winterolympicspass.com Open in urlscan Pro
2a06:98c1:3121::3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://olympics2021info.com/
Effective URL:
https://winterolympicspass.com/
Submission Tags: phishingrod
Submission: On January 13 via api (January 13th 2024, 1:36:33 am UTC) from DE — Scanned from DE

Summary HTTP 125 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 14 IPs in 6 countries across 19 domains to perform 125 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is winterolympicspass.com.
TLS certificate: Issued by E1 on December 27th 2023. Valid for: 3 months.

This is the only time winterolympicspass.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3036::6815:6f2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
5 21	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
35	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
4 7	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
10	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
2 4	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
2 14	216.58.206.34 216.58.206.34	15169 (GOOGLE) (GOOGLE)
1 1	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
1 1	34.91.62.186 34.91.62.186	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
2	34.96.105.8 34.96.105.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
2 2	37.157.5.133 37.157.5.133	198622 (ADFORM) (ADFORM)
1 1	85.114.159.118 85.114.159.118	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 2	213.155.156.180 213.155.156.180	1299 (TWELVE99 ...) (TWELVE99 Arelion)
1 1	51.89.9.253 51.89.9.253	16276 (OVH) (OVH)
125	14

1 2606:4700:3036::6815:6f2 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

olympics2021info.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

winterolympicspass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany) 5 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany) 4 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 216.58.212.162 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:678:cb4:bbbb::11 (United Kingdom) 2 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 216.58.206.34 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: lcfraa-aa-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.91.62.186 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.62.91.34.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.193.173 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.96.105.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.0.66 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.5.133 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.118 (Loerrach, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.180 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.9.253 (London, United Kingdom) 1 redirects

ASN16276 (OVH, FR)
PTR: ip253.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
53	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 110 tpc.googlesyndication.com — Cisco Umbrella Rank: 157	713 KB
35	doubleclick.net 7 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 cm.g.doubleclick.net — Cisco Umbrella Rank: 260	241 KB
10	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 145
10	gstatic.com www.gstatic.com fonts.gstatic.com	121 KB
7	google.com 4 redirects www.google.com — Cisco Umbrella Rank: 2	901 B
7	winterolympicspass.com winterolympicspass.com	291 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 230	389 KB
4	turn.com 2 redirects ad.turn.com — Cisco Umbrella Rank: 843 r.turn.com — Cisco Umbrella Rank: 4167	2 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28	4 KB
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 5298	655 B
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 583	1 KB
2	travelaudience.com 2 redirects ads.travelaudience.com — Cisco Umbrella Rank: 5893	937 B
2	blismedia.com tr.blismedia.com — Cisco Umbrella Rank: 1872	293 B
2	ctnsnet.com 2 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 53518	1013 B
1	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 707	389 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1552	588 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 856	710 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 716	545 B
1	olympics2021info.com 1 redirects olympics2021info.com	549 B
125	19

	Domain	Requested by
35	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
21	googleads.g.doubleclick.net	5 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net
18	pagead2.googlesyndication.com	winterolympicspass.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
14	cm.g.doubleclick.net	2 redirects winterolympicspass.com googleads.g.doubleclick.net
10	www.googleadservices.com	winterolympicspass.com
7	www.google.com	4 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
7	www.gstatic.com	googleads.g.doubleclick.net
7	winterolympicspass.com	winterolympicspass.com
6	www.googletagservices.com	googleads.g.doubleclick.net
4	fonts.googleapis.com	googleads.g.doubleclick.net
3	fonts.gstatic.com	fonts.googleapis.com
2	d5p.de17a.com	2 redirects
2	c1.adform.net	2 redirects
2	ads.travelaudience.com	2 redirects
2	tr.blismedia.com	googleads.g.doubleclick.net
2	gcm.ctnsnet.com	2 redirects
2	r.turn.com	winterolympicspass.com
2	ad.turn.com	2 redirects
1	onetag-sys.com	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	um.simpli.fi	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	olympics2021info.com	1 redirects
125	23

This site contains links to these domains. Also see Links.

Domain
worldcuppass.com
paulvsfury.com
www.oscarstime.com
www.sportspromedia.com
www.fubo.tv
themeisle.com
wordpress.org

Subject Issuer	Validity	Valid
winterolympicspass.com E1	`2023-12-27` - `2024-03-26`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
tr.blismedia.com GTS CA 1D4	`2023-12-02` - `2024-03-01`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh

This page contains 24 frames:

Primary Page: https://winterolympicspass.com/
Frame ID: 9271753F51A532CE03E3ACC06A390FD2
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20190131/zrt_lookup_fy2021.html
Frame ID: 6F794EF2F2EE060E3C5582AD9D180BF6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&adk=3105533540&adf=2621220088&lmt=1705109788&plat=3%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=404x945_r&format=0x0&url=https%3A%2F%2Fwinterolympicspass.com%2F&pra=5&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788168&bpp=16&bdt=222&idt=172&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6241049561395&frm=20&pv=2&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=183
Frame ID: 7F6B61EC600E856FC125858499F48E20
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=1483442758&adf=2713021026&pi=t.aa~a.356315161~rp.1&w=1120&fwrn=4&fwrnh=100&lmt=1705109788&rafmt=1&to=qs&pwprc=7073931503&format=1120x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788184&bpp=2&bdt=238&idt=169&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=454&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=171
Frame ID: 62B5D3026B4A0AAF7B9BF7E7A9D94933
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=3709933562&adf=1687536192&pi=t.aa~a.3914302165~i.17~rp.4&w=789&fwrn=4&fwrnh=100&lmt=1705109788&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7073931503&ad_type=text_image&format=789x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rh=198&rw=789&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788831&bpp=1&bdt=885&idt=-M&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1120x280&nras=3&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=406&ady=1543&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=8
Frame ID: 4C61738FAD89C7C64A1F670105F8F1AE
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=3709933562&adf=2933007315&pi=t.aa~a.3914302165~i.25~rp.4&w=789&fwrn=4&fwrnh=100&lmt=1705109788&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7073931503&ad_type=text_image&format=789x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rh=198&rw=789&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788831&bpp=1&bdt=885&idt=0&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1120x280%2C789x280&nras=4&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=406&ady=2215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=15
Frame ID: 236A3C541B392FF51C14654413CA1DF4
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: E10D4EF92D4BB253036D9F336CD88AF1
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 3FFC940FEFAEA254EC5B85B33A3B0EA8
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 10E04DFAF7BB947689399927B090809A
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: A85521DB696B3399790B4FAA5AF3709C
Requests: 2 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Poppins%3A400%2C600
Frame ID: F740B9B514755A0D70417D489C92DEC6
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 3C5A00A7699DC35531CCE63321D96338
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Fq6oDGdSocwEj5ustB2bn5Kla54CG7w9cuWyRfTyGJI.js
Frame ID: 0E6AFF270A2DC020F8DAC62C12AC9714
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Fq6oDGdSocwEj5ustB2bn5Kla54CG7w9cuWyRfTyGJI.js
Frame ID: 68B0C806CDCF6A45A5B4623A6C8E0365
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Fq6oDGdSocwEj5ustB2bn5Kla54CG7w9cuWyRfTyGJI.js
Frame ID: 6B01AF7DD22219842B45DE0F5C4B2DE8
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Fq6oDGdSocwEj5ustB2bn5Kla54CG7w9cuWyRfTyGJI.js
Frame ID: CB2CB46DD79A1D09CC1B3253ECE3C8B6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: B262356ABB71F74CA1B48F0569556205
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: A324772797F083BA894E1790242728F6
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 63DE5E5A08155161A0F8D76FBC4A8E2F
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: AE8FD8C6E3C4B8D8553CCE42D17214CF
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Fq6oDGdSocwEj5ustB2bn5Kla54CG7w9cuWyRfTyGJI.js
Frame ID: 7EC491675B24944392A173E4214AF0EA
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Fq6oDGdSocwEj5ustB2bn5Kla54CG7w9cuWyRfTyGJI.js
Frame ID: EE523C87A538DE66B531FDEE5F483FB4
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 0B6AA3B2848E21DF9B8A651F43847DA3
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 50991D64F8BEA54725AB851DAB68A18E
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Winter Olympics 2022: Live Stream, Schedule, TV Channel, Watch Online

Page URL History Show full URLs

https://olympics2021info.com/ HTTP 301
https://winterolympicspass.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Page Statistics

125
Requests

86 %
HTTPS

50 %
IPv6

19
Domains

23
Subdomains

14
IPs

6
Countries

1759 kB
Transfer

4509 kB
Size

18
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://worldcuppass.com/schedule/
Title: FIFA world cup fixtures 2023

Search URL Search Domain Scan URL

URL: https://paulvsfury.com/
Title: Paul vs Fury time

Search URL Search Domain Scan URL

URL: https://www.oscarstime.com/
Title: Oscars live stream free

Search URL Search Domain Scan URL

URL: https://www.sportspromedia.com/news/nbc-usa-networks-sports-coverage-2022-premier-league-nascar-winter-olympics/
Title: NBC

Search URL Search Domain Scan URL

URL: https://www.fubo.tv/lp/cordcutter/?irad=565996&irmp=413786
Title: 7-Day Free Trial service

Search URL Search Domain Scan URL

URL: https://themeisle.com/themes/neve/
Title: Neve

Search URL Search Domain Scan URL

URL: http://wordpress.org/
Title: WordPress

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://olympics2021info.com/ HTTP 301
https://winterolympicspass.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 58

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 61

https://googleads.g.doubleclick.net/pagead/adview?ai=CGdvpHOmhZYDbFuWajuwP56KFiAmyvJ-Ude7j6r3rEYKizPeRDhABIMfDsyNglfqOgqAHoAHBstPbA8gBCakCPQcSUFRjsj6oAwHIA8sEqgSPAk_QBNwWqVZnOHPG8-rnjnBIZeRfDt61gvPtnJ4uNJ5PN0rfZ2-iehJLXclFzi4aQ4GeS0PTkmGsGcx96WuH5RFkwUHUAIQAEt2nUqJU4yIu_xotZ3xWdV-8KWDJiCdYFob_3VRzrsHxrIRlCW57m32z8XcdV-C0vZTpKw3HVdSUTqYdN0gbDb4iaSMQ-Sc3lpr_yp0hBkBUpwZIOBEGtWX1-ZS4MipMWvQ3DYxbmh3XiVDLaEUfiR8Px9UknLiK4tYeq3rTwTaX3JYJL5owN5aPhu31veNqIM_Ozm-EvG7ls8Oek56mFC0Rig1EuJPkcc67CVXX3zIG1s-qDnIhnb_LExEa1fZjHbrZ6_eh2PXABKK52MnqAogFiLW7iCaSBQQIBBgBkgUECAUYBKAGLoAHgdjnoAGoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBRC0woAB0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOlivvPT5nNmDA5oJG2h0dHBzOi8vd3d3LmpveW4uZGUvbGl2ZS10doAKAcgLAaIMCCoGCgSsurECuBPkA9gTDIgUAdAVAZgWAYAXAbIXHAoaCAASFHB1Yi05OTc3MzAxODAxMTU1ODM5GAA&sigh=zH9SgVDtllE&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwAvHhf_6esaaIQt758oce-N_50CSJjcaygwbJyaxGq1mboylm8MZdL3DYRp9FCix1JGR6mHd-ruUKatsqSUVTmTTde-8elSXWpiQsd0ATAYAQ&template_id=484&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2217257886789297692053%22,%22debug_reporting%22:true,%22destination%22:%22https://joyn.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22997513537%22],%2222%22:[%22true%22],%224%22:[%2201-13%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2218391256031551752385%22}&andc=true

