urlscan.io logo urlscan.io
SecurityTrails logo

assistant.corover.mobi Open in urlscan Pro
65.9.95.35  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://assistant.corover.mobi/320x50_placeholder.html
Effective URL: https://assistant.corover.mobi/320x50_placeholder.html
Submission: On March 23 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 19 IPs in 4 countries across 10 domains to perform 56 HTTP transactions. The main IP is 65.9.95.35, located in United States and belongs to AMAZON-02, US. The main domain is assistant.corover.mobi. The Cisco Umbrella rank of the primary domain is 509774.
TLS certificate: Issued by R3 on January 30th 2023. Valid for: 3 months.
This is the only time assistant.corover.mobi was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    65.9.95.37 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-37.prg50.r.cloudfront.net
assistant.corover.mobi
1    65.9.95.35 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-35.prg50.r.cloudfront.net
assistant.corover.mobi
4    2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
securepubads.g.doubleclick.net
1    2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
1    2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
16    2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
www.googletagservices.com
1    2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
7    2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
2    2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
2    54.76.123.167 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-123-167.eu-west-1.compute.amazonaws.com
fw.adsafeprotected.com
1    2a00:1450:4001:806::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
4    142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net
cm.g.doubleclick.net
4    185.80.39.216 (Canada)

ASN27381 (CASALE-MEDIA, CA)
dsum-sec.casalemedia.com
3    185.89.210.212 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
ib.adnxs.com
1    74.125.133.156 (Nashville, United States)

ASN15169 (GOOGLE, US)
PTR: wo-in-f156.1e100.net
bid.g.doubleclick.net
1    2600:9000:223f:0:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
static.adsafeprotected.com
7    2600:1f18:1aca:4280:2300:27c4:b916:bc25 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
dt.adsafeprotected.com
5    2a00:1450:4001:806::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
2    142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net
googleads4.g.doubleclick.net
Apex Domain
Subdomains		 Transfer
23 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 108
1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com Failed
tpc.googlesyndication.com — Cisco Umbrella Rank: 135
130 KB
13 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 190
googleads.g.doubleclick.net — Cisco Umbrella Rank: 29
cm.g.doubleclick.net — Cisco Umbrella Rank: 206
bid.g.doubleclick.net — Cisco Umbrella Rank: 714
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 319
208 KB
10 adsafeprotected.com
fw.adsafeprotected.com — Cisco Umbrella Rank: 747
static.adsafeprotected.com — Cisco Umbrella Rank: 575
dt.adsafeprotected.com — Cisco Umbrella Rank: 530
104 KB
5 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 283
155 KB
4 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 535
3 KB
3 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 210
3 KB
2 google.com
adservice.google.com — Cisco Umbrella Rank: 68
www.google.com — Cisco Umbrella Rank: 2
2 KB
2 corover.mobi
assistant.corover.mobi — Cisco Umbrella Rank: 509774
1 KB
1 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 187
49 KB
1 google.de
adservice.google.de — Cisco Umbrella Rank: 8820
531 B
56 10
Domain Requested by
15 pagead2.googlesyndication.com securepubads.g.doubleclick.net
1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
tpc.googlesyndication.com
pagead2.googlesyndication.com
fw.adsafeprotected.com
www.googletagservices.com
7 dt.adsafeprotected.com 1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
7 tpc.googlesyndication.com securepubads.g.doubleclick.net
1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
tpc.googlesyndication.com
googleads.g.doubleclick.net
5 s0.2mdn.net assistant.corover.mobi
s0.2mdn.net
4 dsum-sec.casalemedia.com 2 redirects googleads.g.doubleclick.net
4 cm.g.doubleclick.net 3 redirects googleads.g.doubleclick.net
4 securepubads.g.doubleclick.net assistant.corover.mobi
securepubads.g.doubleclick.net
3 ib.adnxs.com 2 redirects googleads.g.doubleclick.net
2 googleads4.g.doubleclick.net assistant.corover.mobi
2 fw.adsafeprotected.com 1 redirects 1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
2 googleads.g.doubleclick.net 1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
pagead2.googlesyndication.com
2 assistant.corover.mobi 1 redirects
1 static.adsafeprotected.com 1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
1 bid.g.doubleclick.net 1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
1 www.google.com tpc.googlesyndication.com
1 www.googletagservices.com 1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
1 1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 adservice.google.com securepubads.g.doubleclick.net
1 adservice.google.de securepubads.g.doubleclick.net
56 19

This site contains no links.

Subject Issuer Validity Valid
assistant.corover.mobi
R3		 2023-01-30 -
2023-04-30		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-03-06 -
2023-05-29		 3 months crt.sh
*.google.de
GTS CA 1C3		 2023-03-06 -
2023-05-29		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-03-06 -
2023-05-29		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2023-03-06 -
2023-05-29		 3 months crt.sh
fw.adsafeprotected.com
Amazon RSA 2048 M02		 2023-02-10 -
2023-05-27		 4 months crt.sh
www.google.com
GTS CA 1C3		 2023-03-06 -
2023-05-29		 3 months crt.sh
static.adsafeprotected.com
Amazon RSA 2048 M01		 2023-02-24 -
2023-09-04		 6 months crt.sh
dt.adsafeprotected.com
Amazon RSA 2048 M01		 2023-03-01 -
2023-05-08		 2 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2023-03-06 -
2023-05-29		 3 months crt.sh

This page contains 9 frames:

Primary Page: https://assistant.corover.mobi/320x50_placeholder.html
Frame ID: 06F2941DF4E2D3D854FDEFE15C76648B
Requests: 10 HTTP requests in this frame

Frame: https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: F57DB059B282A3C20E00C46199F1A8B1
Requests: 1 HTTP requests in this frame

Frame: https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: CF2F8067D16385384EEC31B4E3D6ED33
Requests: 28 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARi4g8nRATAB&v=APEucNVfEElR81YmKXVNRFntkegOoAgdZYj3Tma-3rQiumz9Yy1cY2kHZPPxc1P-dlqc_vTvrTB3AQLjhLdbBYkhereYG1DMXagz4G3U-LoVDk_ctxlBryfLZy9AknKqUyBKiF_Erm1HbvThyrX1S7CeW0ot2yTVKtpch9oWijFaYt8sKOdo5qA
Frame ID: 46124E07EDEA7473F62A99477577E0DD
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 3D90844D587B8978DF6703D3E855382C
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D3C454CCFB25D458211AE47707BDF9C7
Requests: 2 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 7A4D7EAFC2192F4F7723B6124F1F3FEC
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: B392DC901A65A20549FDEDDB3D5A87FD
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/1360297226579505005/DE-DEU_XA-10_0_320x50_BAN-A_HTML5_BOFU-no-Security-XDRSubHubBanners-Security-ALL_0_105/index.html
Frame ID: 5238E544A526584782C2CCC47F4DBC03
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

IRCTC Ads 01/06/2022

Page URL History Show full URLs

  1. http://assistant.corover.mobi/320x50_placeholder.html HTTP 301
    https://assistant.corover.mobi/320x50_placeholder.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net

