-partner.de/	1970-01-21 02:51:34	Name: source Value: {"webgains_webgains":{"timestamp":1703734583725,"clickCookie":false}}

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

11dd2ed49eff91a17a6c97287b7ce72b.safeframe.googlesyndication.com
8019191.fls.doubleclick.net
ad.doubleclick.net
adservice.google.com
adv.office-partner.de
analytics.webgains.io
analytics.webpushr.com
api.webgains.io
bcp.crwdcntrl.net
bot.webpushr.com
cdn-ima.33across.com
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.prod.uidapi.com
cdn.webpushr.com
cm.g.doubleclick.net
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
google-bidout-d.openx.net
googleads.g.doubleclick.net
gum.criteo.com
hal9000.redintelligence.net
hal900019.redintelligence.net
ib.adnxs.com
id5-sync.com
invstatic101.creativecdn.com
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
pagead2.googlesyndication.com
region1.google-analytics.com
s.w.org
s0.2mdn.net
securepubads.g.doubleclick.net
static.criteo.net
tags.crwdcntrl.net
tpc.googlesyndication.com
track.webgains.com
trfnews.i234.me
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
104.18.36.155
108.128.142.196
13.42.80.79
141.95.98.65
142.250.185.102
142.250.185.98
142.250.186.34
157.230.100.179
167.71.54.9
167.71.57.196
172.64.152.89
18.132.155.124
18.66.147.120
192.0.77.48
2001:4860:4802:34::36
216.58.206.38
2600:9000:2250:4000:a:e047:753:a221
2606:4700:10::ac43:266a
2606:4700::6810:5614
2a00:1450:4001:803::200e
2a00:1450:4001:806::2006
2a00:1450:4001:80b::2002
2a00:1450:4001:80f::2008
2a00:1450:4001:812::2002
2a00:1450:4001:813::2003
2a00:1450:4001:828::2004
2a00:1450:4001:829::2002
2a00:1450:4001:82a::200a
2a00:1450:4001:82b::2001
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2001
2a00:1450:4001:831::2003
2a02:2638:3::3
2a02:2638:3::c
2a0b:4d07:101::1
34.102.146.192
34.120.135.53
34.96.70.87
35.244.159.8
37.252.171.85
64.235.70.98
65.9.66.104
78.46.90.238
01e78bc965f7c8129ed6982df53653e86a4dcbc9df9566cf00086adb8c862577
041e252170e75ae03b0d0a9655053a18e5fac4f1858785af34a9ff6e65444748
04d549a4f168546afdc3608bc6ef4ad67a16a2bf2baf8c6770f88f524c924d11
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
108cdb682e1d256ba58174d96775ec12fe2e9515ffa2ca7edfff49343a4d97ea
17cfdf105682ba948d6e2b43a1302c0e1232629c8c1a56b17f11b7ecdbc24e54
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea
1fdd4531dbd3e48083eb1b7a435dec19add796bf6dabfe766686d2b9cf16c582
2135b9218095e4fb577dcffd98ff08c1fec7ae25437ee320e331ada7d2d2edb5
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
30fe2b25061c04e45888d4eccbe63e113ad09715a8ee40d87485f188a526aa2d
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3565d0d0087185def97bbbb4116fccacea668100a0e19bfe073dba8cf43fe85c
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
43f91e85f95b0a2078fa0240272e9fc35a1da0c5a529c67de1db47adf0cf167e
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d
45cecf0c00a62d45f78b6144e597af7fa42a566f26e89ea49ae6dbc1252ef9dd
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
4a5a5f972e607d20b54ecec7d3fe5e67152b21bbc7f1f4e31841bc067c3fe5cd
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
50f4c8f45b4e196feec79244176b1b9312fec9e40065e06853d0c6edf4f81c4f
53094101dfd1e1c7b69826cb57dcc658ae4d12edcfd4d5ebe21384f9d5b45f73
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
54e310005e904894ed9c3e6582efae4f8e57e695cba3adb1e304bec2e68a5951
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
5b98c894b948b7d4015285a029315086b91d81c85b2b43b26dd8fb118a29bb9d
5c38c89e435b09017b716919d8a2d9926a54a0a8133dd837d81a9465997caaf5