Request Chain 63

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 68

https://googleads.g.doubleclick.net/pagead/adview?ai=C9de0HOmhZe2_FuGOjuwPhqOR0ATQy-23a7rjp7uoENvZHhABIMfDsyNglfqOgqAHoAHtqsTeAsgBAagDAcgDywSqBIwCT9CbjYAFfvjQvO3hobz1eMCWDRIQNZoXOs9iSs8QCvUvEZ9FnL2QiCscL-QWE-tmFA_fIsxqjvmG4PP-7Mmm1GkyGp5Pv3ctgHy8DFjkUDvw-bF4VcuIbec1BWD4ZRP8dL0t9jV7K2e36atWs-uiguzURxTxu9sXMEgI-PxZCyXmsa0PEfiEuJv8J8wxg9lRjZHzzVTlIKSjf5lPsoeDvskDTopLE2M-9S9dAW5NvPaqyiK4BYALEGZSSGp6bRnVs2OwMTkQN-BoAxxm8V2zmtUvWcAXQRCRVAW1rG2qBCkjqsP34wneSGGRCiJ7_vKhnVQDboeUyclc0t-uqlMOCfrxsLw3DEnyzg_ds8AEpdveu4MEiAX_zLCNQpIFBAgEGAGSBQQIBRgEgAf71LuhAagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEMajI9IIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYlaT0-ZzZgwOaCSlodHRwczovL3Byb2R1Y3RzLmdyb3VwZG9jcy5jb20vcmVkYWN0aW9uL4AKAcgLAaIMCCoGCgSsurEC2BMC0BUBmBYBgBcBshccChoIABIUcHViLTk5NzczMDE4MDExNTU4MzkYAA&sigh=_KtrDhpPB98&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTgAvHhf_gtM0bLNMYYtWSmNL9vqLLwu-3v3Z6XrAWkIZBeDLGnDJxYhk59WyBnfxRjyq4FFEGDom0TmX_tQlYSVpA1euppzfgBcse3au_BgB&template_id=5001&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%227175004355118435836%22,%22debug_reporting%22:true,%22destination%22:%22https://groupdocs.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22735122797%22],%2222%22:[%22true%22],%224%22:[%2201-13%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%222093615762352157665%22}&andc=true

Request Chain 70

https://googleads.g.doubleclick.net/pagead/adview?ai=CNWevHOmhZey_FuGOjuwPhqOR0ATOo_qUdc74suSREvej5PeVDhABIMfDsyNglfqOgqAHoAGcr_uoAsgBAqgDAcgDyQSqBIsCT9Buiq17DEpHrs43K-eNyv8NIJ9zdVRrYmHCSr9AwFNM9Vgth0WbfqbPJcPPC1lRZQ0R3pP3I28MBr67vtPQtojE0aaF5IvHH5reAj3L5YfqwP2_uMhNPYN7V2K5N5AC5vrLnpm_43xxQweaUgume8ZjCr74T4X-XOk452NCyRWybnjkBFE9UPtisgxVeeheXUMHQ09AB-jgyHbPRC330a4VGk50Adwv0Q1noqDSFHY6A_H9LsO9Z-Q7162UR1z_Ja1RBgTJGaV-f7mnYojCXx1QZWSox-VJSWUasDmWbOB18HuNWs5o8wBsAHCgpaRO99BlbQgwgJ9RKYnUPXlDy9cBF2TImv6MgBoOwATrmo2bzQSIBY7EyPFNkgUECAQYAZIFBAgFGASgBgKAB8zQhNcBqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQt6cN0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOliVpPT5nNmDA5oJ5gFodHRwczovL3d3dy5oZXJvLXdhcnMuY29tLz9kZWxheWVkc2lnbnVwPXRydWUmbnhfc291cmNlPWFkeF9hZHdvcmRzZGlzcGxheS5od193Yl91Y18tLmNjLWRlLmctbS5hLTI1NTQuYXUtYWxsLm9wdC1wdXJjaGFzZTIuY29tLW5ld2FjLmNyLXNlbGZpZWZpZ2h0MWQuY24tMzAwXzYwMC5scC1kZWxheWVkLmR0LWRpc3BsYXkuY2lkLTIwOTA3Njk2NjU0LmFnaWQtMTU4MTY1MzIzMTE1LmNzZC0xMTAxMjQuLYAKAcgLAaIMCCoGCgSsurEC2BMN0BUBmBYBgBcBshccChoIABIUcHViLTk5NzczMDE4MDExNTU4MzkYAA&sigh=KvEOKBYTFms&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTgAvHhf_gtM0bLNMYYtWSmNL9vqLLwu-3v3Z6XrAWkIZBeDLGnDJxYhk59WyBnfxRjyq4FFEGDom0TmX_tQlYSVpA1euppzfgBcse3au_BgB&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2210642434772860867482%22,%22debug_reporting%22:true,%22destination%22:%22https://hero-wars.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22622778268%22],%2222%22:[%22true%22],%224%22:[%2201-13%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2215931888608686713473%22}&andc=true

Request Chain 94

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEFLMEVSol6bISNpXAJxsS1Y&google_cver=1&google_push=AXcoOmT8-W3gEMKk3cH5QilFGcknKHk_GcyeS5ySRxVXkrz4tc3GRILk24sRVz5uDY2jHbzhDL73oeO27iOGR9hCpqD03VecnEMecw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzM0NjM4NjIwMTA0NTIyODYwMQ==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENR8Q_wq_98Re1Kk4LPZFwc&google_cver=1

Request Chain 95

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEIWu8k-QvupYH0U_K2f1VqY&google_cver=1&google_push=AXcoOmRA9uk54xABKq1-2YZRtAPlGg_4NSj5CfvmZ-mHA2CSgv2GIe-4E-DzwXmW0JMWQsm8QH8Bsm_68HVABUUlFMnpBkWOlLUnUA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEIWu8k-QvupYH0U_K2f1VqY&google_push=AXcoOmRA9uk54xABKq1-2YZRtAPlGg_4NSj5CfvmZ-mHA2CSgv2GIe-4E-DzwXmW0JMWQsm8QH8Bsm_68HVABUUlFMnpBkWOlLUnUA

Request Chain 96

https://um.simpli.fi/gp_match?google_gid=CAESEDOr_61-Snn7Ec5AXa2O2Wk&google_cver=1&google_push=AXcoOmRcPK7oxSoIx5LpK2h4ziL8YhpRN9DXZwUbUf5if1jw7fcjEj6fFP9mna8uu3T3Rm6dE1FKIsJnly0x-WaT0N_APdGuwtpEmsk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=56021ECC502C463182B0679E02021E99&google_push=AXcoOmRcPK7oxSoIx5LpK2h4ziL8YhpRN9DXZwUbUf5if1jw7fcjEj6fFP9mna8uu3T3Rm6dE1FKIsJnly0x-WaT0N_APdGuwtpEmsk

Request Chain 97

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEHL0si90BNsdSiOaWd5rysI&google_cver=1&google_push=AXcoOmTk_Nht7MM83lFN6KIfvD8go1ne1lJaoY8ozY8hF6HRVI31kc0YrVYPGrFdrhUnU_6XpofE__wXyq8xQYi9q4r7PPCquS06ug HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmTk_Nht7MM83lFN6KIfvD8go1ne1lJaoY8ozY8hF6HRVI31kc0YrVYPGrFdrhUnU_6XpofE__wXyq8xQYi9q4r7PPCquS06ug&google_hm=KUQiAtBcSQ25ZTMJu9Q_QyQ

Request Chain 99

https://ads.travelaudience.com/google_pixel?google_gid=CAESENUSGa0dUgFFngCDANMqCRs&google_cver=1&google_push=AXcoOmSVAvv7ni6NGYlIIIZRg7EwLsB4lPA8EZV0aYgW8oE9Z2I7cHBM3OrJYn8T9rYXhYdIIJQXaFBGgXv2xz1BVTus8wctx7oylg HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=bfxBzTAjRIgHNLo-6v2NiQ&google_push=AXcoOmSVAvv7ni6NGYlIIIZRg7EwLsB4lPA8EZV0aYgW8oE9Z2I7cHBM3OrJYn8T9rYXhYdIIJQXaFBGgXv2xz1BVTus8wctx7oylg

Request Chain 100

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEKDCxeEnc-nZRCROPSr26JE&google_cver=1&google_push=AXcoOmQsVft3KboHm-NyVelde_f6MtnCPZIrqJKfm_L8uPzaGozmXXNCeFO1nnSAQ86qUuSCwcR0zYRFTjb-OTbtvoGvcckr-d8guvo HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEKDCxeEnc-nZRCROPSr26JE&google_cver=1&google_push=AXcoOmQsVft3KboHm-NyVelde_f6MtnCPZIrqJKfm_L8uPzaGozmXXNCeFO1nnSAQ86qUuSCwcR0zYRFTjb-OTbtvoGvcckr-d8guvo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzQ2NTYyMTE3OTc2OTE5ODcwMw&google_push=AXcoOmQsVft3KboHm-NyVelde_f6MtnCPZIrqJKfm_L8uPzaGozmXXNCeFO1nnSAQ86qUuSCwcR0zYRFTjb-OTbtvoGvcckr-d8guvo

Request Chain 102

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 103

https://ad.turn.com/r/cs?pid=3&google_gid=CAESENR8Q_wq_98Re1Kk4LPZFwc&google_cver=1&google_push=AXcoOmSEUvcUGD09yChd3bHJ00GPt7KwgaCCxCdE9N50fEtP-Uu-hiQnx_vk4LQv9COKwUaBhMgDhjOe738KS7YJBaKtDJCuR7VtLoo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzI3NDMyODYwNzAwNzMwMDY2NQ==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENR8Q_wq_98Re1Kk4LPZFwc&google_cver=1