Page Statistics

56
Requests

89 %
HTTPS

58 %
IPv6

10
Domains

19
Subdomains

19
IPs

4
Countries

720 kB
Transfer

1779 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://assistant.corover.mobi/320x50_placeholder.html HTTP 301
    https://assistant.corover.mobi/320x50_placeholder.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 21
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEB-8n0tXHPXsr-qlYgi_KLw&google_cver=1
Request Chain 22
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZByepjAzNvzuI0J.Eha16AAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEB-8n0tXHPXsr-qlYgi_KLw&google_cver=1&google_hm=2
Request Chain 23
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEFeIqozgS0Z9uAgvSlgIpk8&google_cver=1
Request Chain 24
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTYwNTg4OTkwMDQ4NDgzMTQ4MA%3D%3D
Request Chain 31
  • https://fw.adsafeprotected.com/rfw/bgd/1135760/65089098/xbbe/creative/adj?p=APEucNU6rSEkWRmZj_gZjnH8oQGvHLhltSuIESq_ZOpSkL7Gf08aUEI&d=CokBAKAmf-Dk3HasrptsU83kvTaYEWYVbckuWPoxajVg0evNFpJJ-ir8lhStEgoADqtm2Nf1rF-F2Cvo1VfS7VIdbx2frxHdtsih5UzPuLtT_Vlx1FR8H1BCuBGtCvOHffO_l_2hMDcupyES2i-W0INZw4NZEqo42InR22kcxjVhmC3b6SIz7bVXnhQSuRQAoCZ_4EXrJcKL_l0jc4uqEunYLfvwHgFjHPp4ogMahPRvT1rYSiVtSwj0zT5ZNP4E2qnFpYtUTIunh86xmtHRJydwemAZfl8S0IUkWyuPOAfQhKkpA2eeHL4S3NmW-ULVvCSVqtWXCuLGINR6tCblAQf_TTGMrmCv2-RS7D3b1RLDcbklocdEmcxWuHFsMA_ldpK_ct-bxYaVzaoKBsVvQERKSb8qMrT_yIYQsZ6K8UiqbTj1sTydaifgne8agrm9DrYOqqKchwcVQsLtN9-WNZ_-0WbpIWVfSb2g40VHP2K8IloB1F6t4RUtrg-SaUtMcoJXL_KGHMSvDDH2BiQyRMrZo2EWPldNfxZVM7R0cvzbsJz9lJuBvPRTKo0qDs3mO8aEpixHYqZi-Y69vpJvPaFH6W-09zcJTxOk5p7ANZBdTnCQP1-DB6LHupsjgweNxg-9W31UnogwwXC9hAh2nnPyfx3zisl8AD_nnhH_2NhWjx61qVNJPVloVazumvX-x7yxZOMmgPihCUhYhSzbTSMbYgthh-wXZ6v6kh8OMPJ4YoX_OkrU622nbVv9UmX-uQOU7Vx6nrWtZqt4hQWD9wkKWoaIP4nyXW24Hpb8hh6xC4tuPK10r9v8e1q5ZCk33de6UluJkT-pra7o8poutnPVUC01BrlnMK2AZIIkTZZA5wNU2K5kBWgatevYyjXFcdUqBfWyipxmv-HEs1DBqaOcZMWfm01DTssfSBklaAJZEWT7RlmiryzrcPXE3V0v75oYRIaNa0HNcHTfju_yRhBm_s11rhdmQPsp3DzOh6myi9Z2tEFlJ_S4A7lBvGkygUa7r-Fb0Hkd5WalO6aa95M7abVHkeB2gnqbhnS7NIHiKVKNhkM09HlCImG44NJY7aDY8FIKSvlinSWmwMbQmS5xu22dnUrMBK5sdRU72g8XsJD0cHYMLoulMhR3SzkOmvKi8yAqXztjvt8NRZpOfgfX99yuKVKyCch5qqrX_R_NoutqkWjTf4HKvQjezdUcu1dAOVihm9rDgWgDgT62y8RGzdLvlb0jbTkr-6s7BMQECOO9gKrWlKQpB6Mei25Caq6iWQMFrWV3c2xRkrsh30yilnDdzjZOTQNszMBp_jV6_-5j7PpcXPuYPjMhPmWOfFMk1GEqUHt-UStavRvtyOG0KLMFPGzzH0iRsxaelRnNDeZtSt5jx_YCdcOcAm-LEnh94CTXp2PTsoMP-gC3kedFncWgUKGI-WzbAGxTNTa5w21KlHuGzCPDXF5jDjQqbS8Sb_cmL9-4wfKQ_UZ5ToAGOnPrgNZu1co2ty2MY_ATnCsmngmhREYhYl5VjJuWeLiQYvcN7mp5mDO4JY0t_gKc1Wk2BJyvUIW-aQCiZ6OTMcmmhRl3kZU3mBY8Hg8bE6ttLw1reQ-LPrzAdZnfbfNYcFAG9wioQEIK93Fyyd_77fGO4Z31Q9cC6sp4jUSHE6jdOU0-gtrFgfOx9CMTnCXM6FREThWu54QgT4NXRMKBMRUQFwEFJtBPA_WSH_6euBco4ygFSawH13WEEDfVDzoHJB1sZCD9XI0MEbZ5sPpvdDtDTxwYIOYW5XBcAZziW2QYDaqKu8qz9tuoDUj3j6pU42L8d55SKEyooI8Qb32OqH4wucnBRYY2BmUoi6J0VKdZ2DLgXbT2aoGn-H57cTY7AoDtRp_Ob-fTSJ65Kb8g_KpeP06Wu6njBixmsyH8_KaeD8W7ChHWDDe3dt75935QrbGyBe9bZ1Ygf2-4EGFh7MK6eaPaGr8QskaDk-k_yyJ17bFb1j0zS2lrUamiKSSklI44J-QfxZ2NNJxLkFxGcVEASdPyrlWYIVEeF0QVO-G29UB0jR7TkCdI4XzJe8qCxBmATJSLeDjHRew_5ZHEGG9KpbscXFIxFCaNfCF0cQA3ggDMCxcgZblqdGfe43CsyT47UeoHkGGruXHBKTELlg-A1P-XG9aZ0NmYGHU6jF110BDiEW3pQr4YUTCAOqDBK2Run9ZomQaYw8MNX10AmkATPRKOLyNDpAkYbrl0_pGTV46_ZZ_pWC4G1qTqUtoS45IymxL_UlE8DJeD1xbhxLmCbt0TsS6qfncd3lEv_T5mmQgk0tTB8CgrTE7S2gw3aLcfjDGZip5yP_ZLoS_WikVZBKYX_fdzsB2rRB8e92T80BwLcQ48aLk35aHaa73yRaUE1sokmBU3ATXlRcHjIjaCqA5Bh6JFWrM8To9RY5MOeiPkUGKosqwR8uIbaLD2vBN5Bwn3lhSPiEkWrSa0_teY5z0-qrjkBLGcePgTGsVMxgMDAocVeNxNKofmPv8SCiD_cv40NnkIoF5C09fIb5vwxGudMIycB3ZbEINpRjgxJJgC8pGu5U-_jOGxu7TVHPIwgqFrzp-0qhIk05fR8BAz3zELuXHdY-2rdHorvRZeTwbs9TiFpuWrZNXIOHK2tMI7kIPvbGZWLQt7Z7b3KpjLlFqw3hYJeAyTl03HSVRDAH22AfbOzEhsY89bVxwAe3-dFRluK1tjmSt5xKKht02ToYEwEHjSzpwry60E_CafnlhG9alnVEktAn3gu7JQTC9rEMflXHPtTCHrDW43gZdP_0SQawCC3zm9LyjQudw72OMVvQz_UvuYAC3U89jJ0rsxLMCxAga40bLuVwXJahLJ9EE-vsw_O93Dht-FG5fEt6gswfIOOZ59-H8P4BAB__wqemSMz8SBrlSD5fZle7vaTXtQdQlFtDRQPKn3_bzNUg7Mc20x4uOlF2UJKHRGqaQck_57F3UNyldFWPNi-O-rEBHD9MtokJeUUs0Xl8Y20qdjTCscJMf9cT_9otWWGQVV2pIBcFubdk-NsvQ1ExwZZrBfdTTeE3muvo582OW-a5iIYEB3kDkKxjQYXmUOZG26Km_N2ibw9OAZB2L7ohouINyLyFCoBrMLrmcHf03tiGtTIKRibw1uCvd34YB2UXfaaqKxnqcF1adV96-uH2P9ZpKw0w4a84FHM-qTXaoGT2tiD0wk2ZJu7tks9hGa7Az4WTKLzD2VueFEJfIVxAyeI5ewo2b-vM7JILNTaV1nGLDima3R1msoPxTPhq4M6xvWVJzCocF6AY4wOkHSry0KLhN0eCerIjjHriDbZlrJsVB9gFuTGGWip5AgNxGj2dnsIBvWUPgcX_LKiNhZdWApXoXIdUZm--5Y5vlrbfTUNXKh8qm-wYcNj44w-IfnJ5dmVfXt8RV3nU2Jj1tfQxPOAYnhewgiW6C9Z6lPvpFI7WygaMG-p7nKngmf19JgZHPGZCI7pUEND9hCsYtQqowUv1qbWV1wGliwShRFfZc5AJg09nxcL0qJuV9PvxOZLlKGZB_nzWuwFnCtnNVipz7nEHjBvWFF6OoTl7POj46nbeaCUSQYRamyp0Atcmghr5maNBzDrHsdF-cF1UwerHAMmiLsGPPm-Iee7NHSfpAoTfVAHI6AMCWBNIA6bLwK_vS7u1KvGlEIBBJLANQTnKZrvInQ2JzTtpDQdL0FBFvcihXzuH5guJ0W522APMDEf6ZbkOXG8zOP1FgdlkHzm9n0WtIHQg3x3YDCCseLDkonF8_8H_EMGAFgAQ&ias_dspID=3&ias_campId=1008772806&ias_pubId=pub-8692878304946020&ias_chanId=1&ias_placementId=18132950335&bidurl=https://assistant.corover.mobi/320x50_placeholder.html&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0isyVbv0XcRFuq6mABIEi1y&adsafe_url=https%3A%2F%2Fassistant.corover.mobi&adsafe_type=y&adsafe_url=https%3A%2F%2Fassistant.corover.mobi%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:1fde47ef-3ec1-50f8-7893-172afd064847,c:7Icjbs,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-67fb65999c-lswq4,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:4,mot:0,app:0,maw:0,fm:tzm2MaB+11*.1135760-65089098%7C111%7C12%7C13,idMap:11*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:17,oid:19695fab-c9ab-11ed-9455-0209d5b8c692,v:19.8.400,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
  • https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNU6rSEkWRmZj_gZjnH8oQGvHLhltSuIESq_ZOpSkL7Gf08aUEI&d=CokBAKAmf-Dk3HasrptsU83kvTaYEWYVbckuWPoxajVg0evNFpJJ-ir8lhStEgoADqtm2Nf1rF-F2Cvo1VfS7VIdbx2frxHdtsih5UzPuLtT_Vlx1FR8H1BCuBGtCvOHffO_l_2hMDcupyES2i-W0INZw4NZEqo42InR22kcxjVhmC3b6SIz7bVXnhQSuRQAoCZ_4EXrJcKL_l0jc4uqEunYLfvwHgFjHPp4ogMahPRvT1rYSiVtSwj0zT5ZNP4E2qnFpYtUTIunh86xmtHRJydwemAZfl8S0IUkWyuPOAfQhKkpA2eeHL4S3NmW-ULVvCSVqtWXCuLGINR6tCblAQf_TTGMrmCv2-RS7D3b1RLDcbklocdEmcxWuHFsMA_ldpK_ct-bxYaVzaoKBsVvQERKSb8qMrT_yIYQsZ6K8UiqbTj1sTydaifgne8agrm9DrYOqqKchwcVQsLtN9-WNZ_-0WbpIWVfSb2g40VHP2K8IloB1F6t4RUtrg-SaUtMcoJXL_KGHMSvDDH2BiQyRMrZo2EWPldNfxZVM7R0cvzbsJz9lJuBvPRTKo0qDs3mO8aEpixHYqZi-Y69vpJvPaFH6W-09zcJTxOk5p7ANZBdTnCQP1-DB6LHupsjgweNxg-9W31UnogwwXC9hAh2nnPyfx3zisl8AD_nnhH_2NhWjx61qVNJPVloVazumvX-x7yxZOMmgPihCUhYhSzbTSMbYgthh-wXZ6v6kh8OMPJ4YoX_OkrU622nbVv9UmX-uQOU7Vx6nrWtZqt4hQWD9wkKWoaIP4nyXW24Hpb8hh6xC4tuPK10r9v8e1q5ZCk33de6UluJkT-pra7o8poutnPVUC01BrlnMK2AZIIkTZZA5wNU2K5kBWgatevYyjXFcdUqBfWyipxmv-HEs1DBqaOcZMWfm01DTssfSBklaAJZEWT7RlmiryzrcPXE3V0v75oYRIaNa0HNcHTfju_yRhBm_s11rhdmQPsp3DzOh6myi9Z2tEFlJ_S4A7lBvGkygUa7r-Fb0Hkd5WalO6aa95M7abVHkeB2gnqbhnS7NIHiKVKNhkM09HlCImG44NJY7aDY8FIKSvlinSWmwMbQmS5xu22dnUrMBK5sdRU72g8XsJD0cHYMLoulMhR3SzkOmvKi8yAqXztjvt8NRZpOfgfX99yuKVKyCch5qqrX_R_NoutqkWjTf4HKvQjezdUcu1dAOVihm9rDgWgDgT62y8RGzdLvlb0jbTkr-6s7BMQECOO9gKrWlKQpB6Mei25Caq6iWQMFrWV3c2xRkrsh30yilnDdzjZOTQNszMBp_jV6_-5j7PpcXPuYPjMhPmWOfFMk1GEqUHt-UStavRvtyOG0KLMFPGzzH0iRsxaelRnNDeZtSt5jx_YCdcOcAm-LEnh94CTXp2PTsoMP-gC3kedFncWgUKGI-WzbAGxTNTa5w21KlHuGzCPDXF5jDjQqbS8Sb_cmL9-4wfKQ_UZ5ToAGOnPrgNZu1co2ty2MY_ATnCsmngmhREYhYl5VjJuWeLiQYvcN7mp5mDO4JY0t_gKc1Wk2BJyvUIW-aQCiZ6OTMcmmhRl3kZU3mBY8Hg8bE6ttLw1reQ-LPrzAdZnfbfNYcFAG9wioQEIK93Fyyd_77fGO4Z31Q9cC6sp4jUSHE6jdOU0-gtrFgfOx9CMTnCXM6FREThWu54QgT4NXRMKBMRUQFwEFJtBPA_WSH_6euBco4ygFSawH13WEEDfVDzoHJB1sZCD9XI0MEbZ5sPpvdDtDTxwYIOYW5XBcAZziW2QYDaqKu8qz9tuoDUj3j6pU42L8d55SKEyooI8Qb32OqH4wucnBRYY2BmUoi6J0VKdZ2DLgXbT2aoGn-H57cTY7AoDtRp_Ob-fTSJ65Kb8g_KpeP06Wu6njBixmsyH8_KaeD8W7ChHWDDe3dt75935QrbGyBe9bZ1Ygf2-4EGFh7MK6eaPaGr8QskaDk-k_yyJ17bFb1j0zS2lrUamiKSSklI44J-QfxZ2NNJxLkFxGcVEASdPyrlWYIVEeF0QVO-G29UB0jR7TkCdI4XzJe8qCxBmATJSLeDjHRew_5ZHEGG9KpbscXFIxFCaNfCF0cQA3ggDMCxcgZblqdGfe43CsyT47UeoHkGGruXHBKTELlg-A1P-XG9aZ0NmYGHU6jF110BDiEW3pQr4YUTCAOqDBK2Run9ZomQaYw8MNX10AmkATPRKOLyNDpAkYbrl0_pGTV46_ZZ_pWC4G1qTqUtoS45IymxL_UlE8DJeD1xbhxLmCbt0TsS6qfncd3lEv_T5mmQgk0tTB8CgrTE7S2gw3aLcfjDGZip5yP_ZLoS_WikVZBKYX_fdzsB2rRB8e92T80BwLcQ48aLk35aHaa73yRaUE1sokmBU3ATXlRcHjIjaCqA5Bh6JFWrM8To9RY5MOeiPkUGKosqwR8uIbaLD2vBN5Bwn3lhSPiEkWrSa0_teY5z0-qrjkBLGcePgTGsVMxgMDAocVeNxNKofmPv8SCiD_cv40NnkIoF5C09fIb5vwxGudMIycB3ZbEINpRjgxJJgC8pGu5U-_jOGxu7TVHPIwgqFrzp-0qhIk05fR8BAz3zELuXHdY-2rdHorvRZeTwbs9TiFpuWrZNXIOHK2tMI7kIPvbGZWLQt7Z7b3KpjLlFqw3hYJeAyTl03HSVRDAH22AfbOzEhsY89bVxwAe3-dFRluK1tjmSt5xKKht02ToYEwEHjSzpwry60E_CafnlhG9alnVEktAn3gu7JQTC9rEMflXHPtTCHrDW43gZdP_0SQawCC3zm9LyjQudw72OMVvQz_UvuYAC3U89jJ0rsxLMCxAga40bLuVwXJahLJ9EE-vsw_O93Dht-FG5fEt6gswfIOOZ59-H8P4BAB__wqemSMz8SBrlSD5fZle7vaTXtQdQlFtDRQPKn3_bzNUg7Mc20x4uOlF2UJKHRGqaQck_57F3UNyldFWPNi-O-rEBHD9MtokJeUUs0Xl8Y20qdjTCscJMf9cT_9otWWGQVV2pIBcFubdk-NsvQ1ExwZZrBfdTTeE3muvo582OW-a5iIYEB3kDkKxjQYXmUOZG26Km_N2ibw9OAZB2L7ohouINyLyFCoBrMLrmcHf03tiGtTIKRibw1uCvd34YB2UXfaaqKxnqcF1adV96-uH2P9ZpKw0w4a84FHM-qTXaoGT2tiD0wk2ZJu7tks9hGa7Az4WTKLzD2VueFEJfIVxAyeI5ewo2b-vM7JILNTaV1nGLDima3R1msoPxTPhq4M6xvWVJzCocF6AY4wOkHSry0KLhN0eCerIjjHriDbZlrJsVB9gFuTGGWip5AgNxGj2dnsIBvWUPgcX_LKiNhZdWApXoXIdUZm--5Y5vlrbfTUNXKh8qm-wYcNj44w-IfnJ5dmVfXt8RV3nU2Jj1tfQxPOAYnhewgiW6C9Z6lPvpFI7WygaMG-p7nKngmf19JgZHPGZCI7pUEND9hCsYtQqowUv1qbWV1wGliwShRFfZc5AJg09nxcL0qJuV9PvxOZLlKGZB_nzWuwFnCtnNVipz7nEHjBvWFF6OoTl7POj46nbeaCUSQYRamyp0Atcmghr5maNBzDrHsdF-cF1UwerHAMmiLsGPPm-Iee7NHSfpAoTfVAHI6AMCWBNIA6bLwK_vS7u1KvGlEIBBJLANQTnKZrvInQ2JzTtpDQdL0FBFvcihXzuH5guJ0W522APMDEf6ZbkOXG8zOP1FgdlkHzm9n0WtIHQg3x3YDCCseLDkonF8_8H_EMGAFgAQ

56 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 320x50_placeholder.html
assistant.corover.mobi/
Redirect Chain
  • http://assistant.corover.mobi/320x50_placeholder.html
  • https://assistant.corover.mobi/320x50_placeholder.html
1 KB
813 B 		Document
General
Check archive.org
Download Go to
Full URL
https://assistant.corover.mobi/320x50_placeholder.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.95.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-95-35.prg50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
172d69ea24f81ead966ddd005f1868a2d0c34748229f85265e8c48e61c25f1e8

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
57141
content-encoding
br
content-type
text/html
date
Thu, 23 Mar 2023 02:54:41 GMT
etag
W/"1e581b1b942d6160c0ce433f7391981a"
last-modified
Mon, 23 Jan 2023 14:05:09 GMT
server
AmazonS3
vary
Accept-Encoding Origin
via
1.1 4b7022ec3e11edfdd972039992f837de.cloudfront.net (CloudFront)
x-amz-cf-id
HkuLFZbzbp3HtC2_T1TdiZRgR8fxtMzze3D7_8fvHWQfOxWQL4c2YA==
x-amz-cf-pop
PRG50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront