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63979666f2fefee896863ad307e8066f8539396a226c5c0128d06a21f350e8ba
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
65d03eb82a79a732d7c0180593c4f5dc98a8fac5c20c3a5446c4f14bf93d280a
66b981d0719d3dfc13c5ab9d6acab6095f704a8c178f26436b0260e8e29edf72
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc
76e40bd73665bc898831cb963e300c2cc6a057c86af09aced535c28cf2a4d865
7b97d2ccc814178e0d588db6ad749776f2b6290db6686ae8daade885de1cdb4a
80f4d9c7c420e58b6a1d8013b9512aef088d5e019824b98db55e90fa74480346
845f85e1514e9daf9bbdce8848cfb2291516fd1c08b33b5442866771fdcae064
8590a1cc49716e2d1f16ec57db4c0aaf4245dfdcd349674de8ead8e857f5220c
87dce6ff0b5da285ceace3afdcf68edf75563d6dc1e2e7752ffa895127a62661
8852c670fb95b903364c567bf93e3f81a6e076211cf542bc858b9e4e55c517ce
8ad821de4d3d832e93ba0ceeee283cfb6a444b33f0eac51d0c28a5060f4bd9c2
8cb138b7157ea8c227921bb1a82d03f1bb3e81366b0f3d84baabbe61c310ed43
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
91b81121dce9a6789f25711f53fcb29b605cc2ac99511e5af8f81d783067595d
94aca785a9a34c314490c4e8a712cd5e5fee9da7d6318feb9362cdeab8c28797
9823237c2eaa28fc4efddf36f57328a95160a1e3395efd108092d48a99ae7984
9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a6e850b9391d2a4278ca8363f5b18ff921f22a1b0d4260c7d123e96a4b0b734d
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b31bb3a3e7a19f9a8cf4ed000fb1f911a0c9f1eabc6d4a520d24a0e191d8a8b3
b539edffdb154b9ad97829357a6ace5a4e74d87dbbf8f7fa4729c45a08c25c8a
b8697ab51e4a0f46540e2db9f137bdf4baca26ff960f5bbc12e75768b876ccba
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bccd7936eeee7b5ae5933179fbd2bad8da35fa353212321fd1a2a72be710b323
c0a56a6c907855e5ca531a8bb1eeaae817b03316cb91a9d68c0175eb79dd8cc9
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
c707d5798e40035ef5aa307db04e295703514d654b1e65fa62b04492c687c255
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cb34d2ee2a93fd11b734c124a6fc661339585c63382d08eb31bf921b66519eac
cc2a604a1e6f73444e8db5d749a64c62899943e68ad07feeee39050b4fdb32cb
cf66b1a88c1b59fe8d1068ff7ec392816c6a8a43a1d0647bd940591f09974446
d29d950d2b0f3b7d4df11dd0e5f552f101c53b042c4005e17a23714cbf6a9398
d32218526ba1dc93e86d08729322899539973912d6875c533d5f4debbcb290f3
d3a6d0c18f6887f771aa3cd51db375e7a9588e1af63801cc100cd9bcc5bccaac
d4cf94b530e4411adc336841bb9753cb9723fcc7431467942a39e30293475837
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
db2bdaad0dc9232fadb3de900bf039a0f356521698f213df1edf601e02a5870d
de259eb7ba7a0e45575deb33946f1fbc695c97c33145ae4e49af0069d010868e
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de538012331173fa5ca08711548945e19c6d71d894286c20d86cde4b681e249c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f24d6a2a575d004e391084bc27a8ddc8051ddf7cb278eeefc9cb935dd01a51d1
f38e3317b781a56ec8f6b4f1f105ad6b6c6323d4a59ed59e4038609f0e3039e1
f65784e5e7332dc1e4bbeacbec70fdeef4a1bea84f16ce2ee144999719d195ce
fbc6bed540723f219a878e5735ae8cb1c05aa9f7012bf21870cd79e41af25bcd

trfnews.i234.me Open in urlscan Pro 64.235.70.98 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

143 Requests

91 %HTTPS

47 %IPv6

29 Domains

46 Subdomains

44 IPs

7 Countries

2196 kBTransfer

5669 kBSize

22 Cookies

7 Outgoing links

Page URL History

Redirected requests

143 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

trfnews.i234.me Open in urlscan Pro
64.235.70.98 Public Scan

Screenshot
Live screenshot

Full Image

143
Requests

91 %
HTTPS

47 %
IPv6

29
Domains

46
Subdomains

44
IPs

7
Countries

2196 kB
Transfer

5669 kB
Size

22
Cookies

143 HTTP transactions
5 data transactions