Request Chain 104

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEN7CHgjljbFhI0HrpTpe9j8&google_cver=1&google_push=AXcoOmRS10IFgSgz8dmM_LmfjtqJ6hqiP-Lxs6kYJ1-ZFm8Fp9DHfhq9415HZ5xMjL_rzeTfmMkmcJWxQE6BmgGDGXN4QInrfGbYOv4A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmRS10IFgSgz8dmM_LmfjtqJ6hqiP-Lxs6kYJ1-ZFm8Fp9DHfhq9415HZ5xMjL_rzeTfmMkmcJWxQE6BmgGDGXN4QInrfGbYOv4A&google_hm=gbfvx4z1RiCYQ8fYiZOinyQ

Request Chain 106

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEAsWKuXVkwX4sbgF9Oxoen0&google_cver=1&google_push=AXcoOmQiHr9qXc3-Fve3wbaFlT727eZ3DL_pdj52fwx_N_mzMl5jVaHuMEYFuIqEEbbEy86ojRpEyz1OWzV52yENDhlaYGGN16XVdzma HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMyMzM5MDc3OTg0OTExMTY5OQ%3D%3D&google_push=AXcoOmQiHr9qXc3-Fve3wbaFlT727eZ3DL_pdj52fwx_N_mzMl5jVaHuMEYFuIqEEbbEy86ojRpEyz1OWzV52yENDhlaYGGN16XVdzma

Request Chain 107

https://ads.travelaudience.com/google_pixel?google_gid=CAESEHlj7FQLl6xiQKP3TH_u2is&google_cver=1&google_push=AXcoOmTAWLBFTCQrQSZr2CYq2APGRCKpvuogrV6ci0TPzj9ixXRNVZb61-iVWg3dY-GT89ho5jrq1WYggYrOiOUlv8wN4TGXz_RUrefD HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=P8l277-IRW08pB7WhScXEQ&google_push=AXcoOmTAWLBFTCQrQSZr2CYq2APGRCKpvuogrV6ci0TPzj9ixXRNVZb61-iVWg3dY-GT89ho5jrq1WYggYrOiOUlv8wN4TGXz_RUrefD

Request Chain 108

https://d5p.de17a.com/cookies/google?google_gid=CAESEI48Bjoy5Z8dxoME9tjYYqw&google_cver=1&google_push=AXcoOmTM0swuiP_FAz79UdoHJcnAzb1jhHuLDHF-4H-VKVsGQmX6zI2PNw-_9tULxTWJGuORAc88_5KuMaPbdpT_e4tfhGXKSeAGUOC9 HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEI48Bjoy5Z8dxoME9tjYYqw&google_cver=1&google_push=AXcoOmTM0swuiP_FAz79UdoHJcnAzb1jhHuLDHF-4H-VKVsGQmX6zI2PNw-_9tULxTWJGuORAc88_5KuMaPbdpT_e4tfhGXKSeAGUOC9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmTM0swuiP_FAz79UdoHJcnAzb1jhHuLDHF-4H-VKVsGQmX6zI2PNw-_9tULxTWJGuORAc88_5KuMaPbdpT_e4tfhGXKSeAGUOC9

Request Chain 109

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEIxVVb16gm17hV_x7RDf5y8&google_cver=1&google_push=AXcoOmT9rOOeroqe216WuFX4ZqG-V5HFNt2VyPjno1pVfEhgGpuQQqx1Dmhg72BYq7WYQEv5rqXKc-qi7aTE96Q3MsSNZ88teipzZ8U9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmT9rOOeroqe216WuFX4ZqG-V5HFNt2VyPjno1pVfEhgGpuQQqx1Dmhg72BYq7WYQEv5rqXKc-qi7aTE96Q3MsSNZ88teipzZ8U9

Request Chain 111

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 112

https://googleads.g.doubleclick.net/pagead/adview?ai=CXw2THOmhZZKhNNKHjuwPvP-FwA7Mj86zdMrjnujxEbCQHxABIMfDsyNglfqOgqAHoAH34pu0KMgBAqgDAcgDyQSqBJECT9CVcEE1_6JNkxfKZdfOyaTkAntzDDJ-ejvVsYezxp0p32NrXpTRK3bP5H-njjriCYEYNujbs2Xb-XoZD3o-0xCdaFv21FapDcqW2GM9SR9TiTPL9LnSp1z8q5fmHyO92UWYJSEPYiZyrWq3Av7R5WSoQ5g8PqbV_CX8r94KH3LJRJiHmDSctiGIhuuRWYcv75LdhKtlVm6iRH8obAnvP3QAnjmaeNLxTxNcuJ7z8yyLPqVIMIx3N_sPvi-KcaOyukCDYWYrb1NRel4mGClsASmCX8u9SRjkhbn30vdOWt4T_MWNr_mUx74p65Ue6OQ8WDC0WD0LOSTbGGCmbzj1lT0DTX9TD1pMPQ6RquhIJMcUwATwot6pogSIBZ3NgI5EkgUECAQYAZIFBAgFGASgBgKAB_ea7JMDqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQxY040ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljshZL6nNmDA5oJPWh0dHBzOi8vZnJlZS53ZWJjb21wYW5pb24uY29tL21pbmltZS9kZS8_Y2FtcGFpZ249MTgyODI5ODEwMjGACgHICwGiDAgqBgoErLqxAtgTDdAVAYAXAbIXHAoaCAASFHB1Yi05OTc3MzAxODAxMTU1ODM5GAA&sigh=9QKmoVpj4uU&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSPAAvHhf_3mQ1bYUs0_KROZ37vcKqxOy3E66qlXRMXf5VKpCEg8CTWL5dIGYAtB6Wo1rxp0vZL99CfArtRBgB&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%229001214903912457890%22,%22debug_reporting%22:true,%22destination%22:%22https://webcompanion.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210846925175%22],%2222%22:[%22true%22],%224%22:[%2201-13%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2217868831599563161249%22}&andc=true

Request Chain 114

https://googleads.g.doubleclick.net/pagead/adview?ai=CUQxpHOmhZdX8NKC6juwP9PKMkAbMj86zdMrjnujxEbCQHxABIMfDsyNglfqOgqAHoAH34pu0KMgBAqgDAcgDyQSqBI4CT9D8aVKAiIkV6LTUWAxI6O4eexnZCqDMiLoElQ_smPXhlJXqx4fC6FpI-WaNsEBBR1cce3ixou9zDHZx9cCfZ0hpvpbZJkFnvOvSlzc_8BJ_fkJd9pyGGx6_5qPahPwdTH7keZ4e-LQR40Bwzm7bw-dB6SaQL2HlyY8xdwdcay48tlDsQ6wC78r9oLHtLdQIuc5OKofeQlIYQPvdJ7Tywkh5qlneSh8viHN0Srv014n7cW8wtm2ZiXXTnxrqmwMpJdasQu67BgPBKWqmjWeHL94cfZx_ROl-McESdfYlncYP32OKwEpv3sPtTn9Fk1itnMJcDX-QCR7PID8JW4mLkxiJLaYsm3-0dVe2o7EJwATwot6pogSIBZ3NgI5EkgUECAQYAZIFBAgFGASgBgKAB_ea7JMDqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ2K8g0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOliazJL6nNmDA5oJPWh0dHBzOi8vZnJlZS53ZWJjb21wYW5pb24uY29tL21pbmltZS9kZS8_Y2FtcGFpZ249MTgyODI5ODEwMjGACgHICwHYEw3QFQGAFwGyFxwKGggAEhRwdWItOTk3NzMwMTgwMTE1NTgzORgA&sigh=38sIZcs3k0U&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSPAAvHhf_OprRcLKc2UWDzEOd0PG5jXUxW8nLVT5L-9_OqmoYnTrtaCnNUFKB8l62zydDWZVMTyaRclpJxhgB&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211060815134130685706%22,%22debug_reporting%22:true,%22destination%22:%22https://webcompanion.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210846925175%22],%2222%22:[%22true%22],%224%22:[%2201-13%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%221799862701631854049%22}&andc=true

125 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
winterolympicspass.com/
Redirect Chain

https://olympics2021info.com/
https://winterolympicspass.com/

86 KB
21 KB

677ms
612ms

Document
text/html

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://winterolympicspass.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

caf2a2b47b4f155eb20e13ed0ce981569b2a6a9077f7e18349defc7234b0740d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8449e88ad980f174-CDG
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 13 Jan 2024 01:36:27 GMT
link: <https://winterolympicspass.com/wp-json/>; rel="https://api.w.org/" <https://winterolympicspass.com/wp-json/wp/v2/pages/85>; rel="alternate"; type="application/json" <https://winterolympicspass.com/>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e1%2BUDC8aqPJJdU%2B%2FNDejBCjIKX0ICHMpxgtpD%2FuQwHX%2FHIeDqYe2ZaFNqFMBbK4LgViYIrKlJ%2FexGqBqSPeXPhSjeCW4XrpKyKFHPrPIEplfrdb%2BVdeJqV6MLHXthongj0YBbySRzvTZ5hqQnWfWoQpBZSdJ"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload;
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-litespeed-cache: hit
x-turbo-charged-by: LiteSpeed
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8449e889091fbbd1-FRA
content-type: text/html
date: Sat, 13 Jan 2024 01:36:27 GMT
location: https://winterolympicspass.com/
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e5UkqazDK28qqguBYuJC7utGL2u6FrWODB3eO%2FkjlC%2FJ3JcdG3lxpEFj0zj8YR6m14UZynGxxxs7DkWRxYjLxJhue650Q14l6HyE46pNXY%2FZDPvl1ifAi6rLu7GwRn24cn2LSklnei1Qa%2BtWdmtNMcamYA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
x-xss-protection: 1; mode=block

GET
H2 200 style.min.css
winterolympicspass.com/wp-includes/css/dist/block-library/ 107 KB
15 KB 678ms
678ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://winterolympicspass.com/wp-includes/css/dist/block-library/style.min.css?ver=6.4.2

Requested by

Host: winterolympicspass.com
URL: https://winterolympicspass.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winterolympicspass.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:36:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload;
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 08 Nov 2023 03:42:29 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cku01abA0ELhKVtwMot82bBOnOwG2U72k%2BHJP405PbogUiX0GySg1uMmHlo92VYl6buJUFg%2F578ZTwJM%2F4UFYUg0z17CSH%2BJwQ3g5tRZdmFkNk4TIqgn3NuH6ArwqNRkKsNaVMD6vjUKByiVXkN4ktMedye%2F"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8449e88ebbfaf174-CDG
expires: Sat, 20 Jan 2024 01:36:28 GMT