Redirect headers

Connection
keep-alive
Content-Length
167
Content-Type
text/html
Date
Thu, 23 Mar 2023 18:47:00 GMT
Location
https://assistant.corover.mobi/320x50_placeholder.html
Server
CloudFront
Vary
Origin
Via
1.1 a60a14dea4b4a9f77d34297a625f2e24.cloudfront.net (CloudFront)
X-Amz-Cf-Id
QvuVqIeHklM0nuNNcMW1MBw5xCLEqtZky3xz4ulVHrohv68zIa76bQ==
X-Amz-Cf-Pop
PRG50-C1
X-Cache
Redirect from cloudfront
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		78 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: assistant.corover.mobi
URL: https://assistant.corover.mobi/320x50_placeholder.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b757991df58afed223ab6f40f7266e6e44d8d9f800a786ff2caecc531ce42ea3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://assistant.corover.mobi/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Thu, 23 Mar 2023 18:47:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
27494
x-xss-protection
0
server
sffe
etag
"1520 / 815 of 1000 / last-modified: 1679569585"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 23 Mar 2023 18:47:01 GMT
pubads_impl_2023032001.js
securepubads.g.doubleclick.net/gpt/ 		396 KB
134 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032001.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cf2086397a5d0d6d9c67e72d0dce0c0e734c9867e3cf6c1dd529b1fd22713393
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://assistant.corover.mobi/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Thu, 23 Mar 2023 15:43:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
11006
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
136699
x-xss-protection
0
last-modified
Mon, 20 Mar 2023 08:34:51 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Fri, 22 Mar 2024 15:43:35 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		695 B
370 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=assistant.corover.mobi
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
228d6c0fb08dd07651afb21ffc09c0f8d6d76284b5086771e4a5ccd2af197a06
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://assistant.corover.mobi/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Thu, 23 Mar 2023 18:47:01 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
345
x-xss-protection
0
expires
Thu, 23 Mar 2023 18:47:01 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
531 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=assistant.corover.mobi
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032001.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://assistant.corover.mobi/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Thu, 23 Mar 2023 18:47:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
456 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=assistant.corover.mobi
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032001.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://assistant.corover.mobi/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Thu, 23 Mar 2023 18:47:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		27 KB
10 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3949158363179541&correlator=2883385433089382&eid=31072878%2C31073319&output=ldjh&gdfp_req=1&vrg=2023032001&ptt=17&impl=fif&iu_parts=21748009408%2Circtc.co.in_320x50_corover&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50&ifi=1&adks=3049664599&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1679597221504&lmt=1674482709&dlt=1679597221097&idt=370&adxs=0&adys=0&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fassistant.corover.mobi%2F320x50_placeholder.html&frm=20&vis=1&psz=1600x50&msz=1600x50&fws=0&ohw=0&ga_vid=1854413251.1679597222&ga_sid=1679597222&ga_hid=45821334&ga_fc=false
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032001.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a7a121d27e6fa99e3f358f8503224f8c32477aef9aff8f186381e9a934bbddf9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://assistant.corover.mobi/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Thu, 23 Mar 2023 18:47:01 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10096
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://assistant.corover.mobi
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		15 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023032001&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032001.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ec8c2a2f09755538c480d60a18233567adade350954db62e6ecd96873a2b3304
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://assistant.corover.mobi/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Thu, 23 Mar 2023 18:47:01 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11382
x-xss-protection
0
container.html
1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F57D 		0
0
container.html
1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame CF2F 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032001.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://assistant.corover.mobi/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 23 Mar 2023 18:47:01 GMT
expires
Fri, 22 Mar 2024 18:47:01 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023032001.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://assistant.corover.mobi/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Thu, 23 Mar 2023 18:47:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 23 Mar 2023 18:47:01 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame 4612 		624 B
826 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARi4g8nRATAB&v=APEucNVfEElR81YmKXVNRFntkegOoAgdZYj3Tma-3rQiumz9Yy1cY2kHZPPxc1P-dlqc_vTvrTB3AQLjhLdbBYkhereYG1DMXagz4G3U-LoVDk_ctxlBryfLZy9AknKqUyBKiF_Erm1HbvThyrX1S7CeW0ot2yTVKtpch9oWijFaYt8sKOdo5qA
Requested by
Host: 1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
URL: https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
222
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 23 Mar 2023 18:47:02 GMT
expires
Thu, 23 Mar 2023 18:47:02 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame CF2F 		78 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: 1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
URL: https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Thu, 23 Mar 2023 18:47:02 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
28043
x-xss-protection
0
server
cafe
etag
15270303690107644053
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Thu, 23 Mar 2023 18:47:02 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame CF2F 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C2BMcCQHnBe4YpSa4Xpql0_FfxeK1pKeV3LfobP5g8y5e85KjweFIj5GXYLOZPDfaACS3d1c_U72McTvNvJCHfkLGztD3lCZEKDZptsEleOWvInqY
Requested by
Host: 1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
URL: https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Mar 2023 18:47:02 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame CF2F 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=13799106718069708938&x=1&ct=76
Requested by
Host: 1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
URL: https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Mar 2023 18:47:02 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adj
fw.adsafeprotected.com/rjss/bgd/1135760/65089098/xbbe/creative/ Frame CF2F 		250 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fw.adsafeprotected.com/rjss/bgd/1135760/65089098/xbbe/creative/adj?p=APEucNU6rSEkWRmZj_gZjnH8oQGvHLhltSuIESq_ZOpSkL7Gf08aUEI&d=CokBAKAmf-Dk3HasrptsU83kvTaYEWYVbckuWPoxajVg0evNFpJJ-ir8lhStEgoADqtm2Nf1rF-F2Cvo1VfS7VIdbx2frxHdtsih5UzPuLtT_Vlx1FR8H1BCuBGtCvOHffO_l_2hMDcupyES2i-W0INZw4NZEqo42InR22kcxjVhmC3b6SIz7bVXnhQSuRQAoCZ_4EXrJcKL_l0jc4uqEunYLfvwHgFjHPp4ogMahPRvT1rYSiVtSwj0zT5ZNP4E2qnFpYtUTIunh86xmtHRJydwemAZfl8S0IUkWyuPOAfQhKkpA2eeHL4S3NmW-ULVvCSVqtWXCuLGINR6tCblAQf_TTGMrmCv2-RS7D3b1RLDcbklocdEmcxWuHFsMA_ldpK_ct-bxYaVzaoKBsVvQERKSb8qMrT_yIYQsZ6K8UiqbTj1sTydaifgne8agrm9DrYOqqKchwcVQsLtN9-WNZ_-0WbpIWVfSb2g40VHP2K8IloB1F6t4RUtrg-SaUtMcoJXL_KGHMSvDDH2BiQyRMrZo2EWPldNfxZVM7R0cvzbsJz9lJuBvPRTKo0qDs3mO8aEpixHYqZi-Y69vpJvPaFH6W-09zcJTxOk5p7ANZBdTnCQP1-DB6LHupsjgweNxg-9W31UnogwwXC9hAh2nnPyfx3zisl8AD_nnhH_2NhWjx61qVNJPVloVazumvX-x7yxZOMmgPihCUhYhSzbTSMbYgthh-wXZ6v6kh8OMPJ4YoX_OkrU622nbVv9UmX-uQOU7Vx6nrWtZqt4hQWD9wkKWoaIP4nyXW24Hpb8hh6xC4tuPK10r9v8e1q5ZCk33de6UluJkT-pra7o8poutnPVUC01BrlnMK2AZIIkTZZA5wNU2K5kBWgatevYyjXFcdUqBfWyipxmv-HEs1DBqaOcZMWfm01DTssfSBklaAJZEWT7RlmiryzrcPXE3V0v75oYRIaNa0HNcHTfju_yRhBm_s11rhdmQPsp3DzOh6myi9Z2tEFlJ_S4A7lBvGkygUa7r-Fb0Hkd5WalO6aa95M7abVHkeB2gnqbhnS7NIHiKVKNhkM09HlCImG44NJY7aDY8FIKSvlinSWmwMbQmS5xu22dnUrMBK5sdRU72g8XsJD0cHYMLoulMhR3SzkOmvKi8yAqXztjvt8NRZpOfgfX99yuKVKyCch5qqrX_R_NoutqkWjTf4HKvQjezdUcu1dAOVihm9rDgWgDgT62y8RGzdLvlb0jbTkr-6s7BMQECOO9gKrWlKQpB6Mei25Caq6iWQMFrWV3c2xRkrsh30yilnDdzjZOTQNszMBp_jV6_-5j7PpcXPuYPjMhPmWOfFMk1GEqUHt-UStavRvtyOG0KLMFPGzzH0iRsxaelRnNDeZtSt5jx_YCdcOcAm-LEnh94CTXp2PTsoMP-gC3kedFncWgUKGI-WzbAGxTNTa5w21KlHuGzCPDXF5jDjQqbS8Sb_cmL9-4wfKQ_UZ5ToAGOnPrgNZu1co2ty2MY_ATnCsmngmhREYhYl5VjJuWeLiQYvcN7mp5mDO4JY0t_gKc1Wk2BJyvUIW-aQCiZ6OTMcmmhRl3kZU3mBY8Hg8bE6ttLw1reQ-LPrzAdZnfbfNYcFAG9wioQEIK93Fyyd_77fGO4Z31Q9cC6sp4jUSHE6jdOU0-gtrFgfOx9CMTnCXM6FREThWu54QgT4NXRMKBMRUQFwEFJtBPA_WSH_6euBco4ygFSawH13WEEDfVDzoHJB1sZCD9XI0MEbZ5sPpvdDtDTxwYIOYW5XBcAZziW2QYDaqKu8qz9tuoDUj3j6pU42L8d55SKEyooI8Qb32OqH4wucnBRYY2BmUoi6J0VKdZ2DLgXbT2aoGn-H57cTY7AoDtRp_Ob-fTSJ65Kb8g_KpeP06Wu6njBixmsyH8_KaeD8W7ChHWDDe3dt75935QrbGyBe9bZ1Ygf2-4EGFh7MK6eaPaGr8QskaDk-k_yyJ17bFb1j0zS2lrUamiKSSklI44J-QfxZ2NNJxLkFxGcVEASdPyrlWYIVEeF0QVO-G29UB0jR7TkCdI4XzJe8qCxBmATJSLeDjHRew_5ZHEGG9KpbscXFIxFCaNfCF0cQA3ggDMCxcgZblqdGfe43CsyT47UeoHkGGruXHBKTELlg-A1P-XG9aZ0NmYGHU6jF110BDiEW3pQr4YUTCAOqDBK2Run9ZomQaYw8MNX10AmkATPRKOLyNDpAkYbrl0_pGTV46_ZZ_pWC4G1qTqUtoS45IymxL_UlE8DJeD1xbhxLmCbt0TsS6qfncd3lEv_T5mmQgk0tTB8CgrTE7S2gw3aLcfjDGZip5yP_ZLoS_WikVZBKYX_fdzsB2rRB8e92T80BwLcQ48aLk35aHaa73yRaUE1sokmBU3ATXlRcHjIjaCqA5Bh6JFWrM8To9RY5MOeiPkUGKosqwR8uIbaLD2vBN5Bwn3lhSPiEkWrSa0_teY5z0-qrjkBLGcePgTGsVMxgMDAocVeNxNKofmPv8SCiD_cv40NnkIoF5C09fIb5vwxGudMIycB3ZbEINpRjgxJJgC8pGu5U-_jOGxu7TVHPIwgqFrzp-0qhIk05fR8BAz3zELuXHdY-2rdHorvRZeTwbs9TiFpuWrZNXIOHK2tMI7kIPvbGZWLQt7Z7b3KpjLlFqw3hYJeAyTl03HSVRDAH22AfbOzEhsY89bVxwAe3-dFRluK1tjmSt5xKKht02ToYEwEHjSzpwry60E_CafnlhG9alnVEktAn3gu7JQTC9rEMflXHPtTCHrDW43gZdP_0SQawCC3zm9LyjQudw72OMVvQz_UvuYAC3U89jJ0rsxLMCxAga40bLuVwXJahLJ9EE-vsw_O93Dht-FG5fEt6gswfIOOZ59-H8P4BAB__wqemSMz8SBrlSD5fZle7vaTXtQdQlFtDRQPKn3_bzNUg7Mc20x4uOlF2UJKHRGqaQck_57F3UNyldFWPNi-O-rEBHD9MtokJeUUs0Xl8Y20qdjTCscJMf9cT_9otWWGQVV2pIBcFubdk-NsvQ1ExwZZrBfdTTeE3muvo582OW-a5iIYEB3kDkKxjQYXmUOZG26Km_N2ibw9OAZB2L7ohouINyLyFCoBrMLrmcHf03tiGtTIKRibw1uCvd34YB2UXfaaqKxnqcF1adV96-uH2P9ZpKw0w4a84FHM-qTXaoGT2tiD0wk2ZJu7tks9hGa7Az4WTKLzD2VueFEJfIVxAyeI5ewo2b-vM7JILNTaV1nGLDima3R1msoPxTPhq4M6xvWVJzCocF6AY4wOkHSry0KLhN0eCerIjjHriDbZlrJsVB9gFuTGGWip5AgNxGj2dnsIBvWUPgcX_LKiNhZdWApXoXIdUZm--5Y5vlrbfTUNXKh8qm-wYcNj44w-IfnJ5dmVfXt8RV3nU2Jj1tfQxPOAYnhewgiW6C9Z6lPvpFI7WygaMG-p7nKngmf19JgZHPGZCI7pUEND9hCsYtQqowUv1qbWV1wGliwShRFfZc5AJg09nxcL0qJuV9PvxOZLlKGZB_nzWuwFnCtnNVipz7nEHjBvWFF6OoTl7POj46nbeaCUSQYRamyp0Atcmghr5maNBzDrHsdF-cF1UwerHAMmiLsGPPm-Iee7NHSfpAoTfVAHI6AMCWBNIA6bLwK_vS7u1KvGlEIBBJLANQTnKZrvInQ2JzTtpDQdL0FBFvcihXzuH5guJ0W522APMDEf6ZbkOXG8zOP1FgdlkHzm9n0WtIHQg3x3YDCCseLDkonF8_8H_EMGAFgAQ&ias_dspID=3&ias_campId=1008772806&ias_pubId=pub-8692878304946020&ias_chanId=1&ias_placementId=18132950335&bidurl=https://assistant.corover.mobi/320x50_placeholder.html&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0isyVbv0XcRFuq6mABIEi1y
Requested by
Host: 1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
URL: https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.123.167 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-123-167.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
5886a93cfd7987cabe22f593f89161d99adaa470ba9176c4e4025e18d0e99c21