GET
H2 200 style-main-new.min.css
winterolympicspass.com/wp-content/themes/neve/ 38 KB
9 KB 480ms
480ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://winterolympicspass.com/wp-content/themes/neve/style-main-new.min.css?ver=3.7.5

Requested by

Host: winterolympicspass.com
URL: https://winterolympicspass.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5fe0828203efe471012bed50f3a13b4f866d7832a45b9d7a2d7e20443a936f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winterolympicspass.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:36:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload;
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 22 Dec 2023 20:08:26 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gNma01EIeVkXvdOB8dKvz6VQwCTD8%2BEepXKR1ROvvSoi%2FVOIy44NMfHCfET0TlZb9q4MUS41hrgFEuNuX1Ba%2FtMD3%2F6eyzFMWDIxFNSQLKdbjdrfWQXmB8%2BpmX47DA0IbwjNDpDw9QD9adz5RSRFUquAdjrf"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8449e88ebbfbf174-CDG
expires: Sat, 20 Jan 2024 01:36:28 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 151 KB
51 KB 84ms
64ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9977301801155839

Requested by

Host: winterolympicspass.com
URL: https://winterolympicspass.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

89d58fa2b6d69b45dfc18af3e65090a7cf769280ca6f91f3b2872a599aedf0fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://winterolympicspass.com/
Origin: https://winterolympicspass.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:36:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51702
x-xss-protection: 0
server: cafe
etag: 7375151555805293832
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Sat, 13 Jan 2024 01:36:28 GMT

GET
H2 200 Winter-Olympics-Pass.png
winterolympicspass.com/wp-content/uploads/2021/11/ 7 KB
7 KB 508ms
507ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://winterolympicspass.com/wp-content/uploads/2021/11/Winter-Olympics-Pass.png

Requested by

Host: winterolympicspass.com
URL: https://winterolympicspass.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0bbaa4710a3fa653a00e93e594f3b64a771b7b38e32f788b9e4947ea11719b8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winterolympicspass.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:36:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload;
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 6821
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 16 Nov 2021 04:50:38 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oBj0pcY6TEXNAtpG2rkBxfXfRGO%2FPoa0WPORbl0foLaW4Tg1tIaCAy%2B3ZJ5cYLWtrEX2ePuZ0RthXJsbJqiKWqsizG9YC5NB8VWilKxGCYkfUTWnK%2BUV0Jt3CXL2gC3SPtkXPPAh0nD7djEZpvLXsV24uv8t"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 8449e88ebbfdf174-CDG
expires: Sat, 20 Jan 2024 01:36:28 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/ 402 KB
136 KB 80ms
65ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9977301801155839&plah=winterolympicspass.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9977301801155839

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4eac3be34683f96cb71e02f5fb3f12ddfdd7092669d6e739ba05492b863ba97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winterolympicspass.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:36:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 139380
x-xss-protection: 0
server: cafe
etag: 9070655362908248592
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 13 Jan 2024 01:36:28 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240109/r20190131/ Frame 6F79 9 KB
4 KB 28ms
6ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240109/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9977301801155839

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://winterolympicspass.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 17776
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 12 Jan 2024 20:40:12 GMT
etag: 9219409622527106327
expires: Fri, 26 Jan 2024 20:40:12 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 winter-olympics-2022-live-stream.png
winterolympicspass.com/wp-content/uploads/2021/11/ 139 KB
140 KB 1021ms
1021ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://winterolympicspass.com/wp-content/uploads/2021/11/winter-olympics-2022-live-stream.png

Requested by

Host: winterolympicspass.com
URL: https://winterolympicspass.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e548f050d2884e29d1884c714f7893b27d96eb814be0245364cf9aa5b22a17aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winterolympicspass.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:36:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload;
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 142492
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Nov 2021 07:25:21 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pkbVzJf5D5MewBarDn9wFsoyJDD36cNx24%2BJ6l6uloaPsdp8SzI2LFx0QyGUlxdZAOk%2F2kcH3PiP%2Fd36OZQ1EwgU4YFNiCVXiB0%2FCgzQMJFJev2ATsX7T%2BeT%2BvTzD1bgLJMEMDkiwy7WogMbuO6%2FiO0Tw3En"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 8449e8906a5199ae-CDG
expires: Sat, 20 Jan 2024 01:36:28 GMT

GET
H3 200 how-to-watch-olympics-2022-without-cable.png
winterolympicspass.com/wp-content/uploads/2021/11/ 95 KB
96 KB 1060ms
1060ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://winterolympicspass.com/wp-content/uploads/2021/11/how-to-watch-olympics-2022-without-cable.png

Requested by

Host: winterolympicspass.com
URL: https://winterolympicspass.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f950e8a2d5253a968e996263f8565a82282ac5c5a9c6cc47549ec30810ad5728

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winterolympicspass.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:36:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload;
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 97581
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Nov 2021 07:40:56 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sgc0bPyzUopJXRE1bMk8efCyGkPiUxydzK6K7P09iogwHceblKo5%2F2kP6fU25VuC1lUAjzTYZ6DUjSot%2FpU23Y1bVcTlfvXxiQupZO7c4WznN4hOwdU0v3dJspyuGuuKTnkBQ4%2BlK0d1ZaEPi06cy75MkM0V"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 8449e8906a5299ae-CDG
expires: Sat, 20 Jan 2024 01:36:28 GMT

GET
H3 200 frontend.js Show response
winterolympicspass.com/wp-content/themes/neve/assets/js/build/modern/ 7 KB
3 KB 463ms
463ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://winterolympicspass.com/wp-content/themes/neve/assets/js/build/modern/frontend.js?ver=3.7.5

Requested by

Host: winterolympicspass.com
URL: https://winterolympicspass.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c8f98193fb384aec85457cb08f81ab709e12d86cdb01de3cf9f5bb6c35f57bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winterolympicspass.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:36:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload;
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 22 Dec 2023 20:08:26 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j91c%2FWr0vCegwMl8IcHEGXQQwUK%2Fytg9l0OkULxmvDP5yPsYCmLjBer9vZPY09xzxoCmyxtwUaoOCaFkIO7KpgePvOhYZXNXxMBknoEQDElQWhK9hSnLNc%2FRy2wRjIbxYFyiZcvQKD7vy9LXDSAWBA9lQLce"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8449e8906a5399ae-CDG
expires: Sat, 20 Jan 2024 01:36:28 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7F6B 540 KB
102 KB 430ms
430ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&adk=3105533540&adf=2621220088&lmt=1705109788&plat=3%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=404x945_r&format=0x0&url=https%3A%2F%2Fwinterolympicspass.com%2F&pra=5&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788168&bpp=16&bdt=222&idt=172&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6241049561395&frm=20&pv=2&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=183

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9977301801155839&plah=winterolympicspass.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0e0a9a33e5282aebe315f8b63532770c800b76701da4eb9d75ae05f0196cec91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://winterolympicspass.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 104148
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 01:36:28 GMT
expires: Sat, 13 Jan 2024 01:36:28 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 62B5 120 KB
40 KB 419ms
418ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=1483442758&adf=2713021026&pi=t.aa~a.356315161~rp.1&w=1120&fwrn=4&fwrnh=100&lmt=1705109788&rafmt=1&to=qs&pwprc=7073931503&format=1120x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788184&bpp=2&bdt=238&idt=169&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=454&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=171

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5ff899f65b3b15535cb0c7286e3a9e737b5dd11aad061eda26259d97c512c36d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://winterolympicspass.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 40842
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 01:36:28 GMT
expires: Sat, 13 Jan 2024 01:36:28 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame 62B5 4 KB
1 KB 43ms
16ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=1483442758&adf=2713021026&pi=t.aa~a.356315161~rp.1&w=1120&fwrn=4&fwrnh=100&lmt=1705109788&rafmt=1&to=qs&pwprc=7073931503&format=1120x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788184&bpp=2&bdt=238&idt=169&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=454&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=171

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 13 Jan 2024 01:36:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 13 Jan 2024 01:26:54 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 13 Jan 2024 01:36:28 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/ Frame 62B5 2 KB
903 B 65ms
13ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 21:28:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14885
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 21:28:23 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/ Frame 62B5 23 KB
9 KB 61ms
10ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 15:38:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35880
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 15:38:28 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/ Frame 62B5 3 KB
1 KB 61ms
11ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 17:58:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27501
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 17:58:07 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/ Frame 62B5 20 KB
9 KB 59ms
8ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 19:20:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22577
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 19:20:11 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 62B5 205 KB
65 KB 116ms
80ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed88d5a1c97dc43c114c0b289b3b5abf077be44e8e8765a9ad777f94af433411

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:36:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66227
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704891455226136"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Jan 2024 01:36:28 GMT

GET
H2 200 4cee352c918c506f58256258d534a665.js Show response
www.gstatic.com/mysidia/ Frame 62B5 37 KB
16 KB 32ms
9ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/4cee352c918c506f58256258d534a665.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6b20a1535a6d3ca3d7a611ae199a6f4b464e0b67b450379ed43a7ef3e66957c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 08:48:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 319686
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15452
x-xss-protection: 0
last-modified: Tue, 02 Jan 2024 22:18:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 08 Apr 2024 08:48:22 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/1056525848404490225/ Frame 62B5 28 KB
28 KB 62ms
15ms Image
image/jpeg 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1056525848404490225/14763004658117789537?w=600&h=314&tw=1&q=75

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9dedf1b11c544d5935bbd2fe7d822b98841911c7b29d3646404a052b6cb5ead4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Tue, 07 Jan 2025 15:55:20 GMT
date: Mon, 08 Jan 2024 15:55:20 GMT
x-content-type-options: nosniff
age: 380468
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28378
x-xss-protection: 0
last-modified: Thu, 22 Jun 2023 14:28:54 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/3297832587674907727/ Frame 62B5 1 KB
2 KB 60ms
14ms Image
image/jpeg 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3297832587674907727/14763004658117789537?w=100&h=100&tw=1&q=75

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0d49a6b42f109e6d9d6f984cf821850a1b08a833a4b11a489bbc352bfa777b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Wed, 08 Jan 2025 08:55:54 GMT
date: Tue, 09 Jan 2024 08:55:54 GMT
x-content-type-options: nosniff
age: 319234
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1479
x-xss-protection: 0
last-modified: Sun, 26 Jun 2022 04:38:30 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/ 162 KB
55 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2fc61b9e742ede97afd0f2053fd1d30abd73f88e6c58547c9ec7972dd3be9357

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winterolympicspass.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:36:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56403
x-xss-protection: 0
server: cafe
etag: 9737205400989249786
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sat, 13 Jan 2024 01:36:28 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4C61 105 KB
39 KB 388ms
387ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=3709933562&adf=1687536192&pi=t.aa~a.3914302165~i.17~rp.4&w=789&fwrn=4&fwrnh=100&lmt=1705109788&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7073931503&ad_type=text_image&format=789x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rh=198&rw=789&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788831&bpp=1&bdt=885&idt=-M&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1120x280&nras=3&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=406&ady=1543&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=8

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

186492ed004687105971250e0db657b77ad427bedf56585a303a8c340b9e6880

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://winterolympicspass.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 40337
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 01:36:29 GMT
expires: Sat, 13 Jan 2024 01:36:29 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 236A 104 KB
39 KB 396ms
396ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=3709933562&adf=2933007315&pi=t.aa~a.3914302165~i.25~rp.4&w=789&fwrn=4&fwrnh=100&lmt=1705109788&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7073931503&ad_type=text_image&format=789x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rh=198&rw=789&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788831&bpp=1&bdt=885&idt=0&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1120x280%2C789x280&nras=4&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=406&ady=2215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=15

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4bdb27163b435db421723a859e86d17c8f8d130007e55a5ef200c4381d5b4c85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://winterolympicspass.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 40147
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 01:36:29 GMT
expires: Sat, 13 Jan 2024 01:36:29 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/ Frame E10D 9 KB
4 KB 7ms
7ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://winterolympicspass.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 13694
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 12 Jan 2024 21:48:14 GMT
etag: 9219409622527106327
expires: Fri, 26 Jan 2024 21:48:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/ Frame 3FFC 9 KB
4 KB 7ms
7ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://winterolympicspass.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 13694
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 12 Jan 2024 21:48:14 GMT
etag: 9219409622527106327
expires: Fri, 26 Jan 2024 21:48:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/ Frame 10E0 9 KB
4 KB 7ms
7ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://winterolympicspass.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 13694
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 12 Jan 2024 21:48:14 GMT
etag: 9219409622527106327
expires: Fri, 26 Jan 2024 21:48:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 62B5 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d2482cdbb83b042c93001b43ba343688a4472bffba3a5e0fad7cdb313a4744bc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css2
fonts.googleapis.com/ Frame E10D 4 KB
744 B 18ms
17ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 13 Jan 2024 01:36:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 13 Jan 2024 01:29:56 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 13 Jan 2024 01:36:28 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame E10D 205 B
519 B 9ms
8ms Image
image/png 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 13:30:37 GMT
x-content-type-options: nosniff
age: 43551
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 11 Jan 2025 13:30:37 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame E10D 604 B
695 B 10ms
9ms Image
image/png 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 14:30:21 GMT
x-content-type-options: nosniff
age: 39967
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 11 Jan 2025 14:30:21 GMT

GET
H2 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/elements/html/ Frame E10D 16 KB
7 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

972f7a26f860f2f122dcf2a4c5cae616df3a4a83e0c8318a1afb824c766fb651

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 08:47:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 60510
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6823
x-xss-protection: 0
server: cafe
etag: 11129212757755515379
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 08:47:58 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/elements/html/ Frame E10D 22 KB
9 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a519c62e734157227e61ce5209158e1b7b484b5f2b68e3ccaed1ffe444de36d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 20:31:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18301
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9422
x-xss-protection: 0
server: cafe
etag: 10624764489894593518
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 20:31:27 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/ Frame 3FFC 23 KB
9 KB 37ms
25ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 20:50:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17183
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 20:50:05 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A855 143 B
166 B 17ms
7ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3487
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 00:38:21 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/ Frame 3FFC 3 KB
1 KB 38ms
26ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 11:12:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51852
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 11:12:16 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/ Frame 3FFC 20 KB
8 KB 23ms
11ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 09:07:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59324
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 09:07:44 GMT

GET
H2 200 15122893668453802735
tpc.googlesyndication.com/daca_images/simgad/ Frame 3FFC 73 KB
73 KB 27ms
15ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/15122893668453802735

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a501116c79996dd7937d07a9af6ed63da208ff30782e36e61181afc650e5ed2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Sat, 11 Jan 2025 23:51:25 GMT
date: Fri, 12 Jan 2024 23:51:25 GMT
x-content-type-options: nosniff
age: 6303
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74901
x-xss-protection: 0
last-modified: Thu, 11 Jan 2024 16:56:42 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3FFC 205 KB
65 KB 57ms
45ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed88d5a1c97dc43c114c0b289b3b5abf077be44e8e8765a9ad777f94af433411

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:36:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66227
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704891455226136"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Jan 2024 01:36:28 GMT

GET
H2 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/ Frame 3FFC 36 KB
15 KB 25ms
14ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7e84408aa66b9c10dd6e2d630f717b4b4f03345cd77fc5360f4ccba99ce1fa74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 08:50:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 60377
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14790
x-xss-protection: 0
server: cafe
etag: 14910708302111541132
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 08:50:11 GMT

GET
H2 200 4b0ef9dfa83525e0607f42119c034d23.js Show response
www.gstatic.com/mysidia/ Frame 10E0 9 KB
4 KB 11ms
7ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/4b0ef9dfa83525e0607f42119c034d23.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97c530c44249746307c2b01b37eed0f53757d139bc4243798f468c71da9844da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 11:37:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50321
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4079
x-xss-protection: 0
last-modified: Thu, 11 Jan 2024 04:29:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 11 Apr 2024 11:37:47 GMT

GET
H2 200 67b2cf2770e31c0fa9735c0b8b540980.js Show response
www.gstatic.com/mysidia/ Frame 10E0 11 KB
5 KB 23ms
18ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/67b2cf2770e31c0fa9735c0b8b540980.js?tag=text/vanilla_highlight_ms

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

559ed27b48f52ad1c65466a95a120b8264f7dea4a23d31f2ebb3b5beca3321f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 08:47:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 319724
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4763
x-xss-protection: 0
last-modified: Fri, 05 Jan 2024 00:56:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 08 Apr 2024 08:47:44 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 10E0 14 KB
1 KB 25ms
21ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 13 Jan 2024 01:36:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 13 Jan 2024 01:25:18 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 13 Jan 2024 01:36:28 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/ Frame 10E0 2 KB
887 B 36ms
32ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 15:06:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 37793
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 15:06:35 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/ Frame 10E0 23 KB
9 KB 33ms
29ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 20:50:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17183
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 20:50:05 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/ Frame 10E0 3 KB
1 KB 35ms
32ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 11:12:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51852
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 11:12:16 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/ Frame 10E0 20 KB
8 KB 15ms
12ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 09:07:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59324
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 09:07:44 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 10E0 205 KB
65 KB 85ms
82ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed88d5a1c97dc43c114c0b289b3b5abf077be44e8e8765a9ad777f94af433411

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:36:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66227
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704891455226136"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Jan 2024 01:36:28 GMT

GET
H2 200 4cee352c918c506f58256258d534a665.js Show response
www.gstatic.com/mysidia/ Frame 10E0 37 KB
15 KB 11ms
8ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/4cee352c918c506f58256258d534a665.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6b20a1535a6d3ca3d7a611ae199a6f4b464e0b67b450379ed43a7ef3e66957c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 08:48:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 319686
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15452
x-xss-protection: 0
last-modified: Tue, 02 Jan 2024 22:18:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 08 Apr 2024 08:48:22 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame F740 2 KB
480 B 31ms
19ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins%3A400%2C600

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e537bb0b81601eabcdc6dd4e2eb938917a7c6887765651882ec0ed5081c26c67

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 13 Jan 2024 01:36:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 13 Jan 2024 01:26:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 13 Jan 2024 01:36:28 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/ Frame F740 2 KB
822 B 22ms
10ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 15:06:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 37793
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 15:06:35 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/ Frame F740 23 KB
9 KB 21ms
9ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 20:50:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17183
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 20:50:05 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/ Frame F740 3 KB
1 KB 30ms
18ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 11:12:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51852
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 11:12:16 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/ Frame F740 20 KB
8 KB 23ms
11ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 09:07:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59324
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 09:07:44 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame F740 205 KB
65 KB 62ms
51ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed88d5a1c97dc43c114c0b289b3b5abf077be44e8e8765a9ad777f94af433411

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:36:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66227
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704891455226136"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Jan 2024 01:36:28 GMT

GET
H3 200 4cee352c918c506f58256258d534a665.js Show response
www.gstatic.com/mysidia/ Frame F740 37 KB
15 KB 17ms
7ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/4cee352c918c506f58256258d534a665.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6b20a1535a6d3ca3d7a611ae199a6f4b464e0b67b450379ed43a7ef3e66957c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 08:48:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 319686
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15452
x-xss-protection: 0
last-modified: Tue, 02 Jan 2024 22:18:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 08 Apr 2024 08:48:22 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/5616178971693136653/ Frame 10E0 2 KB
2 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5616178971693136653/14763004658117789537?w=100&h=100&tw=1&q=75

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90dcb0c2140d31a23745531673fde32f0dd6161d880a8fc8308d406dddaf683c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Sun, 12 Jan 2025 01:00:18 GMT
date: Sat, 13 Jan 2024 01:00:18 GMT
x-content-type-options: nosniff
age: 2170
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2064
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 23:42:24 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3C5A 143 B
166 B 8ms
7ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3488
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 00:38:21 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 10E0 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d76275874fe843aa06f6072cc8cd5cc652cdf8ecc55831b12063ab0aca1d853a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A855
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

22ms
21ms

Document
text/html

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 01:36:29 GMT
expires: Sat, 13 Jan 2024 01:36:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 01:36:29 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 62B5 16 KB
16 KB 40ms
6ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 09:10:14 GMT
x-content-type-options: nosniff
age: 318375
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jan 2025 09:10:14 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 62B5 15 KB
15 KB 42ms
10ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:28:03 GMT
x-content-type-options: nosniff
age: 374906
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 07 Jan 2025 17:28:03 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 62B5
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CGdvpHOmhZYDbFuWajuwP56KFiAmyvJ-Ude7j6r3rEYKizPeRDhABIMfDsyNglfqOgqAHoAHBstPbA8gBCakCPQcSUFRjsj6oAwHIA8sEqgSPAk_QBNwWqVZnOHPG8-rnjnBIZeRfDt61gvP...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2217257886789297692053%22,%22debug_reporting%22:true,%22destination%22:%22https://joyn.de%22,%22event_report_window%22:%2225...