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Mar 2023 18:47:02 GMT
content-encoding
gzip
vary
accept-encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
fw.adsafeprotected.com
cache-control
no-cache
access-control-allow-credentials
true
expires
Wed, 31 Dec 1969 23:59:59 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame CF2F 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/window_focus_fy2021.js
Requested by
Host: 1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
URL: https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Thu, 23 Mar 2023 16:18:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
8922
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 06 Apr 2023 16:18:19 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame CF2F 		20 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
URL: https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Thu, 23 Mar 2023 16:18:22 GMT
content-encoding
br
x-content-type-options
nosniff
age
8919
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8627
x-xss-protection
0
server
cafe
etag
8620137988422272387
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 06 Apr 2023 16:18:22 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame CF2F 		158 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
URL: https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fe14bc8a4e294c047589838fd09a3efc81771751a0be03ea8ec99e734e965fd2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Thu, 23 Mar 2023 18:47:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49540
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1679312138029146"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 23 Mar 2023 18:47:02 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 3D90 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://assistant.corover.mobi/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
11474
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 23 Mar 2023 15:35:48 GMT
expires
Fri, 22 Mar 2024 15:35:48 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame D3C4 		783 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
d844d2da5affd7188f5128104db21d5d63f54e66fd338b05eccb0aaa00565c91
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-F7NBySASpj-rnybcs-6IkA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://assistant.corover.mobi/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-length
512
content-security-policy
script-src 'report-sample' 'nonce-F7NBySASpj-rnybcs-6IkA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 23 Mar 2023 18:47:02 GMT
expires
Thu, 23 Mar 2023 18:47:02 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
TU2PSynrXT7p2KnzXte8fEgQWf4_RAVzpVc0SCm-B08.js
pagead2.googlesyndication.com/bg/ Frame 3D90 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/TU2PSynrXT7p2KnzXte8fEgQWf4_RAVzpVc0SCm-B08.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4d4d8f4b29eb5d3ee9d8a9f35ed7bc7c481059fe3f440573a557344829be074f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Tue, 21 Mar 2023 15:30:30 GMT
content-encoding
br
x-content-type-options
nosniff
age
184592
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14279
x-xss-protection
0
last-modified
Mon, 20 Mar 2023 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 20 Mar 2024 15:30:30 GMT
rum
dsum-sec.casalemedia.com/ Frame 4612
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEB-8n0tXHPXsr-qlYgi_KLw&google_cver=1
43 B
766 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEB-8n0tXHPXsr-qlYgi_KLw&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARi4g8nRATAB&v=APEucNVfEElR81YmKXVNRFntkegOoAgdZYj3Tma-3rQiumz9Yy1cY2kHZPPxc1P-dlqc_vTvrTB3AQLjhLdbBYkhereYG1DMXagz4G3U-LoVDk_ctxlBryfLZy9AknKqUyBKiF_Erm1HbvThyrX1S7CeW0ot2yTVKtpch9oWijFaYt8sKOdo5qA
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 23 Mar 2023 18:47:02 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=499
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Thu, 23 Mar 2023 18:47:02 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEB-8n0tXHPXsr-qlYgi_KLw&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 4612
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZByepjAzNvzuI0J.Eha16AAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEB-8n0tXHPXsr-qlYgi_KLw&google_cver=1&google_hm=2
43 B
766 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEB-8n0tXHPXsr-qlYgi_KLw&google_cver=1&google_hm=2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARi4g8nRATAB&v=APEucNVfEElR81YmKXVNRFntkegOoAgdZYj3Tma-3rQiumz9Yy1cY2kHZPPxc1P-dlqc_vTvrTB3AQLjhLdbBYkhereYG1DMXagz4G3U-LoVDk_ctxlBryfLZy9AknKqUyBKiF_Erm1HbvThyrX1S7CeW0ot2yTVKtpch9oWijFaYt8sKOdo5qA
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 23 Mar 2023 18:47:02 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=497
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Thu, 23 Mar 2023 18:47:02 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEB-8n0tXHPXsr-qlYgi_KLw&google_cver=1&google_hm=2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
329
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 4612
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEFeIqozgS0Z9uAgvSlgIpk8&google_cver=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEFeIqozgS0Z9uAgvSlgIpk8&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARi4g8nRATAB&v=APEucNVfEElR81YmKXVNRFntkegOoAgdZYj3Tma-3rQiumz9Yy1cY2kHZPPxc1P-dlqc_vTvrTB3AQLjhLdbBYkhereYG1DMXagz4G3U-LoVDk_ctxlBryfLZy9AknKqUyBKiF_Erm1HbvThyrX1S7CeW0ot2yTVKtpch9oWijFaYt8sKOdo5qA
Protocol
HTTP/1.1
Server
185.89.210.212 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 23 Mar 2023 18:47:02 GMT
AN-X-Request-Uuid
4e728bda-7317-4559-9fa2-ef30ca11e1ac
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
image/gif
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
80.255.7.109; 80.255.7.109; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 23 Mar 2023 18:47:02 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEFeIqozgS0Z9uAgvSlgIpk8&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 4612
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTYwNTg4OTkwMDQ4NDgzMTQ4MA%3D%3D
170 B
243 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTYwNTg4OTkwMDQ4NDgzMTQ4MA%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARi4g8nRATAB&v=APEucNVfEElR81YmKXVNRFntkegOoAgdZYj3Tma-3rQiumz9Yy1cY2kHZPPxc1P-dlqc_vTvrTB3AQLjhLdbBYkhereYG1DMXagz4G3U-LoVDk_ctxlBryfLZy9AknKqUyBKiF_Erm1HbvThyrX1S7CeW0ot2yTVKtpch9oWijFaYt8sKOdo5qA
Protocol
H2
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Mar 2023 18:47:02 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Thu, 23 Mar 2023 18:47:02 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
80.255.7.109; 80.255.7.109; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
f27e5d34-7639-4b51-9619-9c577edf4e5a
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTYwNTg4OTkwMDQ4NDgzMTQ4MA%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame CF2F 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8179146892732&version=m202301230201
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Mar 2023 18:47:02 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame CF2F 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8179146892732&version=m202301230201&ct=76&x=1&cor=13799106718069709000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Mar 2023 18:47:02 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame CF2F 		15 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CI9qc1qWXn9LsyxZw2MTQik7RasR_f12shxuuEvgOEiv-kng7b-28nTYoWiBHiufNqtVvWdY1bL8XPbs2S_8xhRLaVlFTNn1ardDvpBXzwlgRxBZ2MbxIY0U0xq-37i8VLqQ5irdFzZpWlaMRv6lhVeXWRaOK7YbBISHlz0tqssesh9ls&cry=1&dbm_d=AKAmf-Bc5f3G6br58q4clFdedoHBRVjDlMe1P1-pmLjMgN28l161SwAUhmrlS-8Zbm6oep_K0QhM0vWp5iiCueRkQLyKLSKES8gXGgxHM551dmSgRJkMujjcL8POg3I5KyEFCvpfHZWKGOD9LzeTZt3NuGJlYvChxE5oLc7uX0amIoSZ-LJVW45iVFCpMAS3xC0auj4w1pDu_CFmyOtWDyq4guk4JkI0ukA4jyWpFozPa3Iq9QA3OIMTmAa8xNW18DyeOe_1EwdcvqZFsvwk29WLrTnXIaBwUtHIzQHqq4tZ98vIFyiDNL-P0TcYrZHtOBscXrjGv5bMr5Zi_CdE7byqjvDqRSS_ZlkXPwp2HlN2GrLr-RAHOxB_hXqEPFMLDmf-hi5E7mdWy6RVjTUxKUiN37610XOUaZI3ekky4pmB3Zi5UPM14JHEBe7lh3tu8p3VXgIr2NM00oPDKxMPeGOuZw6eRpk_BG0oB1ug77fWPwNDxdzw3oN0fT6gjASAVlxLLqCoqx26dDmcktz1UWvdUog7m_DanRh5SSJciyNKmZ9jBxFJmAZA5w-KlkpoazYWjyMExwKyUmXxdyQpaOyoWHKSOD8pV_oPdIk8OdP_ZTwEUPT-Ay03jFET6CK4CceAeP3ClE90nNGiRwjTf3lmsWmBiE2ZevCq5_LMhya-xSo2WJXabJy8s6-F8a3uBdw-yJTZCUb0RqR-3VNS00pE9PqH7tS-_BwMVHRiuCrNDqXxVXv-XelFw6-d1m80RlSrd7Hxf17v0erVlMTv5E-qP_lZIKg6XLvmsXU5Rp6959xtml-6HnrHFUBLZ4Es8f89vITKahbUNWiT1107iriWuzO06xkBOZfyVydPc4LtATcawpYSqV5PyQZmv1f2D5fYyYcjwr_BhwiC5NuRJqu3YQLl9bMBSlzIB1wwEA0ZFgkds__V-rcHbKU9TCaoIyKMziigElQ_lgvpmxyVSbEfgWI8kExJk1Jbht__v1H6z-olBF8w7s9L6hEcHtS7BJKlHjfpC0ah5QVPKRUMHa0_Cric4Gzdw9FSCJUfilKEqZ8vnukD_F7pVVs5lu_krRoZIzVhDUx-hLfU6Lv5OCJy7B8_IS5hrtXwBC9t4kazklANpp9DyMokj16ATaMdZ4A85IUlO0d7FyHuOAL6P6CvhiZdPhOc0gL8eUw5M3-8bRJBT1Al30p2GOE9U25KXnzY5Ju64NpuBqd6Z_s7C1_0y3wKVS2KbQ3HQEu6R7vUX2nyM1vOrfFFOSvLL5vrK9brLg_d0E83wmkajmgIulC05tDI9QBhqjtDY8xfubsFEszWOVcIrQvyyGTKxt7hUukXYTdhMpVMfa5UFYexWajK3acZBhVvp5gsOXmFTAd6DshHgEgcnorBQ6C-hNMlxaumBirJ9W2i2voFcy-eh5Lt9CEfxnu3vsogc5Ze9GFPb7S3pnAAdTRsbjZg4eBtR0wQh8LKoLqh360qTApf-Jkf-nyDx1lqJruhr7XdrJZ092UBjCN9YFnE3ONKPKSWTqG4A1jFLOXmaBzU3F4p7krvPx4EjIiVTeBi46JGDEIrUH_wLk0cgGXAZCoDPzCMDU8Bc-3qslOmSNVP8-qupx7V3pOOtvGmPWwz9S8cmvgYIPYiarPIwoiD5o38XEvG4CrbiuI_Q73cgrmQXAgKMjRPg0Wa7ao3nDH0yTTkWuDkvwU9cALq3dZDIU6psNeYjgYRpi-_PtcwMOJ8RTI19RxWdTcn5vNW12Shl1Z1EMSwQLfWPUJ7XDHyRfmD_lqi9tv-4PTUxRAVg_tb48wsINul_wCl6uU5k_ALxW8XZQUR0pRcABxiwQccFvCHGY2CTLY7NLP_5F2ElcrE4NBpD_5Sr4Ca36-3DG5BaumMFeQgipE7n58MN67CAq7wkYgtDeHWJxxQJOTHWhYrMNfBrYi1rMsjLY2lAsGLPfSQVcae9DoVO5JMPa95dWs-mV55YwqhBcapq_8jSlKPshsvQOTT7IN6212X87qw_ria5j7pF2s1H4CFS8rb0u0xLJjrCkyQMc83GW9hMgxnq_WAcKbShtiAgYJqzDi7KT8W3z5yVbN3u3NJytQEjchFIZ46_JM4qp6VoMXrBDTsX0wdhQnHIHvsXhAo8waCZXm_qksVDrkRqSYAGXUDLpbhh1i4QpFraIQKEmO0fdPKBY5_d65Sb86YpJQ9FqkCRE1ohK4U4FA8DktKFoTcrrIfkH0nMiglmzsRqcY7I-qVWY2y2rj04c11QaCdNJrfrGs2tETVaJkSSvbOnCa5mgCO5drqRRvn5q2-ObEG6U4dnLvaAuhG-dB8yb_5Eu3WSGqQd_KxKH0macLvbsz1ZD-jqpJ-OCyPVXBeaK_6eMqdrjoNZRPFntZNVrNNTe4Uq8uMM8GDS8H9SK1OuMnUOZUz3WMuog6I-YKu3d2tMCSDZsJMvxnKhnQ5g0SAk-WK8JobeaIMN296F6-DCS-gKwBlJ0jEQb-rVd3CF-nurcmhXukUu7mpv1t4DFG_oZtMxGtjqjnm8LWQrFTlEeE4ZHEGPEyOL7mv3Rfj-2vhxBl7drt1YGhrm4oBXp9EftBjuV-3v9YMJ0wocw3h-5lsvxrkzF2G8ZJyoz5dh6YQuyU8RZUuyImQYSH6iSmWsgSLUfnVV698vKU6yXl5NhecpiEDaxntmjHPLqiqbbGFwXr7-_0KRDmorFLp0XjS6PokN-dg8O8Pog9ghHZ-kEZYJ2pVaF6uoQ55pCcA5B1XCh0lbCE-w4_aGk0wMkxg5HGf8Kj8yIJyi3wpQdtE0gXJVKYHehwaWrW8Lz6ol3FmUjbP7E-_X-g-WnBoGlRK4fmrLELcZr3aZoQ83Q1Vni8TCQj4ELnYCwrMagVLjZ_ayxiD4tnqyfaqjTIx9ErJKLep6baY-jvPu9cfwvGUxpiZHROlYJG8dcSuF63c66o_yuEluwOgpal1fSpa8-KHElXdOsUc6gtDxigBWb7YA4-jH3rDWVvVO-dEBJFX5aRF_hERVNNN2itYEzjgy34Zv2kDwADYoUVMEGgRLxb5v5I&cid=CAQSSwDUE5yma7yJ0Nic07aQ0HS9BQRb3IoV87h-YLidFudtgDzAxH-mW5DlxvMzj9RYHZZB85vZ9FrSB0IN8d2AwgrHiw5KJxfP_B_xDBgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fassistant.corover.mobi%2F&ds=l&xdt=1&iif=1&cor=13799106718069709000&adk=3476589348&idt=212&cac=0&dtd=6
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f1803d8bcb2d30ea3f3cd6ada468c6c8eefdfef4d3d082c5d02f180220a8a726
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Mar 2023 18:47:02 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11344
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame D3C4 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2023032001&jk=3949158363179541&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers
generate_204
tpc.googlesyndication.com/ Frame 3D90 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?jyhwNQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Thu, 23 Mar 2023 18:47:02 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame CF2F 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CI9qc1qWXn9LsyxZw2MTQik7RasR_f12shxuuEvgOEiv-kng7b-28nTYoWiBHiufNqtVvWdY1bL8XPbs2S_8xhRLaVlFTNn1ardDvpBXzwlgRxBZ2MbxIY0U0xq-37i8VLqQ5irdFzZpWlaMRv6lhVeXWRaOK7YbBISHlz0tqssesh9ls&cry=1&dbm_d=AKAmf-Bc5f3G6br58q4clFdedoHBRVjDlMe1P1-pmLjMgN28l161SwAUhmrlS-8Zbm6oep_K0QhM0vWp5iiCueRkQLyKLSKES8gXGgxHM551dmSgRJkMujjcL8POg3I5KyEFCvpfHZWKGOD9LzeTZt3NuGJlYvChxE5oLc7uX0amIoSZ-LJVW45iVFCpMAS3xC0auj4w1pDu_CFmyOtWDyq4guk4JkI0ukA4jyWpFozPa3Iq9QA3OIMTmAa8xNW18DyeOe_1EwdcvqZFsvwk29WLrTnXIaBwUtHIzQHqq4tZ98vIFyiDNL-P0TcYrZHtOBscXrjGv5bMr5Zi_CdE7byqjvDqRSS_ZlkXPwp2HlN2GrLr-RAHOxB_hXqEPFMLDmf-hi5E7mdWy6RVjTUxKUiN37610XOUaZI3ekky4pmB3Zi5UPM14JHEBe7lh3tu8p3VXgIr2NM00oPDKxMPeGOuZw6eRpk_BG0oB1ug77fWPwNDxdzw3oN0fT6gjASAVlxLLqCoqx26dDmcktz1UWvdUog7m_DanRh5SSJciyNKmZ9jBxFJmAZA5w-KlkpoazYWjyMExwKyUmXxdyQpaOyoWHKSOD8pV_oPdIk8OdP_ZTwEUPT-Ay03jFET6CK4CceAeP3ClE90nNGiRwjTf3lmsWmBiE2ZevCq5_LMhya-xSo2WJXabJy8s6-F8a3uBdw-yJTZCUb0RqR-3VNS00pE9PqH7tS-_BwMVHRiuCrNDqXxVXv-XelFw6-d1m80RlSrd7Hxf17v0erVlMTv5E-qP_lZIKg6XLvmsXU5Rp6959xtml-6HnrHFUBLZ4Es8f89vITKahbUNWiT1107iriWuzO06xkBOZfyVydPc4LtATcawpYSqV5PyQZmv1f2D5fYyYcjwr_BhwiC5NuRJqu3YQLl9bMBSlzIB1wwEA0ZFgkds__V-rcHbKU9TCaoIyKMziigElQ_lgvpmxyVSbEfgWI8kExJk1Jbht__v1H6z-olBF8w7s9L6hEcHtS7BJKlHjfpC0ah5QVPKRUMHa0_Cric4Gzdw9FSCJUfilKEqZ8vnukD_F7pVVs5lu_krRoZIzVhDUx-hLfU6Lv5OCJy7B8_IS5hrtXwBC9t4kazklANpp9DyMokj16ATaMdZ4A85IUlO0d7FyHuOAL6P6CvhiZdPhOc0gL8eUw5M3-8bRJBT1Al30p2GOE9U25KXnzY5Ju64NpuBqd6Z_s7C1_0y3wKVS2KbQ3HQEu6R7vUX2nyM1vOrfFFOSvLL5vrK9brLg_d0E83wmkajmgIulC05tDI9QBhqjtDY8xfubsFEszWOVcIrQvyyGTKxt7hUukXYTdhMpVMfa5UFYexWajK3acZBhVvp5gsOXmFTAd6DshHgEgcnorBQ6C-hNMlxaumBirJ9W2i2voFcy-eh5Lt9CEfxnu3vsogc5Ze9GFPb7S3pnAAdTRsbjZg4eBtR0wQh8LKoLqh360qTApf-Jkf-nyDx1lqJruhr7XdrJZ092UBjCN9YFnE3ONKPKSWTqG4A1jFLOXmaBzU3F4p7krvPx4EjIiVTeBi46JGDEIrUH_wLk0cgGXAZCoDPzCMDU8Bc-3qslOmSNVP8-qupx7V3pOOtvGmPWwz9S8cmvgYIPYiarPIwoiD5o38XEvG4CrbiuI_Q73cgrmQXAgKMjRPg0Wa7ao3nDH0yTTkWuDkvwU9cALq3dZDIU6psNeYjgYRpi-_PtcwMOJ8RTI19RxWdTcn5vNW12Shl1Z1EMSwQLfWPUJ7XDHyRfmD_lqi9tv-4PTUxRAVg_tb48wsINul_wCl6uU5k_ALxW8XZQUR0pRcABxiwQccFvCHGY2CTLY7NLP_5F2ElcrE4NBpD_5Sr4Ca36-3DG5BaumMFeQgipE7n58MN67CAq7wkYgtDeHWJxxQJOTHWhYrMNfBrYi1rMsjLY2lAsGLPfSQVcae9DoVO5JMPa95dWs-mV55YwqhBcapq_8jSlKPshsvQOTT7IN6212X87qw_ria5j7pF2s1H4CFS8rb0u0xLJjrCkyQMc83GW9hMgxnq_WAcKbShtiAgYJqzDi7KT8W3z5yVbN3u3NJytQEjchFIZ46_JM4qp6VoMXrBDTsX0wdhQnHIHvsXhAo8waCZXm_qksVDrkRqSYAGXUDLpbhh1i4QpFraIQKEmO0fdPKBY5_d65Sb86YpJQ9FqkCRE1ohK4U4FA8DktKFoTcrrIfkH0nMiglmzsRqcY7I-qVWY2y2rj04c11QaCdNJrfrGs2tETVaJkSSvbOnCa5mgCO5drqRRvn5q2-ObEG6U4dnLvaAuhG-dB8yb_5Eu3WSGqQd_KxKH0macLvbsz1ZD-jqpJ-OCyPVXBeaK_6eMqdrjoNZRPFntZNVrNNTe4Uq8uMM8GDS8H9SK1OuMnUOZUz3WMuog6I-YKu3d2tMCSDZsJMvxnKhnQ5g0SAk-WK8JobeaIMN296F6-DCS-gKwBlJ0jEQb-rVd3CF-nurcmhXukUu7mpv1t4DFG_oZtMxGtjqjnm8LWQrFTlEeE4ZHEGPEyOL7mv3Rfj-2vhxBl7drt1YGhrm4oBXp9EftBjuV-3v9YMJ0wocw3h-5lsvxrkzF2G8ZJyoz5dh6YQuyU8RZUuyImQYSH6iSmWsgSLUfnVV698vKU6yXl5NhecpiEDaxntmjHPLqiqbbGFwXr7-_0KRDmorFLp0XjS6PokN-dg8O8Pog9ghHZ-kEZYJ2pVaF6uoQ55pCcA5B1XCh0lbCE-w4_aGk0wMkxg5HGf8Kj8yIJyi3wpQdtE0gXJVKYHehwaWrW8Lz6ol3FmUjbP7E-_X-g-WnBoGlRK4fmrLELcZr3aZoQ83Q1Vni8TCQj4ELnYCwrMagVLjZ_ayxiD4tnqyfaqjTIx9ErJKLep6baY-jvPu9cfwvGUxpiZHROlYJG8dcSuF63c66o_yuEluwOgpal1fSpa8-KHElXdOsUc6gtDxigBWb7YA4-jH3rDWVvVO-dEBJFX5aRF_hERVNNN2itYEzjgy34Zv2kDwADYoUVMEGgRLxb5v5I&cid=CAQSSwDUE5yma7yJ0Nic07aQ0HS9BQRb3IoV87h-YLidFudtgDzAxH-mW5DlxvMzj9RYHZZB85vZ9FrSB0IN8d2AwgrHiw5KJxfP_B_xDBgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fassistant.corover.mobi%2F&ds=l&xdt=1&iif=1&cor=13799106718069709000&adk=3476589348&idt=212&cac=0&dtd=6