0
0

59ms
42ms

Fetch
text/css

216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2217257886789297692053%22,%22debug_reporting%22:true,%22destination%22:%22https://joyn.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22997513537%22],%2222%22:[%22true%22],%224%22:[%2201-13%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2218391256031551752385%22}&andc=true

Requested by

Host: winterolympicspass.com
URL: https://winterolympicspass.com/

Protocol

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:36:29 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"17257886789297692053","debug_reporting":true,"destination":"https://joyn.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["997513537"],"22":["true"],"4":["01-13"],"6":["true"]},"priority":"500","source_event_id":"18391256031551752385"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 13 Jan 2024 01:36:29 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 13 Jan 2024 01:36:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"17257886789297692053","debug_reporting":true,"destination":"https://joyn.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["997513537"],"22":["true"],"4":["01-13"],"6":["true"]},"priority":"500","source_event_id":"18391256031551752385"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Fq6oDGdSocwEj5ustB2bn5Kla54CG7w9cuWyRfTyGJI.js Show response
pagead2.googlesyndication.com/bg/ Frame 0E6A 50 KB
19 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Fq6oDGdSocwEj5ustB2bn5Kla54CG7w9cuWyRfTyGJI.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16aea80c6752a1cc048f9bacb41d9b9f92a56b9e021bbc3d72e5b245f4f21892

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 08:44:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 319899
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19690
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jan 2025 08:44:50 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3C5A
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

15ms
15ms

Document
text/html

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 01:36:29 GMT
expires: Sat, 13 Jan 2024 01:36:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 01:36:29 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 63ms
42ms Preflight
text/html 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 13 Jan 2024 01:36:29 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Fq6oDGdSocwEj5ustB2bn5Kla54CG7w9cuWyRfTyGJI.js Show response
pagead2.googlesyndication.com/bg/ Frame 68B0 50 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Fq6oDGdSocwEj5ustB2bn5Kla54CG7w9cuWyRfTyGJI.js

Requested by

Host: winterolympicspass.com
URL: https://winterolympicspass.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16aea80c6752a1cc048f9bacb41d9b9f92a56b9e021bbc3d72e5b245f4f21892

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 08:44:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 319899
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19690
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jan 2025 08:44:50 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 10E0 33 KB
33 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 00:19:37 GMT
x-content-type-options: nosniff
age: 350212
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jan 2025 00:19:37 GMT

GET
DATA 200
OK truncated
/ Frame 3FFC 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6c4f2a5f524eb5803e08abd277291f3c226056f7dacb4c6d880cf3a58be9a949

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 10E0
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=C9de0HOmhZe2_FuGOjuwPhqOR0ATQy-23a7rjp7uoENvZHhABIMfDsyNglfqOgqAHoAHtqsTeAsgBAagDAcgDywSqBIwCT9CbjYAFfvjQvO3hobz1eMCWDRIQNZoXOs9iSs8QCvUvEZ9FnL2...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%227175004355118435836%22,%22debug_reporting%22:true,%22destination%22:%22https://groupdocs.com%22,%22event_report_window%22:...

0
0

45ms
43ms

Fetch
text/css

216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%227175004355118435836%22,%22debug_reporting%22:true,%22destination%22:%22https://groupdocs.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22735122797%22],%2222%22:[%22true%22],%224%22:[%2201-13%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%222093615762352157665%22}&andc=true

Requested by

Host: winterolympicspass.com
URL: https://winterolympicspass.com/

Protocol

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:36:29 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"7175004355118435836","debug_reporting":true,"destination":"https://groupdocs.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["735122797"],"22":["true"],"4":["01-13"],"6":["true"]},"priority":"500","source_event_id":"2093615762352157665"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 13 Jan 2024 01:36:29 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 13 Jan 2024 01:36:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"7175004355118435836","debug_reporting":true,"destination":"https://groupdocs.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["735122797"],"22":["true"],"4":["01-13"],"6":["true"]},"priority":"500","source_event_id":"2093615762352157665"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Fq6oDGdSocwEj5ustB2bn5Kla54CG7w9cuWyRfTyGJI.js Show response
pagead2.googlesyndication.com/bg/ Frame 6B01 50 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Fq6oDGdSocwEj5ustB2bn5Kla54CG7w9cuWyRfTyGJI.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16aea80c6752a1cc048f9bacb41d9b9f92a56b9e021bbc3d72e5b245f4f21892

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 08:44:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 319899
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19690
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jan 2025 08:44:50 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 3FFC
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CNWevHOmhZey_FuGOjuwPhqOR0ATOo_qUdc74suSREvej5PeVDhABIMfDsyNglfqOgqAHoAGcr_uoAsgBAqgDAcgDyQSqBIsCT9Buiq17DEpHrs43K-eNyv8NIJ9zdVRrYmHCSr9AwFNM9Vg...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2210642434772860867482%22,%22debug_reporting%22:true,%22destination%22:%22https://hero-wars.com%22,%22event_report_window%22...

0
0

44ms
42ms

Fetch
text/css

216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2210642434772860867482%22,%22debug_reporting%22:true,%22destination%22:%22https://hero-wars.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22622778268%22],%2222%22:[%22true%22],%224%22:[%2201-13%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2215931888608686713473%22}&andc=true

Requested by

Host: winterolympicspass.com
URL: https://winterolympicspass.com/

Protocol

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:36:29 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"10642434772860867482","debug_reporting":true,"destination":"https://hero-wars.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["622778268"],"22":["true"],"4":["01-13"],"6":["true"]},"priority":"500","source_event_id":"15931888608686713473"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 13 Jan 2024 01:36:29 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 13 Jan 2024 01:36:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"10642434772860867482","debug_reporting":true,"destination":"https://hero-wars.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["622778268"],"22":["true"],"4":["01-13"],"6":["true"]},"priority":"500","source_event_id":"15931888608686713473"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Fq6oDGdSocwEj5ustB2bn5Kla54CG7w9cuWyRfTyGJI.js Show response
pagead2.googlesyndication.com/bg/ Frame CB2C 50 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Fq6oDGdSocwEj5ustB2bn5Kla54CG7w9cuWyRfTyGJI.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16aea80c6752a1cc048f9bacb41d9b9f92a56b9e021bbc3d72e5b245f4f21892

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 08:44:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 319899
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19690
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jan 2025 08:44:50 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 43ms
43ms Preflight
text/html 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 13 Jan 2024 01:36:29 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 43ms
42ms Preflight
text/html 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 13 Jan 2024 01:36:29 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 148742464806174268
tpc.googlesyndication.com/simgad/ Frame 4C61 18 KB
18 KB 13ms
13ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/148742464806174268?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qnNnQgcSmGSEKCUC5zdqT6lGRhJ_g

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=3709933562&adf=1687536192&pi=t.aa~a.3914302165~i.17~rp.4&w=789&fwrn=4&fwrnh=100&lmt=1705109788&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7073931503&ad_type=text_image&format=789x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rh=198&rw=789&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788831&bpp=1&bdt=885&idt=-M&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1120x280&nras=3&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=406&ady=1543&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b79e2f319a4307b8efa970936f6bf86a8236c2de2cb980c5950ed65b48a28c18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 06:46:19 GMT
x-content-type-options: nosniff
age: 327010
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18245
x-xss-protection: 0
last-modified: Tue, 18 Jul 2023 17:40:43 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 08 Jan 2025 06:46:19 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/ Frame 4C61 23 KB
9 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 15:38:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35881
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 15:38:28 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/ Frame 4C61 3 KB
1 KB 13ms
9ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 17:58:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27502
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 17:58:07 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/ Frame 4C61 20 KB
8 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 19:20:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22578
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 19:20:11 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 4C61 0
0 28ms
24ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRMHLL_7fyk2bHqF0k70omMMBICl4yIPf3OmUo_FSstdaifzoGtCvOKF7ti2UQ-id_VW0xwAw8w9auDjQ4CyPyZP0u06A
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=3709933562&adf=1687536192&pi=t.aa~a.3914302165~i.17~rp.4&w=789&fwrn=4&fwrnh=100&lmt=1705109788&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7073931503&ad_type=text_image&format=789x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rh=198&rw=789&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788831&bpp=1&bdt=885&idt=-M&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1120x280&nras=3&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=406&ady=1543&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=8
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4C61 205 KB
65 KB 48ms
44ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed88d5a1c97dc43c114c0b289b3b5abf077be44e8e8765a9ad777f94af433411

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:36:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66227
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704891455226136"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Jan 2024 01:36:29 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/ Frame 4C61 36 KB
14 KB 14ms
10ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7e84408aa66b9c10dd6e2d630f717b4b4f03345cd77fc5360f4ccba99ce1fa74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 23:21:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8082
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14790
x-xss-protection: 0
server: cafe
etag: 14910708302111541132
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 23:21:47 GMT

GET
H3 200 148742464806174268
tpc.googlesyndication.com/simgad/ Frame 236A 18 KB
18 KB 10ms
9ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/148742464806174268?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qnNnQgcSmGSEKCUC5zdqT6lGRhJ_g

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=3709933562&adf=2933007315&pi=t.aa~a.3914302165~i.25~rp.4&w=789&fwrn=4&fwrnh=100&lmt=1705109788&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7073931503&ad_type=text_image&format=789x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rh=198&rw=789&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788831&bpp=1&bdt=885&idt=0&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1120x280%2C789x280&nras=4&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=406&ady=2215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b79e2f319a4307b8efa970936f6bf86a8236c2de2cb980c5950ed65b48a28c18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 06:46:19 GMT
x-content-type-options: nosniff
age: 327010
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18245
x-xss-protection: 0
last-modified: Tue, 18 Jul 2023 17:40:43 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 08 Jan 2025 06:46:19 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/ Frame 236A 23 KB
9 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=3709933562&adf=2933007315&pi=t.aa~a.3914302165~i.25~rp.4&w=789&fwrn=4&fwrnh=100&lmt=1705109788&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7073931503&ad_type=text_image&format=789x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rh=198&rw=789&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788831&bpp=1&bdt=885&idt=0&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1120x280%2C789x280&nras=4&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=406&ady=2215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 15:38:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35881
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 15:38:28 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/ Frame 236A 3 KB
1 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=3709933562&adf=2933007315&pi=t.aa~a.3914302165~i.25~rp.4&w=789&fwrn=4&fwrnh=100&lmt=1705109788&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7073931503&ad_type=text_image&format=789x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rh=198&rw=789&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788831&bpp=1&bdt=885&idt=0&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1120x280%2C789x280&nras=4&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=406&ady=2215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 17:58:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27502
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 17:58:07 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/ Frame 236A 20 KB
8 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=3709933562&adf=2933007315&pi=t.aa~a.3914302165~i.25~rp.4&w=789&fwrn=4&fwrnh=100&lmt=1705109788&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7073931503&ad_type=text_image&format=789x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rh=198&rw=789&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788831&bpp=1&bdt=885&idt=0&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1120x280%2C789x280&nras=4&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=406&ady=2215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 19:20:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22578
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 19:20:11 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 236A 0
0 24ms
23ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSEB40Cpi2WTsnjkpoA3fzCYCY_teJBJngym76EmHW30SMxd1x1TUs6qra8Gl8RLNmNMNUOTvjfu6dsEH5Vw_uXbeYuag
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=3709933562&adf=2933007315&pi=t.aa~a.3914302165~i.25~rp.4&w=789&fwrn=4&fwrnh=100&lmt=1705109788&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7073931503&ad_type=text_image&format=789x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rh=198&rw=789&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788831&bpp=1&bdt=885&idt=0&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1120x280%2C789x280&nras=4&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=406&ady=2215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=15
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 236A 205 KB
65 KB 97ms
96ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=3709933562&adf=2933007315&pi=t.aa~a.3914302165~i.25~rp.4&w=789&fwrn=4&fwrnh=100&lmt=1705109788&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7073931503&ad_type=text_image&format=789x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rh=198&rw=789&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788831&bpp=1&bdt=885&idt=0&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1120x280%2C789x280&nras=4&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=406&ady=2215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed88d5a1c97dc43c114c0b289b3b5abf077be44e8e8765a9ad777f94af433411