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Wed, 22 Mar 2023 10:06:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
117662
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 21 Mar 2024 10:06:00 GMT
adj
bid.g.doubleclick.net/xbbe/creative/ Frame CF2F
Redirect Chain
  • https://fw.adsafeprotected.com/rfw/bgd/1135760/65089098/xbbe/creative/adj?p=APEucNU6rSEkWRmZj_gZjnH8oQGvHLhltSuIESq_ZOpSkL7Gf08aUEI&d=CokBAKAmf-Dk3HasrptsU83kvTaYEWYVbckuWPoxajVg0evNFpJJ-ir8lhStEgo...
  • https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNU6rSEkWRmZj_gZjnH8oQGvHLhltSuIESq_ZOpSkL7Gf08aUEI&d=CokBAKAmf-Dk3HasrptsU83kvTaYEWYVbckuWPoxajVg0evNFpJJ-ir8lhStEgoADqtm2Nf1rF-F2Cvo1VfS7VIdb...
67 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNU6rSEkWRmZj_gZjnH8oQGvHLhltSuIESq_ZOpSkL7Gf08aUEI&d=CokBAKAmf-Dk3HasrptsU83kvTaYEWYVbckuWPoxajVg0evNFpJJ-ir8lhStEgoADqtm2Nf1rF-F2Cvo1VfS7VIdbx2frxHdtsih5UzPuLtT_Vlx1FR8H1BCuBGtCvOHffO_l_2hMDcupyES2i-W0INZw4NZEqo42InR22kcxjVhmC3b6SIz7bVXnhQSuRQAoCZ_4EXrJcKL_l0jc4uqEunYLfvwHgFjHPp4ogMahPRvT1rYSiVtSwj0zT5ZNP4E2qnFpYtUTIunh86xmtHRJydwemAZfl8S0IUkWyuPOAfQhKkpA2eeHL4S3NmW-ULVvCSVqtWXCuLGINR6tCblAQf_TTGMrmCv2-RS7D3b1RLDcbklocdEmcxWuHFsMA_ldpK_ct-bxYaVzaoKBsVvQERKSb8qMrT_yIYQsZ6K8UiqbTj1sTydaifgne8agrm9DrYOqqKchwcVQsLtN9-WNZ_-0WbpIWVfSb2g40VHP2K8IloB1F6t4RUtrg-SaUtMcoJXL_KGHMSvDDH2BiQyRMrZo2EWPldNfxZVM7R0cvzbsJz9lJuBvPRTKo0qDs3mO8aEpixHYqZi-Y69vpJvPaFH6W-09zcJTxOk5p7ANZBdTnCQP1-DB6LHupsjgweNxg-9W31UnogwwXC9hAh2nnPyfx3zisl8AD_nnhH_2NhWjx61qVNJPVloVazumvX-x7yxZOMmgPihCUhYhSzbTSMbYgthh-wXZ6v6kh8OMPJ4YoX_OkrU622nbVv9UmX-uQOU7Vx6nrWtZqt4hQWD9wkKWoaIP4nyXW24Hpb8hh6xC4tuPK10r9v8e1q5ZCk33de6UluJkT-pra7o8poutnPVUC01BrlnMK2AZIIkTZZA5wNU2K5kBWgatevYyjXFcdUqBfWyipxmv-HEs1DBqaOcZMWfm01DTssfSBklaAJZEWT7RlmiryzrcPXE3V0v75oYRIaNa0HNcHTfju_yRhBm_s11rhdmQPsp3DzOh6myi9Z2tEFlJ_S4A7lBvGkygUa7r-Fb0Hkd5WalO6aa95M7abVHkeB2gnqbhnS7NIHiKVKNhkM09HlCImG44NJY7aDY8FIKSvlinSWmwMbQmS5xu22dnUrMBK5sdRU72g8XsJD0cHYMLoulMhR3SzkOmvKi8yAqXztjvt8NRZpOfgfX99yuKVKyCch5qqrX_R_NoutqkWjTf4HKvQjezdUcu1dAOVihm9rDgWgDgT62y8RGzdLvlb0jbTkr-6s7BMQECOO9gKrWlKQpB6Mei25Caq6iWQMFrWV3c2xRkrsh30yilnDdzjZOTQNszMBp_jV6_-5j7PpcXPuYPjMhPmWOfFMk1GEqUHt-UStavRvtyOG0KLMFPGzzH0iRsxaelRnNDeZtSt5jx_YCdcOcAm-LEnh94CTXp2PTsoMP-gC3kedFncWgUKGI-WzbAGxTNTa5w21KlHuGzCPDXF5jDjQqbS8Sb_cmL9-4wfKQ_UZ5ToAGOnPrgNZu1co2ty2MY_ATnCsmngmhREYhYl5VjJuWeLiQYvcN7mp5mDO4JY0t_gKc1Wk2BJyvUIW-aQCiZ6OTMcmmhRl3kZU3mBY8Hg8bE6ttLw1reQ-LPrzAdZnfbfNYcFAG9wioQEIK93Fyyd_77fGO4Z31Q9cC6sp4jUSHE6jdOU0-gtrFgfOx9CMTnCXM6FREThWu54QgT4NXRMKBMRUQFwEFJtBPA_WSH_6euBco4ygFSawH13WEEDfVDzoHJB1sZCD9XI0MEbZ5sPpvdDtDTxwYIOYW5XBcAZziW2QYDaqKu8qz9tuoDUj3j6pU42L8d55SKEyooI8Qb32OqH4wucnBRYY2BmUoi6J0VKdZ2DLgXbT2aoGn-H57cTY7AoDtRp_Ob-fTSJ65Kb8g_KpeP06Wu6njBixmsyH8_KaeD8W7ChHWDDe3dt75935QrbGyBe9bZ1Ygf2-4EGFh7MK6eaPaGr8QskaDk-k_yyJ17bFb1j0zS2lrUamiKSSklI44J-QfxZ2NNJxLkFxGcVEASdPyrlWYIVEeF0QVO-G29UB0jR7TkCdI4XzJe8qCxBmATJSLeDjHRew_5ZHEGG9KpbscXFIxFCaNfCF0cQA3ggDMCxcgZblqdGfe43CsyT47UeoHkGGruXHBKTELlg-A1P-XG9aZ0NmYGHU6jF110BDiEW3pQr4YUTCAOqDBK2Run9ZomQaYw8MNX10AmkATPRKOLyNDpAkYbrl0_pGTV46_ZZ_pWC4G1qTqUtoS45IymxL_UlE8DJeD1xbhxLmCbt0TsS6qfncd3lEv_T5mmQgk0tTB8CgrTE7S2gw3aLcfjDGZip5yP_ZLoS_WikVZBKYX_fdzsB2rRB8e92T80BwLcQ48aLk35aHaa73yRaUE1sokmBU3ATXlRcHjIjaCqA5Bh6JFWrM8To9RY5MOeiPkUGKosqwR8uIbaLD2vBN5Bwn3lhSPiEkWrSa0_teY5z0-qrjkBLGcePgTGsVMxgMDAocVeNxNKofmPv8SCiD_cv40NnkIoF5C09fIb5vwxGudMIycB3ZbEINpRjgxJJgC8pGu5U-_jOGxu7TVHPIwgqFrzp-0qhIk05fR8BAz3zELuXHdY-2rdHorvRZeTwbs9TiFpuWrZNXIOHK2tMI7kIPvbGZWLQt7Z7b3KpjLlFqw3hYJeAyTl03HSVRDAH22AfbOzEhsY89bVxwAe3-dFRluK1tjmSt5xKKht02ToYEwEHjSzpwry60E_CafnlhG9alnVEktAn3gu7JQTC9rEMflXHPtTCHrDW43gZdP_0SQawCC3zm9LyjQudw72OMVvQz_UvuYAC3U89jJ0rsxLMCxAga40bLuVwXJahLJ9EE-vsw_O93Dht-FG5fEt6gswfIOOZ59-H8P4BAB__wqemSMz8SBrlSD5fZle7vaTXtQdQlFtDRQPKn3_bzNUg7Mc20x4uOlF2UJKHRGqaQck_57F3UNyldFWPNi-O-rEBHD9MtokJeUUs0Xl8Y20qdjTCscJMf9cT_9otWWGQVV2pIBcFubdk-NsvQ1ExwZZrBfdTTeE3muvo582OW-a5iIYEB3kDkKxjQYXmUOZG26Km_N2ibw9OAZB2L7ohouINyLyFCoBrMLrmcHf03tiGtTIKRibw1uCvd34YB2UXfaaqKxnqcF1adV96-uH2P9ZpKw0w4a84FHM-qTXaoGT2tiD0wk2ZJu7tks9hGa7Az4WTKLzD2VueFEJfIVxAyeI5ewo2b-vM7JILNTaV1nGLDima3R1msoPxTPhq4M6xvWVJzCocF6AY4wOkHSry0KLhN0eCerIjjHriDbZlrJsVB9gFuTGGWip5AgNxGj2dnsIBvWUPgcX_LKiNhZdWApXoXIdUZm--5Y5vlrbfTUNXKh8qm-wYcNj44w-IfnJ5dmVfXt8RV3nU2Jj1tfQxPOAYnhewgiW6C9Z6lPvpFI7WygaMG-p7nKngmf19JgZHPGZCI7pUEND9hCsYtQqowUv1qbWV1wGliwShRFfZc5AJg09nxcL0qJuV9PvxOZLlKGZB_nzWuwFnCtnNVipz7nEHjBvWFF6OoTl7POj46nbeaCUSQYRamyp0Atcmghr5maNBzDrHsdF-cF1UwerHAMmiLsGPPm-Iee7NHSfpAoTfVAHI6AMCWBNIA6bLwK_vS7u1KvGlEIBBJLANQTnKZrvInQ2JzTtpDQdL0FBFvcihXzuH5guJ0W522APMDEf6ZbkOXG8zOP1FgdlkHzm9n0WtIHQg3x3YDCCseLDkonF8_8H_EMGAFgAQ
Requested by
Host: 1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
URL: https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Server
74.125.133.156 Nashville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
wo-in-f156.1e100.net
Software
cafe /
Resource Hash
249be47bbae9829650c078b786f41d906ae46fd357cb1de88dd59167f92de4cd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Mar 2023 18:47:02 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23724
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 23 Mar 2023 18:47:02 GMT
server
nginx
x-server-name
app03.ie.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
location
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNU6rSEkWRmZj_gZjnH8oQGvHLhltSuIESq_ZOpSkL7Gf08aUEI&d=CokBAKAmf-Dk3HasrptsU83kvTaYEWYVbckuWPoxajVg0evNFpJJ-ir8lhStEgoADqtm2Nf1rF-F2Cvo1VfS7VIdbx2frxHdtsih5UzPuLtT_Vlx1FR8H1BCuBGtCvOHffO_l_2hMDcupyES2i-W0INZw4NZEqo42InR22kcxjVhmC3b6SIz7bVXnhQSuRQAoCZ_4EXrJcKL_l0jc4uqEunYLfvwHgFjHPp4ogMahPRvT1rYSiVtSwj0zT5ZNP4E2qnFpYtUTIunh86xmtHRJydwemAZfl8S0IUkWyuPOAfQhKkpA2eeHL4S3NmW-ULVvCSVqtWXCuLGINR6tCblAQf_TTGMrmCv2-RS7D3b1RLDcbklocdEmcxWuHFsMA_ldpK_ct-bxYaVzaoKBsVvQERKSb8qMrT_yIYQsZ6K8UiqbTj1sTydaifgne8agrm9DrYOqqKchwcVQsLtN9-WNZ_-0WbpIWVfSb2g40VHP2K8IloB1F6t4RUtrg-SaUtMcoJXL_KGHMSvDDH2BiQyRMrZo2EWPldNfxZVM7R0cvzbsJz9lJuBvPRTKo0qDs3mO8aEpixHYqZi-Y69vpJvPaFH6W-09zcJTxOk5p7ANZBdTnCQP1-DB6LHupsjgweNxg-9W31UnogwwXC9hAh2nnPyfx3zisl8AD_nnhH_2NhWjx61qVNJPVloVazumvX-x7yxZOMmgPihCUhYhSzbTSMbYgthh-wXZ6v6kh8OMPJ4YoX_OkrU622nbVv9UmX-uQOU7Vx6nrWtZqt4hQWD9wkKWoaIP4nyXW24Hpb8hh6xC4tuPK10r9v8e1q5ZCk33de6UluJkT-pra7o8poutnPVUC01BrlnMK2AZIIkTZZA5wNU2K5kBWgatevYyjXFcdUqBfWyipxmv-HEs1DBqaOcZMWfm01DTssfSBklaAJZEWT7RlmiryzrcPXE3V0v75oYRIaNa0HNcHTfju_yRhBm_s11rhdmQPsp3DzOh6myi9Z2tEFlJ_S4A7lBvGkygUa7r-Fb0Hkd5WalO6aa95M7abVHkeB2gnqbhnS7NIHiKVKNhkM09HlCImG44NJY7aDY8FIKSvlinSWmwMbQmS5xu22dnUrMBK5sdRU72g8XsJD0cHYMLoulMhR3SzkOmvKi8yAqXztjvt8NRZpOfgfX99yuKVKyCch5qqrX_R_NoutqkWjTf4HKvQjezdUcu1dAOVihm9rDgWgDgT62y8RGzdLvlb0jbTkr-6s7BMQECOO9gKrWlKQpB6Mei25Caq6iWQMFrWV3c2xRkrsh30yilnDdzjZOTQNszMBp_jV6_-5j7PpcXPuYPjMhPmWOfFMk1GEqUHt-UStavRvtyOG0KLMFPGzzH0iRsxaelRnNDeZtSt5jx_YCdcOcAm-LEnh94CTXp2PTsoMP-gC3kedFncWgUKGI-WzbAGxTNTa5w21KlHuGzCPDXF5jDjQqbS8Sb_cmL9-4wfKQ_UZ5ToAGOnPrgNZu1co2ty2MY_ATnCsmngmhREYhYl5VjJuWeLiQYvcN7mp5mDO4JY0t_gKc1Wk2BJyvUIW-aQCiZ6OTMcmmhRl3kZU3mBY8Hg8bE6ttLw1reQ-LPrzAdZnfbfNYcFAG9wioQEIK93Fyyd_77fGO4Z31Q9cC6sp4jUSHE6jdOU0-gtrFgfOx9CMTnCXM6FREThWu54QgT4NXRMKBMRUQFwEFJtBPA_WSH_6euBco4ygFSawH13WEEDfVDzoHJB1sZCD9XI0MEbZ5sPpvdDtDTxwYIOYW5XBcAZziW2QYDaqKu8qz9tuoDUj3j6pU42L8d55SKEyooI8Qb32OqH4wucnBRYY2BmUoi6J0VKdZ2DLgXbT2aoGn-H57cTY7AoDtRp_Ob-fTSJ65Kb8g_KpeP06Wu6njBixmsyH8_KaeD8W7ChHWDDe3dt75935QrbGyBe9bZ1Ygf2-4EGFh7MK6eaPaGr8QskaDk-k_yyJ17bFb1j0zS2lrUamiKSSklI44J-QfxZ2NNJxLkFxGcVEASdPyrlWYIVEeF0QVO-G29UB0jR7TkCdI4XzJe8qCxBmATJSLeDjHRew_5ZHEGG9KpbscXFIxFCaNfCF0cQA3ggDMCxcgZblqdGfe43CsyT47UeoHkGGruXHBKTELlg-A1P-XG9aZ0NmYGHU6jF110BDiEW3pQr4YUTCAOqDBK2Run9ZomQaYw8MNX10AmkATPRKOLyNDpAkYbrl0_pGTV46_ZZ_pWC4G1qTqUtoS45IymxL_UlE8DJeD1xbhxLmCbt0TsS6qfncd3lEv_T5mmQgk0tTB8CgrTE7S2gw3aLcfjDGZip5yP_ZLoS_WikVZBKYX_fdzsB2rRB8e92T80BwLcQ48aLk35aHaa73yRaUE1sokmBU3ATXlRcHjIjaCqA5Bh6JFWrM8To9RY5MOeiPkUGKosqwR8uIbaLD2vBN5Bwn3lhSPiEkWrSa0_teY5z0-qrjkBLGcePgTGsVMxgMDAocVeNxNKofmPv8SCiD_cv40NnkIoF5C09fIb5vwxGudMIycB3ZbEINpRjgxJJgC8pGu5U-_jOGxu7TVHPIwgqFrzp-0qhIk05fR8BAz3zELuXHdY-2rdHorvRZeTwbs9TiFpuWrZNXIOHK2tMI7kIPvbGZWLQt7Z7b3KpjLlFqw3hYJeAyTl03HSVRDAH22AfbOzEhsY89bVxwAe3-dFRluK1tjmSt5xKKht02ToYEwEHjSzpwry60E_CafnlhG9alnVEktAn3gu7JQTC9rEMflXHPtTCHrDW43gZdP_0SQawCC3zm9LyjQudw72OMVvQz_UvuYAC3U89jJ0rsxLMCxAga40bLuVwXJahLJ9EE-vsw_O93Dht-FG5fEt6gswfIOOZ59-H8P4BAB__wqemSMz8SBrlSD5fZle7vaTXtQdQlFtDRQPKn3_bzNUg7Mc20x4uOlF2UJKHRGqaQck_57F3UNyldFWPNi-O-rEBHD9MtokJeUUs0Xl8Y20qdjTCscJMf9cT_9otWWGQVV2pIBcFubdk-NsvQ1ExwZZrBfdTTeE3muvo582OW-a5iIYEB3kDkKxjQYXmUOZG26Km_N2ibw9OAZB2L7ohouINyLyFCoBrMLrmcHf03tiGtTIKRibw1uCvd34YB2UXfaaqKxnqcF1adV96-uH2P9ZpKw0w4a84FHM-qTXaoGT2tiD0wk2ZJu7tks9hGa7Az4WTKLzD2VueFEJfIVxAyeI5ewo2b-vM7JILNTaV1nGLDima3R1msoPxTPhq4M6xvWVJzCocF6AY4wOkHSry0KLhN0eCerIjjHriDbZlrJsVB9gFuTGGWip5AgNxGj2dnsIBvWUPgcX_LKiNhZdWApXoXIdUZm--5Y5vlrbfTUNXKh8qm-wYcNj44w-IfnJ5dmVfXt8RV3nU2Jj1tfQxPOAYnhewgiW6C9Z6lPvpFI7WygaMG-p7nKngmf19JgZHPGZCI7pUEND9hCsYtQqowUv1qbWV1wGliwShRFfZc5AJg09nxcL0qJuV9PvxOZLlKGZB_nzWuwFnCtnNVipz7nEHjBvWFF6OoTl7POj46nbeaCUSQYRamyp0Atcmghr5maNBzDrHsdF-cF1UwerHAMmiLsGPPm-Iee7NHSfpAoTfVAHI6AMCWBNIA6bLwK_vS7u1KvGlEIBBJLANQTnKZrvInQ2JzTtpDQdL0FBFvcihXzuH5guJ0W522APMDEf6ZbkOXG8zOP1FgdlkHzm9n0WtIHQg3x3YDCCseLDkonF8_8H_EMGAFgAQ
cache-control
no-cache
content-length
0
sca.17.6.2.js
static.adsafeprotected.com/ Frame 7A4D 		91 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/sca.17.6.2.js
Requested by
Host: 1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
URL: https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:0:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id
go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding
gzip
via
1.1 0162e02b2d0212054988a68716227daa.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
15822646
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 20 Sep 2022 19:21:34 GMT
server
AmazonS3
etag
W/"1f3488247c90bb5de253d3d0cb3b7458"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-amz-cf-id
h3Pok9I6i8jD1r32Z4KzUg1G2BMmfk3kmOVszSYh2RVn8G3Nls-q7Q==
dt
dt.adsafeprotected.com/ Frame CF2F 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=1fde47ef-3ec1-50f8-7893-172afd064847&tv=%7Bc:7IcjbS,pingTime:-3,time:43,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:320,h:50,t:17%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:44,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B38~0%5D,as:%5B38~320.50%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tzm2MaB+11*.1135760-65089098%7C111%7C12%7C13,idMap:11*,rmeas:1,rend:0,renddet:IMG.us,siq:18%7D&br=c
Requested by
Host: 1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
URL: https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:2300:27c4:b916:bc25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Mar 2023 18:47:02 GMT
server
nginx
x-server-name
dt34.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame CF2F 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=1fde47ef-3ec1-50f8-7893-172afd064847&tv=%7Bc:7IcjbU,pingTime:-6,time:45,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:45,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B39~0%5D,as:%5B39~320.50%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tzm2MaB+11*.1135760-65089098%7C111%7C12%7C13,idMap:11*,rmeas:1,rend:0,renddet:IMG.us,siq:18%7D&tpiLookup=ao:assistant.corover.mobi*&br=c
Requested by
Host: 1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
URL: https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:2300:27c4:b916:bc25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Mar 2023 18:47:02 GMT
server
nginx
x-server-name
dt01.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame CF2F 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=1fde47ef-3ec1-50f8-7893-172afd064847&tv=%7Bc:7IcjbX,pingTime:-2,time:48,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:491,beZ:492,mfA:494,cmA:495,inA:496,inZ:499,prA:499,prZ:503,si:508,poA:509,poZ:530,cmZ:530,mfZ:530,loA:535,loZ:537,ltA:539,ltZ:539%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:320,h:50,t:17%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:48,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B42~0%5D,as:%5B42~320.50%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tzm2MaB+11*.1135760-65089098%7C111%7C12%7C13,idMap:11*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:IMG.us,siq:18,sinceFw:29,readyFired:false%7D&br=c
Requested by
Host: 1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
URL: https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:2300:27c4:b916:bc25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Mar 2023 18:47:02 GMT
server
nginx
x-server-name