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:36:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66227
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704891455226136"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Jan 2024 01:36:29 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/ Frame 236A 36 KB
14 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240109/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=3709933562&adf=2933007315&pi=t.aa~a.3914302165~i.25~rp.4&w=789&fwrn=4&fwrnh=100&lmt=1705109788&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7073931503&ad_type=text_image&format=789x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rh=198&rw=789&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788831&bpp=1&bdt=885&idt=0&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1120x280%2C789x280&nras=4&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=406&ady=2215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7e84408aa66b9c10dd6e2d630f717b4b4f03345cd77fc5360f4ccba99ce1fa74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 23:21:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8082
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14790
x-xss-protection: 0
server: cafe
etag: 14910708302111541132
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Jan 2024 23:21:47 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B262 143 B
166 B 14ms
11ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=3709933562&adf=1687536192&pi=t.aa~a.3914302165~i.17~rp.4&w=789&fwrn=4&fwrnh=100&lmt=1705109788&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7073931503&ad_type=text_image&format=789x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rh=198&rw=789&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788831&bpp=1&bdt=885&idt=-M&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1120x280&nras=3&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=406&ady=1543&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3488
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 00:38:21 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame A324 1 KB
643 B 13ms
10ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 22578
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 12 Jan 2024 19:20:11 GMT
etag: 48472445140208031
expires: Sat, 13 Jan 2024 19:20:11 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 63DE 143 B
166 B 12ms
12ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=3709933562&adf=2933007315&pi=t.aa~a.3914302165~i.25~rp.4&w=789&fwrn=4&fwrnh=100&lmt=1705109788&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7073931503&ad_type=text_image&format=789x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rh=198&rw=789&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788831&bpp=1&bdt=885&idt=0&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1120x280%2C789x280&nras=4&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=406&ady=2215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=3709933562&adf=2933007315&pi=t.aa~a.3914302165~i.25~rp.4&w=789&fwrn=4&fwrnh=100&lmt=1705109788&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7073931503&ad_type=text_image&format=789x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rh=198&rw=789&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788831&bpp=1&bdt=885&idt=0&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1120x280%2C789x280&nras=4&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=406&ady=2215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=15
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3488
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 00:38:21 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame AE8F 1 KB
643 B 16ms
15ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=3709933562&adf=2933007315&pi=t.aa~a.3914302165~i.25~rp.4&w=789&fwrn=4&fwrnh=100&lmt=1705109788&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7073931503&ad_type=text_image&format=789x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rh=198&rw=789&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788831&bpp=1&bdt=885&idt=0&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1120x280%2C789x280&nras=4&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=406&ady=2215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 22578
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 12 Jan 2024 19:20:11 GMT
etag: 48472445140208031
expires: Sat, 13 Jan 2024 19:20:11 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 4C61 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 56f658f85ba44de4647dc0dbff4b5cb2810f70326772ec440f2ea281db709290

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 236A 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ed46d4c57908941eb505248c69d65a4b595eb11ddb169d5a46626b3573c783c8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame A324
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEFLMEVSol6bISNpXAJxsS1Y&google_cver=1&google_push=AXcoOmT8-W3gEMKk3cH5QilFGcknKHk_GcyeS5ySRxVXkrz4tc3GRILk24sRVz5uDY2jHbzhDL73oeO27iOGR9hCpqD03VecnEMecw
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzM0NjM4NjIwMTA0NTIyODYwMQ==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENR8Q_wq_98Re1Kk4LPZFwc&google_cver=1

43 B
398 B

94ms
40ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENR8Q_wq_98Re1Kk4LPZFwc&google_cver=1
Requested by: Host: winterolympicspass.com
URL: https://winterolympicspass.com/
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sat, 13 Jan 2024 01:36:29 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Sat, 13 Jan 2024 01:36:29 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENR8Q_wq_98Re1Kk4LPZFwc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A324
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEIWu8k-QvupYH0U_K2f1VqY&google_push=AXcoOmRA9uk54xABKq1-2YZRtAPlGg_4NSj5CfvmZ-mHA2CSgv2GIe-4E-...

170 B
188 B

30ms
30ms

Image
image/png

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEIWu8k-QvupYH0U_K2f1VqY&google_push=AXcoOmRA9uk54xABKq1-2YZRtAPlGg_4NSj5CfvmZ-mHA2CSgv2GIe-4E-DzwXmW0JMWQsm8QH8Bsm_68HVABUUlFMnpBkWOlLUnUA

Requested by

Host: winterolympicspass.com
URL: https://winterolympicspass.com/

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 01:36:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-etou8220094-FRA
pragma: no-cache
date: Sat, 13 Jan 2024 01:36:29 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1705109789.334936,VS0,VE98
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEIWu8k-QvupYH0U_K2f1VqY&google_push=AXcoOmRA9uk54xABKq1-2YZRtAPlGg_4NSj5CfvmZ-mHA2CSgv2GIe-4E-DzwXmW0JMWQsm8QH8Bsm_68HVABUUlFMnpBkWOlLUnUA
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A324
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEDOr_61-Snn7Ec5AXa2O2Wk&google_cver=1&google_push=AXcoOmRcPK7oxSoIx5LpK2h4ziL8YhpRN9DXZwUbUf5if1jw7fcjEj6fFP9mna8uu3T3Rm6dE1FKIsJnly0x-WaT0N_APdGuwtpEmsk
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=56021ECC502C463182B0679E02021E99&google_push=AXcoOmRcPK7oxSoIx5LpK2h4ziL8YhpRN9DXZwUbUf5if1jw7fcjEj6fFP9mna8uu3T3Rm6dE1FKIsJnly0x-Wa...

170 B
188 B

17ms
17ms

Image
image/png

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=56021ECC502C463182B0679E02021E99&google_push=AXcoOmRcPK7oxSoIx5LpK2h4ziL8YhpRN9DXZwUbUf5if1jw7fcjEj6fFP9mna8uu3T3Rm6dE1FKIsJnly0x-WaT0N_APdGuwtpEmsk

Requested by

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 01:36:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 13 Jan 2024 01:36:29 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=56021ECC502C463182B0679E02021E99&google_push=AXcoOmRcPK7oxSoIx5LpK2h4ziL8YhpRN9DXZwUbUf5if1jw7fcjEj6fFP9mna8uu3T3Rm6dE1FKIsJnly0x-WaT0N_APdGuwtpEmsk
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 12 Jan 2024 01:36:29 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame A324
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEHL0si90BNsdSiOaWd5rysI&google_cver=1&google_push=AXcoOmTk_Nht7MM83lFN6KIfvD8go1ne1lJaoY8ozY8hF6HRVI31kc0YrVYPGrFdrhUnU_6XpofE__wXyq8...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmTk_Nht7MM83lFN6KIfvD8go1ne1lJaoY8ozY8hF6HRVI31kc0YrVYPGrFdrhUnU_6XpofE__wXyq8xQYi9q4r7PPCquS06ug&google_hm=KUQiAtBcSQ25ZTMJu9...

170 B
232 B

21ms
19ms

Image
image/png

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmTk_Nht7MM83lFN6KIfvD8go1ne1lJaoY8ozY8hF6HRVI31kc0YrVYPGrFdrhUnU_6XpofE__wXyq8xQYi9q4r7PPCquS06ug&google_hm=KUQiAtBcSQ25ZTMJu9Q_QyQ

Requested by

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 01:36:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 13 Jan 2024 01:36:28 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmTk_Nht7MM83lFN6KIfvD8go1ne1lJaoY8ozY8hF6HRVI31kc0YrVYPGrFdrhUnU_6XpofE__wXyq8xQYi9q4r7PPCquS06ug&google_hm=KUQiAtBcSQ25ZTMJu9Q_QyQ
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame A324 0
173 B 40ms
15ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEDxgPe-co6xnAFmXGuSazKY&google_cver=1&google_push=AXcoOmQx6UL_AMMAc47BcHEz2naeZeIhoirh0KLPhDEBJ7gsCnuaIJYtwk3JkKOFwSTSPQLcDS1iSvVGJNze3m8urRvK-NntmCd-Lw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=3709933562&adf=1687536192&pi=t.aa~a.3914302165~i.17~rp.4&w=789&fwrn=4&fwrnh=100&lmt=1705109788&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7073931503&ad_type=text_image&format=789x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rh=198&rw=789&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788831&bpp=1&bdt=885&idt=-M&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1120x280&nras=3&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=406&ady=1543&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:36:29 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame A324
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESENUSGa0dUgFFngCDANMqCRs&google_cver=1&google_push=AXcoOmSVAvv7ni6NGYlIIIZRg7EwLsB4lPA8EZV0aYgW8oE9Z2I7cHBM3OrJYn8T9rYXhYdIIJQXaFBGgXv2xz1B...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=bfxBzTAjRIgHNLo-6v2NiQ&google_push=AXcoOmSVAvv7ni6NGYlIIIZRg7EwLsB4lPA8EZV0aYgW8oE9Z2I7cHBM3OrJYn8T9rYXhYdIIJQXaFBGgXv2xz1BVTus8wctx7oylg

170 B
232 B

22ms
21ms

Image
image/png

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=bfxBzTAjRIgHNLo-6v2NiQ&google_push=AXcoOmSVAvv7ni6NGYlIIIZRg7EwLsB4lPA8EZV0aYgW8oE9Z2I7cHBM3OrJYn8T9rYXhYdIIJQXaFBGgXv2xz1BVTus8wctx7oylg

Requested by

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 01:36:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 13 Jan 2024 01:36:29 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=bfxBzTAjRIgHNLo-6v2NiQ&google_push=AXcoOmSVAvv7ni6NGYlIIIZRg7EwLsB4lPA8EZV0aYgW8oE9Z2I7cHBM3OrJYn8T9rYXhYdIIJQXaFBGgXv2xz1BVTus8wctx7oylg
x-host: tde-deliveryengine-production-5db7bf8975-2mj6p
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A324
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEKDCxeEnc-nZRCROPSr26JE&google_cver=1&google_push=AXcoOmQsVft3KboHm-NyVelde_f6MtnCPZIrqJKfm_L8uPzaGozmXXNCeFO1nnSAQ86qUuSCwcR0zYRF...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEKDCxeEnc-nZRCROPSr26JE&google_cver=1&google_push=AXcoOmQsVft3KboHm-NyVelde_f6MtnCPZIrqJKfm_L8uPzaGozmXXNCeFO1nnSAQ86qUuSCwcR...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzQ2NTYyMTE3OTc2OTE5ODcwMw&google_push=AXcoOmQsVft3KboHm-NyVelde_f6MtnCPZIrqJKfm_L8uPzaGozmXXNCeFO1nnSAQ86qUuSCwcR0zY...