dt03.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame B392 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
468940
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 18 Mar 2023 08:31:22 GMT
expires
Sun, 17 Mar 2024 08:31:22 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
TU2PSynrXT7p2KnzXte8fEgQWf4_RAVzpVc0SCm-B08.js
pagead2.googlesyndication.com/bg/ Frame B392 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/TU2PSynrXT7p2KnzXte8fEgQWf4_RAVzpVc0SCm-B08.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4d4d8f4b29eb5d3ee9d8a9f35ed7bc7c481059fe3f440573a557344829be074f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Tue, 21 Mar 2023 15:30:30 GMT
content-encoding
br
x-content-type-options
nosniff
age
184592
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14279
x-xss-protection
0
last-modified
Mon, 20 Mar 2023 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 20 Mar 2024 15:30:30 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame B392 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B3JcOpp4cZMjIDc3hgAfPzImYDAAAAAA4AeAEAg&bg=!R0SlRBDNAAbO2UOH7tk7ADkAdvg8Wgv9kBHyBLkEXBo3-MQ_w8_d9PDqQ28I3YZJW9UP8PKGiR4SQ3jw9fHXVWkw5-21MadIMIsCAAAASVIAAAACaAEHmQLyG3-wz7obTTPwHVzzjV7Yig84TxdDT04T3aE5OQJG36Elifhi6OlI0frYIfGz6nQd9W8MZOnvc2n1zBQPMMBuZE2QcROMGPihC2y8yyFTMq73cBsJTmJ1RiFAQrNG0jjeHkvvLUpQahym4wraKDrt6iqrRtQ4me0dC-C2C7g8Mc6c7hSl4hxAVEwWHw9ZKzMi2vC6jyWpR93QweFyWUQbIEwlhHX9iK-MicXCnMr_LSDNOUvbJN7r3XO0C3kInih-rytPJnqPcNzanXj4OX3MbKXSvZGqnEk45oa709Q285HxwzydfIEchy8bHE5oMgWttL7ptrpseUPRz_4uc86J3MR5TTVcdC0v8IWT0oWP6pCT_FQb_aTqjRD8LHT5Tqy5MJP1-FuNItmyNSDYKB8pD14Elw4SIrj6rQTQi9ZRa3qzLyPGqfFF3GxGCW1wKyyWuiOq1fFZk2PMK-H_5DXgCmke3Ri1wm_WyXzKOMNdevt20tmDBAv4V8kj3eAdVM6kP6vo6qhH3DAy8fNyH1uHWtxlQ2yWyQCF0wdeR0i4cWcDTz950HvjCPTCMSNbbJ8a3m-u-HbwjMQemQMM8CLI0fvM_vizuHbS4-a8W9Hm44QphN200Ix8j4M2HCL1TMrQv3z9hAP5KAlUHtd1usjVFTeVtAfJeGHpGCUYvc5mkZUDvSOAPCB3H9L-CTBZcgzVtaXDVtK5Qj6LiDCvMy1Zw1m4Y6Dpc8p3KyY6MrWYFBkJCzZkD_afkJFvMaJaFNBUoBKGuW3uKOb_vi5ztdY1lzvfRRuQPVnMJ-VYPvGYpkugZCJMgJMdgDzsHRd39esYjxCW9qBVWwQo0lMS2ijDLEfCVkh9XOplKZniycgdakhVvbrsiEcwFG0nNiWfGUQM8ZWTCPqypy6MtOlL1d9EjesPFbiXjUFtMLGDQxWRFWEK2Lg3njmjSmfM1wBajOvGnEqZ7mxpIpQ8vZitofP-IZCHvYCt5cspJPunziWYczMpOQ
Requested by
Host: 1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
URL: https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Mar 2023 18:47:02 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
express_html_inpage_rendering_lib_200_276.js
s0.2mdn.net/879366/ Frame CF2F 		106 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js
Requested by
Host: assistant.corover.mobi
URL: https://assistant.corover.mobi/320x50_placeholder.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
Origin
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Thu, 23 Mar 2023 18:05:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2511
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37872
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 23:07:26 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 24 Mar 2023 18:05:11 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20230321/r20110914/elements/html/ Frame CF2F 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20230321/r20110914/elements/html/omrhp.js
Requested by
Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bgd/1135760/65089098/xbbe/creative/adj?p=APEucNU6rSEkWRmZj_gZjnH8oQGvHLhltSuIESq_ZOpSkL7Gf08aUEI&d=CokBAKAmf-Dk3HasrptsU83kvTaYEWYVbckuWPoxajVg0evNFpJJ-ir8lhStEgoADqtm2Nf1rF-F2Cvo1VfS7VIdbx2frxHdtsih5UzPuLtT_Vlx1FR8H1BCuBGtCvOHffO_l_2hMDcupyES2i-W0INZw4NZEqo42InR22kcxjVhmC3b6SIz7bVXnhQSuRQAoCZ_4EXrJcKL_l0jc4uqEunYLfvwHgFjHPp4ogMahPRvT1rYSiVtSwj0zT5ZNP4E2qnFpYtUTIunh86xmtHRJydwemAZfl8S0IUkWyuPOAfQhKkpA2eeHL4S3NmW-ULVvCSVqtWXCuLGINR6tCblAQf_TTGMrmCv2-RS7D3b1RLDcbklocdEmcxWuHFsMA_ldpK_ct-bxYaVzaoKBsVvQERKSb8qMrT_yIYQsZ6K8UiqbTj1sTydaifgne8agrm9DrYOqqKchwcVQsLtN9-WNZ_-0WbpIWVfSb2g40VHP2K8IloB1F6t4RUtrg-SaUtMcoJXL_KGHMSvDDH2BiQyRMrZo2EWPldNfxZVM7R0cvzbsJz9lJuBvPRTKo0qDs3mO8aEpixHYqZi-Y69vpJvPaFH6W-09zcJTxOk5p7ANZBdTnCQP1-DB6LHupsjgweNxg-9W31UnogwwXC9hAh2nnPyfx3zisl8AD_nnhH_2NhWjx61qVNJPVloVazumvX-x7yxZOMmgPihCUhYhSzbTSMbYgthh-wXZ6v6kh8OMPJ4YoX_OkrU622nbVv9UmX-uQOU7Vx6nrWtZqt4hQWD9wkKWoaIP4nyXW24Hpb8hh6xC4tuPK10r9v8e1q5ZCk33de6UluJkT-pra7o8poutnPVUC01BrlnMK2AZIIkTZZA5wNU2K5kBWgatevYyjXFcdUqBfWyipxmv-HEs1DBqaOcZMWfm01DTssfSBklaAJZEWT7RlmiryzrcPXE3V0v75oYRIaNa0HNcHTfju_yRhBm_s11rhdmQPsp3DzOh6myi9Z2tEFlJ_S4A7lBvGkygUa7r-Fb0Hkd5WalO6aa95M7abVHkeB2gnqbhnS7NIHiKVKNhkM09HlCImG44NJY7aDY8FIKSvlinSWmwMbQmS5xu22dnUrMBK5sdRU72g8XsJD0cHYMLoulMhR3SzkOmvKi8yAqXztjvt8NRZpOfgfX99yuKVKyCch5qqrX_R_NoutqkWjTf4HKvQjezdUcu1dAOVihm9rDgWgDgT62y8RGzdLvlb0jbTkr-6s7BMQECOO9gKrWlKQpB6Mei25Caq6iWQMFrWV3c2xRkrsh30yilnDdzjZOTQNszMBp_jV6_-5j7PpcXPuYPjMhPmWOfFMk1GEqUHt-UStavRvtyOG0KLMFPGzzH0iRsxaelRnNDeZtSt5jx_YCdcOcAm-LEnh94CTXp2PTsoMP-gC3kedFncWgUKGI-WzbAGxTNTa5w21KlHuGzCPDXF5jDjQqbS8Sb_cmL9-4wfKQ_UZ5ToAGOnPrgNZu1co2ty2MY_ATnCsmngmhREYhYl5VjJuWeLiQYvcN7mp5mDO4JY0t_gKc1Wk2BJyvUIW-aQCiZ6OTMcmmhRl3kZU3mBY8Hg8bE6ttLw1reQ-LPrzAdZnfbfNYcFAG9wioQEIK93Fyyd_77fGO4Z31Q9cC6sp4jUSHE6jdOU0-gtrFgfOx9CMTnCXM6FREThWu54QgT4NXRMKBMRUQFwEFJtBPA_WSH_6euBco4ygFSawH13WEEDfVDzoHJB1sZCD9XI0MEbZ5sPpvdDtDTxwYIOYW5XBcAZziW2QYDaqKu8qz9tuoDUj3j6pU42L8d55SKEyooI8Qb32OqH4wucnBRYY2BmUoi6J0VKdZ2DLgXbT2aoGn-H57cTY7AoDtRp_Ob-fTSJ65Kb8g_KpeP06Wu6njBixmsyH8_KaeD8W7ChHWDDe3dt75935QrbGyBe9bZ1Ygf2-4EGFh7MK6eaPaGr8QskaDk-k_yyJ17bFb1j0zS2lrUamiKSSklI44J-QfxZ2NNJxLkFxGcVEASdPyrlWYIVEeF0QVO-G29UB0jR7TkCdI4XzJe8qCxBmATJSLeDjHRew_5ZHEGG9KpbscXFIxFCaNfCF0cQA3ggDMCxcgZblqdGfe43CsyT47UeoHkGGruXHBKTELlg-A1P-XG9aZ0NmYGHU6jF110BDiEW3pQr4YUTCAOqDBK2Run9ZomQaYw8MNX10AmkATPRKOLyNDpAkYbrl0_pGTV46_ZZ_pWC4G1qTqUtoS45IymxL_UlE8DJeD1xbhxLmCbt0TsS6qfncd3lEv_T5mmQgk0tTB8CgrTE7S2gw3aLcfjDGZip5yP_ZLoS_WikVZBKYX_fdzsB2rRB8e92T80BwLcQ48aLk35aHaa73yRaUE1sokmBU3ATXlRcHjIjaCqA5Bh6JFWrM8To9RY5MOeiPkUGKosqwR8uIbaLD2vBN5Bwn3lhSPiEkWrSa0_teY5z0-qrjkBLGcePgTGsVMxgMDAocVeNxNKofmPv8SCiD_cv40NnkIoF5C09fIb5vwxGudMIycB3ZbEINpRjgxJJgC8pGu5U-_jOGxu7TVHPIwgqFrzp-0qhIk05fR8BAz3zELuXHdY-2rdHorvRZeTwbs9TiFpuWrZNXIOHK2tMI7kIPvbGZWLQt7Z7b3KpjLlFqw3hYJeAyTl03HSVRDAH22AfbOzEhsY89bVxwAe3-dFRluK1tjmSt5xKKht02ToYEwEHjSzpwry60E_CafnlhG9alnVEktAn3gu7JQTC9rEMflXHPtTCHrDW43gZdP_0SQawCC3zm9LyjQudw72OMVvQz_UvuYAC3U89jJ0rsxLMCxAga40bLuVwXJahLJ9EE-vsw_O93Dht-FG5fEt6gswfIOOZ59-H8P4BAB__wqemSMz8SBrlSD5fZle7vaTXtQdQlFtDRQPKn3_bzNUg7Mc20x4uOlF2UJKHRGqaQck_57F3UNyldFWPNi-O-rEBHD9MtokJeUUs0Xl8Y20qdjTCscJMf9cT_9otWWGQVV2pIBcFubdk-NsvQ1ExwZZrBfdTTeE3muvo582OW-a5iIYEB3kDkKxjQYXmUOZG26Km_N2ibw9OAZB2L7ohouINyLyFCoBrMLrmcHf03tiGtTIKRibw1uCvd34YB2UXfaaqKxnqcF1adV96-uH2P9ZpKw0w4a84FHM-qTXaoGT2tiD0wk2ZJu7tks9hGa7Az4WTKLzD2VueFEJfIVxAyeI5ewo2b-vM7JILNTaV1nGLDima3R1msoPxTPhq4M6xvWVJzCocF6AY4wOkHSry0KLhN0eCerIjjHriDbZlrJsVB9gFuTGGWip5AgNxGj2dnsIBvWUPgcX_LKiNhZdWApXoXIdUZm--5Y5vlrbfTUNXKh8qm-wYcNj44w-IfnJ5dmVfXt8RV3nU2Jj1tfQxPOAYnhewgiW6C9Z6lPvpFI7WygaMG-p7nKngmf19JgZHPGZCI7pUEND9hCsYtQqowUv1qbWV1wGliwShRFfZc5AJg09nxcL0qJuV9PvxOZLlKGZB_nzWuwFnCtnNVipz7nEHjBvWFF6OoTl7POj46nbeaCUSQYRamyp0Atcmghr5maNBzDrHsdF-cF1UwerHAMmiLsGPPm-Iee7NHSfpAoTfVAHI6AMCWBNIA6bLwK_vS7u1KvGlEIBBJLANQTnKZrvInQ2JzTtpDQdL0FBFvcihXzuH5guJ0W522APMDEf6ZbkOXG8zOP1FgdlkHzm9n0WtIHQg3x3YDCCseLDkonF8_8H_EMGAFgAQ&ias_dspID=3&ias_campId=1008772806&ias_pubId=pub-8692878304946020&ias_chanId=1&ias_placementId=18132950335&bidurl=https://assistant.corover.mobi/320x50_placeholder.html&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0isyVbv0XcRFuq6mABIEi1y&adsafe_url=https%3A%2F%2Fassistant.corover.mobi&adsafe_type=y&adsafe_url=https%3A%2F%2Fassistant.corover.mobi%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:1fde47ef-3ec1-50f8-7893-172afd064847,c:7Icjbs,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-67fb65999c-lswq4,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:4,mot:0,app:0,maw:0,fm:tzm2MaB+11*.1135760-65089098%7C111%7C12%7C13,idMap:11*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:17,oid:19695fab-c9ab-11ed-9455-0209d5b8c692,v:19.8.400,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a3501a3f0a7b6bc47f9f81c7be85b3603816fe2d3026ab4b396127ed9eb8895c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Thu, 23 Mar 2023 15:16:11 GMT
content-encoding
br
x-content-type-options
nosniff
age
12651
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4115
x-xss-protection
0
server
cafe
etag
1914039858798321668
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 06 Apr 2023 15:16:11 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20230321/r20110914/ Frame CF2F 		28 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20230321/r20110914/abg_lite.js
Requested by
Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bgd/1135760/65089098/xbbe/creative/adj?p=APEucNU6rSEkWRmZj_gZjnH8oQGvHLhltSuIESq_ZOpSkL7Gf08aUEI&d=CokBAKAmf-Dk3HasrptsU83kvTaYEWYVbckuWPoxajVg0evNFpJJ-ir8lhStEgoADqtm2Nf1rF-F2Cvo1VfS7VIdbx2frxHdtsih5UzPuLtT_Vlx1FR8H1BCuBGtCvOHffO_l_2hMDcupyES2i-W0INZw4NZEqo42InR22kcxjVhmC3b6SIz7bVXnhQSuRQAoCZ_4EXrJcKL_l0jc4uqEunYLfvwHgFjHPp4ogMahPRvT1rYSiVtSwj0zT5ZNP4E2qnFpYtUTIunh86xmtHRJydwemAZfl8S0IUkWyuPOAfQhKkpA2eeHL4S3NmW-ULVvCSVqtWXCuLGINR6tCblAQf_TTGMrmCv2-RS7D3b1RLDcbklocdEmcxWuHFsMA_ldpK_ct-bxYaVzaoKBsVvQERKSb8qMrT_yIYQsZ6K8UiqbTj1sTydaifgne8agrm9DrYOqqKchwcVQsLtN9-WNZ_-0WbpIWVfSb2g40VHP2K8IloB1F6t4RUtrg-SaUtMcoJXL_KGHMSvDDH2BiQyRMrZo2EWPldNfxZVM7R0cvzbsJz9lJuBvPRTKo0qDs3mO8aEpixHYqZi-Y69vpJvPaFH6W-09zcJTxOk5p7ANZBdTnCQP1-DB6LHupsjgweNxg-9W31UnogwwXC9hAh2nnPyfx3zisl8AD_nnhH_2NhWjx61qVNJPVloVazumvX-x7yxZOMmgPihCUhYhSzbTSMbYgthh-wXZ6v6kh8OMPJ4YoX_OkrU622nbVv9UmX-uQOU7Vx6nrWtZqt4hQWD9wkKWoaIP4nyXW24Hpb8hh6xC4tuPK10r9v8e1q5ZCk33de6UluJkT-pra7o8poutnPVUC01BrlnMK2AZIIkTZZA5wNU2K5kBWgatevYyjXFcdUqBfWyipxmv-HEs1DBqaOcZMWfm01DTssfSBklaAJZEWT7RlmiryzrcPXE3V0v75oYRIaNa0HNcHTfju_yRhBm_s11rhdmQPsp3DzOh6myi9Z2tEFlJ_S4A7lBvGkygUa7r-Fb0Hkd5WalO6aa95M7abVHkeB2gnqbhnS7NIHiKVKNhkM09HlCImG44NJY7aDY8FIKSvlinSWmwMbQmS5xu22dnUrMBK5sdRU72g8XsJD0cHYMLoulMhR3SzkOmvKi8yAqXztjvt8NRZpOfgfX99yuKVKyCch5qqrX_R_NoutqkWjTf4HKvQjezdUcu1dAOVihm9rDgWgDgT62y8RGzdLvlb0jbTkr-6s7BMQECOO9gKrWlKQpB6Mei25Caq6iWQMFrWV3c2xRkrsh30yilnDdzjZOTQNszMBp_jV6_-5j7PpcXPuYPjMhPmWOfFMk1GEqUHt-UStavRvtyOG0KLMFPGzzH0iRsxaelRnNDeZtSt5jx_YCdcOcAm-LEnh94CTXp2PTsoMP-gC3kedFncWgUKGI-WzbAGxTNTa5w21KlHuGzCPDXF5jDjQqbS8Sb_cmL9-4wfKQ_UZ5ToAGOnPrgNZu1co2ty2MY_ATnCsmngmhREYhYl5VjJuWeLiQYvcN7mp5mDO4JY0t_gKc1Wk2BJyvUIW-aQCiZ6OTMcmmhRl3kZU3mBY8Hg8bE6ttLw1reQ-LPrzAdZnfbfNYcFAG9wioQEIK93Fyyd_77fGO4Z31Q9cC6sp4jUSHE6jdOU0-gtrFgfOx9CMTnCXM6FREThWu54QgT4NXRMKBMRUQFwEFJtBPA_WSH_6euBco4ygFSawH13WEEDfVDzoHJB1sZCD9XI0MEbZ5sPpvdDtDTxwYIOYW5XBcAZziW2QYDaqKu8qz9tuoDUj3j6pU42L8d55SKEyooI8Qb32OqH4wucnBRYY2BmUoi6J0VKdZ2DLgXbT2aoGn-H57cTY7AoDtRp_Ob-fTSJ65Kb8g_KpeP06Wu6njBixmsyH8_KaeD8W7ChHWDDe3dt75935QrbGyBe9bZ1Ygf2-4EGFh7MK6eaPaGr8QskaDk-k_yyJ17bFb1j0zS2lrUamiKSSklI44J-QfxZ2NNJxLkFxGcVEASdPyrlWYIVEeF0QVO-G29UB0jR7TkCdI4XzJe8qCxBmATJSLeDjHRew_5ZHEGG9KpbscXFIxFCaNfCF0cQA3ggDMCxcgZblqdGfe43CsyT47UeoHkGGruXHBKTELlg-A1P-XG9aZ0NmYGHU6jF110BDiEW3pQr4YUTCAOqDBK2Run9ZomQaYw8MNX10AmkATPRKOLyNDpAkYbrl0_pGTV46_ZZ_pWC4G1qTqUtoS45IymxL_UlE8DJeD1xbhxLmCbt0TsS6qfncd3lEv_T5mmQgk0tTB8CgrTE7S2gw3aLcfjDGZip5yP_ZLoS_WikVZBKYX_fdzsB2rRB8e92T80BwLcQ48aLk35aHaa73yRaUE1sokmBU3ATXlRcHjIjaCqA5Bh6JFWrM8To9RY5MOeiPkUGKosqwR8uIbaLD2vBN5Bwn3lhSPiEkWrSa0_teY5z0-qrjkBLGcePgTGsVMxgMDAocVeNxNKofmPv8SCiD_cv40NnkIoF5C09fIb5vwxGudMIycB3ZbEINpRjgxJJgC8pGu5U-_jOGxu7TVHPIwgqFrzp-0qhIk05fR8BAz3zELuXHdY-2rdHorvRZeTwbs9TiFpuWrZNXIOHK2tMI7kIPvbGZWLQt7Z7b3KpjLlFqw3hYJeAyTl03HSVRDAH22AfbOzEhsY89bVxwAe3-dFRluK1tjmSt5xKKht02ToYEwEHjSzpwry60E_CafnlhG9alnVEktAn3gu7JQTC9rEMflXHPtTCHrDW43gZdP_0SQawCC3zm9LyjQudw72OMVvQz_UvuYAC3U89jJ0rsxLMCxAga40bLuVwXJahLJ9EE-vsw_O93Dht-FG5fEt6gswfIOOZ59-H8P4BAB__wqemSMz8SBrlSD5fZle7vaTXtQdQlFtDRQPKn3_bzNUg7Mc20x4uOlF2UJKHRGqaQck_57F3UNyldFWPNi-O-rEBHD9MtokJeUUs0Xl8Y20qdjTCscJMf9cT_9otWWGQVV2pIBcFubdk-NsvQ1ExwZZrBfdTTeE3muvo582OW-a5iIYEB3kDkKxjQYXmUOZG26Km_N2ibw9OAZB2L7ohouINyLyFCoBrMLrmcHf03tiGtTIKRibw1uCvd34YB2UXfaaqKxnqcF1adV96-uH2P9ZpKw0w4a84FHM-qTXaoGT2tiD0wk2ZJu7tks9hGa7Az4WTKLzD2VueFEJfIVxAyeI5ewo2b-vM7JILNTaV1nGLDima3R1msoPxTPhq4M6xvWVJzCocF6AY4wOkHSry0KLhN0eCerIjjHriDbZlrJsVB9gFuTGGWip5AgNxGj2dnsIBvWUPgcX_LKiNhZdWApXoXIdUZm--5Y5vlrbfTUNXKh8qm-wYcNj44w-IfnJ5dmVfXt8RV3nU2Jj1tfQxPOAYnhewgiW6C9Z6lPvpFI7WygaMG-p7nKngmf19JgZHPGZCI7pUEND9hCsYtQqowUv1qbWV1wGliwShRFfZc5AJg09nxcL0qJuV9PvxOZLlKGZB_nzWuwFnCtnNVipz7nEHjBvWFF6OoTl7POj46nbeaCUSQYRamyp0Atcmghr5maNBzDrHsdF-cF1UwerHAMmiLsGPPm-Iee7NHSfpAoTfVAHI6AMCWBNIA6bLwK_vS7u1KvGlEIBBJLANQTnKZrvInQ2JzTtpDQdL0FBFvcihXzuH5guJ0W522APMDEf6ZbkOXG8zOP1FgdlkHzm9n0WtIHQg3x3YDCCseLDkonF8_8H_EMGAFgAQ&ias_dspID=3&ias_campId=1008772806&ias_pubId=pub-8692878304946020&ias_chanId=1&ias_placementId=18132950335&bidurl=https://assistant.corover.mobi/320x50_placeholder.html&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0isyVbv0XcRFuq6mABIEi1y&adsafe_url=https%3A%2F%2Fassistant.corover.mobi&adsafe_type=y&adsafe_url=https%3A%2F%2Fassistant.corover.mobi%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:1fde47ef-3ec1-50f8-7893-172afd064847,c:7Icjbs,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-67fb65999c-lswq4,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:4,mot:0,app:0,maw:0,fm:tzm2MaB+11*.1135760-65089098%7C111%7C12%7C13,idMap:11*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:17,oid:19695fab-c9ab-11ed-9455-0209d5b8c692,v:19.8.400,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
11f1414c6342d8a5a5124286921298b09b1e776f0aae7bbc4c83b96685166019
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Thu, 23 Mar 2023 15:16:22 GMT
content-encoding
br
x-content-type-options
nosniff
age
12640
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10980
x-xss-protection
0
server
cafe
etag
17255800071175307161
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 06 Apr 2023 15:16:22 GMT
truncated
/ Frame CF2F 		217 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e621dac732efd3f50fdeedce3e88f321581a78f80e9c6a747ff4448399782a89

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type
image/png
dt
dt.adsafeprotected.com/ Frame CF2F 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=1fde47ef-3ec1-50f8-7893-172afd064847&tv=%7Bc:7Icjjb,pingTime:-10,time:496,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTExLjAuNTU2My4xMTAgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1679597222769%7C%7C3449452017b8c6da397918c68c6a5c96%7C%7Cddbcd9d17a9a064530ac6d0fa988f97e%7C%7C3919c9d114f6b5246246917dd7a8f348%7C%7C0c043e3868996b2442f9199764f9b01d%7C%7Cce4896d7385520d1db4c7f263da8a926%7C%7C36c04d4237eb086b34a7c17b031334d1%7C%7C99aa8d5bb8093c484b46eef2c1952e7b%7C%7C1663701684%7D
Requested by
Host: 1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
URL: https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:2300:27c4:b916:bc25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Mar 2023 18:47:02 GMT
server
nginx
x-server-name
dt04.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2023032001&jk=3949158363179541&bg=!gYKlgtbNAAbO2UOH7tk7ADkAdvg8WsZS-K1RD3Ij9BEw-yvj0xZ54qRZFsoC4uymxUrlwEUJynLd9FMpNsEE8ptjnyJI2ieMVHYCAAAAbFIAAAADaAEHmQK57TeUzsc57hJ1X3wTFGMfuaY6g1OoluAXgQujuchVZhGDbPKXDlCzHUfClGNXl_Vp363Dk3F7fh9GLpOCsSmdGi7CIoEJY-Rkt1pAnbgWG5PXuT92CTCYaH1FV8mR4SnxVCMH4gemWPZsM8H5fthQkwolVwqtwjhoEmJYk9MhRZwG5acCsxsGVGxiDfhfiL3C3_9NtO9XQiv0t1ATVSFRy7qlJAc32Vpyk8XTxVO2GS7AbhP_-VgJ9GhHb7GIP-6eUKziEe24MyMXUGVK8SwNHtw4tAd2nYbYFy-fLdv8mVWaDye7tD9ANvf0sXA0MRfhEPQwOSpJDjejSIrd6g6hBnpa_ugcacM3taiCY8N0oef0SdZVilNxp1VXUZJLNkulWnVBrpkTT2PxrMPDNR5gbPJLI4A7zT2aBfxZ2kg5fRzO31ZZKNakVtOuJywXkK7-e7SAtBYQ9vSZCDWoD1icm6UmlL0WfqMskVRFQE7gNAm1C8ZCIB32mnsLiaLN2h8tgkDOUHgVRbolLfhmNMfh7fgXpECQiHWPAJmYuPMZ83K3W7YMm0KYKFXNfKBsy_fWlhwFIjch526wXV136JQ3dy8auoUM4HwJgGAvaj3Kcw3knzTTomBOX3Nl923J3HYmjlwv3lE3XMDU-Sg-hfOb6G9mij9DsjnPeeyvNjF2gS_pfKnKvATkYD9rfeHVNaVww8AzJoRpWi07oTJ0XqatqtYc_ZYtflyj2QWLE426DrEbVXQWIhKpSTdklt59iMcNMm2q8ifY0ut9wM4c8n1X84O1cs-DyGBlz-3gbHyIRLEmZFeza7UbRIgh7cw-sgxmOCp1ZORJUxOz9wR5DwhEMceVp-UU_RcvwXhQcMkCVT9NN3hSRrbsdhLWqe1nHHJKlhKwY5nKj3YLcgoNQeOrJ6rxJGJMHN_2fQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://assistant.corover.mobi/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers
index.html
s0.2mdn.net/sadbundle/1360297226579505005/DE-DEU_XA-10_0_320x50_BAN-A_HTML5_BOFU-no-Security-XDRSubHubBanners-Security-ALL_0_105/ Frame 5238 		161 KB
92 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/1360297226579505005/DE-DEU_XA-10_0_320x50_BAN-A_HTML5_BOFU-no-Security-XDRSubHubBanners-Security-ALL_0_105/index.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1dfb701721004adefcd724cd2f6b3b09eee6468478f7d4ff38f827ed0a20e6f3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
306594
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
93932
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Mon, 20 Mar 2023 05:37:08 GMT
expires
Tue, 19 Mar 2024 05:37:08 GMT
last-modified
Wed, 08 Feb 2023 08:51:24 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame CF2F 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst2aLambVCYiZkaF6PyMK5PBw-F4cV6VLKtltYxfSopBWQe3QOULmriCOznI8YkIfmMiFWyMU3QQKOqBH6ZAexrJCnoP9TnMx_zsZFOe9_0CfRI_L0_q5NsYjSJ2hUtZ00FNYRv1aoHNitBOUmJnNDqDs5s_CQ6OJzEQgi-2uUrhTgZM5kO_P_ZKFVouiNnmA8b-tdl25b9itsC8vg2h7LityE&sai=AMfl-YQqWuvpOEf7R-qXgWNxC0fsauT2xL1UrkST9a6dSd4em1XOqgsImCLjiR2xRzyackMK_H8iBFue_3SlIzgwxSEOeV7ZIz1sLUD3rx4lgGjrdebyzDEGtog2aqJwEVLYd9MhmLHmDHczkA5xyW_yRr10Jw&sig=Cg0ArKJSzAGzTxr5L-g0EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=198&cbvp=1&cstd=195&cisv=r20230321.93498&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=
Requested by
Host: assistant.corover.mobi
URL: https://assistant.corover.mobi/320x50_placeholder.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Thu, 23 Mar 2023 18:47:02 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 23 Mar 2023 18:47:02 GMT
dt
dt.adsafeprotected.com/ Frame CF2F 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=1fde47ef-3ec1-50f8-7893-172afd064847&tv=%7Bc:7Icjk7,time:554,type:e,im:%7Bpci:%7Btdr:512%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:554,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B548~0%5D,as:%5B548~320.50%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:391,fm:tzm2MaB+11*.1135760-65089098%7C111%7C12%7C13,idMap:11*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:18,sis:326%7D&br=c
Requested by
Host: 1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
URL: https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:2300:27c4:b916:bc25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Mar 2023 18:47:02 GMT
server
nginx
x-server-name
dt18.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
Cisco_Logo_no_TM_White-RGB.svg.js
s0.2mdn.net/sadbundle/1360297226579505005/DE-DEU_XA-10_0_320x50_BAN-A_HTML5_BOFU-no-Security-XDRSubHubBanners-Security-ALL_0_105/ Frame 5238 		2 KB
932 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/1360297226579505005/DE-DEU_XA-10_0_320x50_BAN-A_HTML5_BOFU-no-Security-XDRSubHubBanners-Security-ALL_0_105/Cisco_Logo_no_TM_White-RGB.svg.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1360297226579505005/DE-DEU_XA-10_0_320x50_BAN-A_HTML5_BOFU-no-Security-XDRSubHubBanners-Security-ALL_0_105/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2e6d975777a7fb65cd5ad3cf67b2ce537c0da4966c0917bb8fb6ba8c290d731c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/1360297226579505005/DE-DEU_XA-10_0_320x50_BAN-A_HTML5_BOFU-no-Security-XDRSubHubBanners-Security-ALL_0_105/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Mon, 20 Mar 2023 05:37:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
306595
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
903
x-xss-protection
0
last-modified
Wed, 08 Feb 2023 08:51:24 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 19 Mar 2024 05:37:08 GMT
truncated
/ Frame 5238 		73 KB
73 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
24366c51064fc57cb419cc93db561f43bf3461affb1d04deb4d552a7e2ba4956

Request headers

Referer
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type
application/font-woff;charset=utf-8
view
googleads4.g.doubleclick.net/pcs/ Frame CF2F 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst2aLambVCYiZkaF6PyMK5PBw-F4cV6VLKtltYxfSopBWQe3QOULmriCOznI8YkIfmMiFWyMU3QQKOqBH6ZAexrJCnoP9TnMx_zsZFOe9_0CfRI_L0_q5NsYjSJ2hUtZ00FNYRv1aoHNitBOUmJnNDqDs5s_CQ6OJzEQgi-2uUrhTgZM5kO_P_ZKFVouiNnmA8b-tdl25b9itsC8vg2h7LityE&sai=AMfl-YQqWuvpOEf7R-qXgWNxC0fsauT2xL1UrkST9a6dSd4em1XOqgsImCLjiR2xRzyackMK_H8iBFue_3SlIzgwxSEOeV7ZIz1sLUD3rx4lgGjrdebyzDEGtog2aqJwEVLYd9MhmLHmDHczkA5xyW_yRr10Jw&sig=Cg0ArKJSzAGzTxr5L-g0EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=444&vt=11&dtpt=246&dett=3&cstd=195&cisv=r20230321.93498&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=
Requested by
Host: assistant.corover.mobi
URL: https://assistant.corover.mobi/320x50_placeholder.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Thu, 23 Mar 2023 18:47:03 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 23 Mar 2023 18:47:03 GMT
XDR-GettyImages-1080277602-1.png
s0.2mdn.net/sadbundle/1360297226579505005/DE-DEU_XA-10_0_320x50_BAN-A_HTML5_BOFU-no-Security-XDRSubHubBanners-Security-ALL_0_105/ Frame 5238 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/1360297226579505005/DE-DEU_XA-10_0_320x50_BAN-A_HTML5_BOFU-no-Security-XDRSubHubBanners-Security-ALL_0_105/XDR-GettyImages-1080277602-1.png?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7cadc3755e9627babe52d2631c11d6ff617b973a383d68b8334d5a8ba4df6d93
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/1360297226579505005/DE-DEU_XA-10_0_320x50_BAN-A_HTML5_BOFU-no-Security-XDRSubHubBanners-Security-ALL_0_105/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Mon, 20 Mar 2023 05:37:08 GMT
x-content-type-options
nosniff
age
306595
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12584
x-xss-protection
0
last-modified
Wed, 08 Feb 2023 08:51:24 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 19 Mar 2024 05:37:08 GMT
XDR-GettyImages-1080277602-1.png
s0.2mdn.net/sadbundle/1360297226579505005/DE-DEU_XA-10_0_320x50_BAN-A_HTML5_BOFU-no-Security-XDRSubHubBanners-Security-ALL_0_105/ Frame 5238 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/1360297226579505005/DE-DEU_XA-10_0_320x50_BAN-A_HTML5_BOFU-no-Security-XDRSubHubBanners-Security-ALL_0_105/XDR-GettyImages-1080277602-1.png?
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1360297226579505005/DE-DEU_XA-10_0_320x50_BAN-A_HTML5_BOFU-no-Security-XDRSubHubBanners-Security-ALL_0_105/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7cadc3755e9627babe52d2631c11d6ff617b973a383d68b8334d5a8ba4df6d93
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/1360297226579505005/DE-DEU_XA-10_0_320x50_BAN-A_HTML5_BOFU-no-Security-XDRSubHubBanners-Security-ALL_0_105/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Mon, 20 Mar 2023 05:37:08 GMT
x-content-type-options
nosniff
age
306595
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12584
x-xss-protection
0
last-modified
Wed, 08 Feb 2023 08:51:24 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 19 Mar 2024 05:37:08 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame CF2F 		42 B
174 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstGrEiDCBdR5M0P7bzq3Y6jqnrtT6c1Ydz7rWI0HDXLVBNf59FB5pMoIsYovexWQzDcToLT7FFACnjQ3PA1GPBfdA1DOcIhPZpvRpYTntpRp0YlDvNfsgDhtvXwFOL8fIvH04-jVQ&sai=AMfl-YRtU2el9hZht2KBR-LZvfvtNVDf8Tvuol5xZolpOme2OGFzf2Fv8kKnucne3QYcjO2GWXmkHUBujyyY8BKtyhUHgTZCdaOvhl0eji5nqgv25eFmap4G-5-5rMqmkJ3qRJQwS-AmrEBTQ-Cm&sig=Cg0ArKJSzLx4Rt1GMYWeEAE&cid=CAQSSwDUE5yma7yJ0Nic07aQ0HS9BQRb3IoV87h-YLidFudtgDzAxH-mW5DlxvMzj9RYHZZB85vZ9FrSB0IN8d2AwgrHiw5KJxfP_B_xDBgB&id=lidar2&mcvt=1000&p=0,0,50,320&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230320&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3049664599&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1679597221782&rpt=888&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Mar 2023 18:47:03 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame CF2F 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8179146892732&version=m202301230201&ct=76&x=1&cor=13799106718069709000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Mar 2023 18:47:04 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dt
dt.adsafeprotected.com/ Frame CF2F 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=1fde47ef-3ec1-50f8-7893-172afd064847&tv=%7Bc:7IcjPF,pingTime:1,time:2510,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:320,h:50,t:17%7D,%7Bpiv:100,vs:i,r:,t:1509%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1001,o:1509,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1503~0,0~100%5D,as:%5B1503~320.50%5D%7D%7D,%7Bsl:i,t:1509,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~320.50%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:123,fm:tzm2MaB+11*.1135760-65089098%7C111%7C12%7C13,idMap:11*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:18,sis:326%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:2300:27c4:b916:bc25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Mar 2023 18:47:04 GMT
server
nginx
x-server-name
dt01.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame CF2F 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=1fde47ef-3ec1-50f8-7893-172afd064847&tv=%7Bc:7IcjPF,pingTime:1,time:2510,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:320,h:50,t:17%7D,%7Bpiv:100,vs:i,r:,t:1509%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1001,o:1509,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1503~0,0~100%5D,as:%5B1503~320.50%5D%7D%7D,%7Bsl:i,t:1509,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:i,cc:NaN.NaN.320.50,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~320.50%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:123,fm:tzm2MaB+11*.1135760-65089098%7C111%7C12%7C13,idMap:11*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:18,sis:326%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:2300:27c4:b916:bc25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Mar 2023 18:47:04 GMT
server
nginx
x-server-name
dt03.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
URL
https://1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 boolean| credentialless object| googletag object| ggeac object| google_tag_data object| google_js_reporting_queue undefined| google_measure_js_timing object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id object| gaGlobal object| GoogleGcLKhOms object| google_image_requests

8 Cookies

Domain/Path Name / Value
.corover.mobi/ Name: __gads
Value: ID=6a33e520ebd5e17f:T=1679597221:S=ALNI_MZKsGVeINkV_nA4JgnJ3AC2AXvZyg
.corover.mobi/ Name: __gpi
Value: UID=00000bf224c25483:T=1679597221:RT=1679597221:S=ALNI_MZZTSgAz4kJcMedryIdJKWDXxLjqw
.doubleclick.net/ Name: IDE
Value: AHWqTUkhfk_u293AOmk9UETNmVThWgg9BbTOB8KRbdSUV6VmlFfo0v-a6ZJcIFYH
.adnxs.com/ Name: uuid2
Value: 5605889900484831480
.casalemedia.com/ Name: CMID
Value: ZByepjAzNvzuI0J.Eha16AAA
.casalemedia.com/ Name: CMPS
Value: 3365
.casalemedia.com/ Name: CMPRO
Value: 3365
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2E?ck=>mP!]tbPl1M>e)ZlrFUfJ+tGXxoH[g8fm@M4q<Ta%m*L@K5casAA?Oyy#0X/.^(3If)y3KL9D3I?-1Cq0tg

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
adservice.google.com
adservice.google.de
assistant.corover.mobi
bid.g.doubleclick.net
cm.g.doubleclick.net
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
pagead2.googlesyndication.com
s0.2mdn.net
securepubads.g.doubleclick.net
static.adsafeprotected.com
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
1771df828928161d57e2b4554c61533b.safeframe.googlesyndication.com
142.250.186.34
142.250.186.66
185.80.39.216
185.89.210.212
2600:1f18:1aca:4280:2300:27c4:b916:bc25
2600:9000:223f:0:8:48e:53c0:93a1
2a00:1450:4001:802::2002
2a00:1450:4001:806::2004
2a00:1450:4001:806::2006
2a00:1450:4001:80b::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:811::2001
2a00:1450:4001:813::2002
2a00:1450:4001:829::2002
2a00:1450:4001:831::2001
54.76.123.167
65.9.95.35
65.9.95.37
74.125.133.156
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
11f1414c6342d8a5a5124286921298b09b1e776f0aae7bbc4c83b96685166019
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
172d69ea24f81ead966ddd005f1868a2d0c34748229f85265e8c48e61c25f1e8
1dfb701721004adefcd724cd2f6b3b09eee6468478f7d4ff38f827ed0a20e6f3
228d6c0fb08dd07651afb21ffc09c0f8d6d76284b5086771e4a5ccd2af197a06
24366c51064fc57cb419cc93db561f43bf3461affb1d04deb4d552a7e2ba4956
249be47bbae9829650c078b786f41d906ae46fd357cb1de88dd59167f92de4cd
2e6d975777a7fb65cd5ad3cf67b2ce537c0da4966c0917bb8fb6ba8c290d731c
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d4d8f4b29eb5d3ee9d8a9f35ed7bc7c481059fe3f440573a557344829be074f
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5886a93cfd7987cabe22f593f89161d99adaa470ba9176c4e4025e18d0e99c21
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
7cadc3755e9627babe52d2631c11d6ff617b973a383d68b8334d5a8ba4df6d93
83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a3501a3f0a7b6bc47f9f81c7be85b3603816fe2d3026ab4b396127ed9eb8895c
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a7a121d27e6fa99e3f358f8503224f8c32477aef9aff8f186381e9a934bbddf9
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b757991df58afed223ab6f40f7266e6e44d8d9f800a786ff2caecc531ce42ea3
cf2086397a5d0d6d9c67e72d0dce0c0e734c9867e3cf6c1dd529b1fd22713393
d844d2da5affd7188f5128104db21d5d63f54e66fd338b05eccb0aaa00565c91
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e621dac732efd3f50fdeedce3e88f321581a78f80e9c6a747ff4448399782a89
ec8c2a2f09755538c480d60a18233567adade350954db62e6ecd96873a2b3304
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1803d8bcb2d30ea3f3cd6ada468c6c8eefdfef4d3d082c5d02f180220a8a726
fe14bc8a4e294c047589838fd09a3efc81771751a0be03ea8ec99e734e965fd2