170 B
188 B

17ms
16ms

Image
image/png

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzQ2NTYyMTE3OTc2OTE5ODcwMw&google_push=AXcoOmQsVft3KboHm-NyVelde_f6MtnCPZIrqJKfm_L8uPzaGozmXXNCeFO1nnSAQ86qUuSCwcR0zYRFTjb-OTbtvoGvcckr-d8guvo

Requested by

Host: winterolympicspass.com
URL: https://winterolympicspass.com/

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 01:36:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 13 Jan 2024 01:36:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzQ2NTYyMTE3OTc2OTE5ODcwMw&google_push=AXcoOmQsVft3KboHm-NyVelde_f6MtnCPZIrqJKfm_L8uPzaGozmXXNCeFO1nnSAQ86qUuSCwcR0zYRFTjb-OTbtvoGvcckr-d8guvo
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame A324 0
49 B 49ms
15ms Image
text/html 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LIXbWbUvxo_xEF2Pe9_NU0cbyf0Jyp9AbkYO1rGd5xn5wiDyYVo8rRWsAxhTO0Mabn6m3I

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:36:29 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B262
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

21ms
21ms

Document
text/html

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 01:36:29 GMT
expires: Sat, 13 Jan 2024 01:36:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 01:36:29 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame AE8F
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESENR8Q_wq_98Re1Kk4LPZFwc&google_cver=1&google_push=AXcoOmSEUvcUGD09yChd3bHJ00GPt7KwgaCCxCdE9N50fEtP-Uu-hiQnx_vk4LQv9COKwUaBhMgDhjOe738KS7YJBaKtDJCuR7VtLoo
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzI3NDMyODYwNzAwNzMwMDY2NQ==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENR8Q_wq_98Re1Kk4LPZFwc&google_cver=1

43 B
398 B

95ms
39ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENR8Q_wq_98Re1Kk4LPZFwc&google_cver=1
Requested by: Host: winterolympicspass.com
URL: https://winterolympicspass.com/
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sat, 13 Jan 2024 01:36:29 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Sat, 13 Jan 2024 01:36:29 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENR8Q_wq_98Re1Kk4LPZFwc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame AE8F
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEN7CHgjljbFhI0HrpTpe9j8&google_cver=1&google_push=AXcoOmRS10IFgSgz8dmM_LmfjtqJ6hqiP-Lxs6kYJ1-ZFm8Fp9DHfhq9415HZ5xMjL_rzeTfmMkmcJWxQE6...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmRS10IFgSgz8dmM_LmfjtqJ6hqiP-Lxs6kYJ1-ZFm8Fp9DHfhq9415HZ5xMjL_rzeTfmMkmcJWxQE6BmgGDGXN4QInrfGbYOv4A&google_hm=gbfvx4z1RiCYQ8fY...

170 B
232 B

22ms
20ms

Image
image/png

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmRS10IFgSgz8dmM_LmfjtqJ6hqiP-Lxs6kYJ1-ZFm8Fp9DHfhq9415HZ5xMjL_rzeTfmMkmcJWxQE6BmgGDGXN4QInrfGbYOv4A&google_hm=gbfvx4z1RiCYQ8fYiZOinyQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=3709933562&adf=2933007315&pi=t.aa~a.3914302165~i.25~rp.4&w=789&fwrn=4&fwrnh=100&lmt=1705109788&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7073931503&ad_type=text_image&format=789x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rh=198&rw=789&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788831&bpp=1&bdt=885&idt=0&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1120x280%2C789x280&nras=4&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=406&ady=2215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=15

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 01:36:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 13 Jan 2024 01:36:28 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmRS10IFgSgz8dmM_LmfjtqJ6hqiP-Lxs6kYJ1-ZFm8Fp9DHfhq9415HZ5xMjL_rzeTfmMkmcJWxQE6BmgGDGXN4QInrfGbYOv4A&google_hm=gbfvx4z1RiCYQ8fYiZOinyQ
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame AE8F 0
120 B 32ms
16ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEAXitxyKHvqVKOqMMwaKogA&google_cver=1&google_push=AXcoOmSeZ0IZ7jVzs4eBGqrNbSSr-H8G7WPH3DU8Asnq0J2DI_xsnEvJHSp6Q6SPqAHcb6PLFSXFcD5xQEfaeBV17JzPNp8uOoJafco
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=3709933562&adf=2933007315&pi=t.aa~a.3914302165~i.25~rp.4&w=789&fwrn=4&fwrnh=100&lmt=1705109788&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7073931503&ad_type=text_image&format=789x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rh=198&rw=789&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788831&bpp=1&bdt=885&idt=0&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1120x280%2C789x280&nras=4&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=406&ady=2215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=15
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:36:29 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame AE8F
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEAsWKuXVkwX4sbgF9Oxoen0&google_cver=1&google_push=AXcoOmQiHr9qXc3-Fve3wbaFlT727eZ3DL_pdj52fwx_N_mzMl5jVaHuMEYFuIqEEbbEy86ojRpEyz1OWzV52y...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMyMzM5MDc3OTg0OTExMTY5OQ%3D%3D&google_push=AXcoOmQiHr9qXc3-Fve3wbaFlT727eZ3DL_pdj52fwx_N_mzMl5jVaHuMEYFuIqEEbbEy86ojRpEyz1OWzV52yENDh...

170 B
232 B

18ms
17ms

Image
image/png

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMyMzM5MDc3OTg0OTExMTY5OQ%3D%3D&google_push=AXcoOmQiHr9qXc3-Fve3wbaFlT727eZ3DL_pdj52fwx_N_mzMl5jVaHuMEYFuIqEEbbEy86ojRpEyz1OWzV52yENDhlaYGGN16XVdzma

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=3709933562&adf=2933007315&pi=t.aa~a.3914302165~i.25~rp.4&w=789&fwrn=4&fwrnh=100&lmt=1705109788&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7073931503&ad_type=text_image&format=789x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rh=198&rw=789&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788831&bpp=1&bdt=885&idt=0&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1120x280%2C789x280&nras=4&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=406&ady=2215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=15

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 01:36:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMyMzM5MDc3OTg0OTExMTY5OQ%3D%3D&google_push=AXcoOmQiHr9qXc3-Fve3wbaFlT727eZ3DL_pdj52fwx_N_mzMl5jVaHuMEYFuIqEEbbEy86ojRpEyz1OWzV52yENDhlaYGGN16XVdzma
Date: Sat, 13 Jan 2024 01:36:29 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame AE8F
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEHlj7FQLl6xiQKP3TH_u2is&google_cver=1&google_push=AXcoOmTAWLBFTCQrQSZr2CYq2APGRCKpvuogrV6ci0TPzj9ixXRNVZb61-iVWg3dY-GT89ho5jrq1WYggYrOiOUl...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=P8l277-IRW08pB7WhScXEQ&google_push=AXcoOmTAWLBFTCQrQSZr2CYq2APGRCKpvuogrV6ci0TPzj9ixXRNVZb61-iVWg3dY-GT89ho5jrq1WYggYrOiOUlv8wN4TGXz_RUrefD

170 B
232 B

20ms
19ms

Image
image/png

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=P8l277-IRW08pB7WhScXEQ&google_push=AXcoOmTAWLBFTCQrQSZr2CYq2APGRCKpvuogrV6ci0TPzj9ixXRNVZb61-iVWg3dY-GT89ho5jrq1WYggYrOiOUlv8wN4TGXz_RUrefD

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=3709933562&adf=2933007315&pi=t.aa~a.3914302165~i.25~rp.4&w=789&fwrn=4&fwrnh=100&lmt=1705109788&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7073931503&ad_type=text_image&format=789x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rh=198&rw=789&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788831&bpp=1&bdt=885&idt=0&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1120x280%2C789x280&nras=4&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=406&ady=2215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=15

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 01:36:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 13 Jan 2024 01:36:29 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=P8l277-IRW08pB7WhScXEQ&google_push=AXcoOmTAWLBFTCQrQSZr2CYq2APGRCKpvuogrV6ci0TPzj9ixXRNVZb61-iVWg3dY-GT89ho5jrq1WYggYrOiOUlv8wN4TGXz_RUrefD
x-host: tde-deliveryengine-production-5db7bf8975-nkrzz
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AE8F
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEI48Bjoy5Z8dxoME9tjYYqw&google_cver=1&google_push=AXcoOmTM0swuiP_FAz79UdoHJcnAzb1jhHuLDHF-4H-VKVsGQmX6zI2PNw-_9tULxTWJGuORAc88_5KuMaPbdpT_e4tfhGX...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEI48Bjoy5Z8dxoME9tjYYqw&google_cver=1&google_push=AXcoOmTM0swuiP_FAz79UdoHJcnAzb1jhHuLDHF-4H-VKVsGQmX6zI2PNw-_9tULxTWJGuORAc88_5KuMaPbdpT_e4tfh...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmTM0swuiP_FAz79UdoHJcnAzb1jhHuLDHF-4H-VKVsGQmX6zI2PNw-_9tULxTWJGuORAc88_5KuMaPbdpT_e4tfhGXKSeAGUOC9

170 B
188 B

25ms
24ms

Image
image/png

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmTM0swuiP_FAz79UdoHJcnAzb1jhHuLDHF-4H-VKVsGQmX6zI2PNw-_9tULxTWJGuORAc88_5KuMaPbdpT_e4tfhGXKSeAGUOC9

Requested by

Host: winterolympicspass.com
URL: https://winterolympicspass.com/

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 01:36:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmTM0swuiP_FAz79UdoHJcnAzb1jhHuLDHF-4H-VKVsGQmX6zI2PNw-_9tULxTWJGuORAc88_5KuMaPbdpT_e4tfhGXKSeAGUOC9
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame AE8F
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEIxVVb16gm17hV_x7RDf5y8&google_cver=1&google_push=AXcoOmT9rOOeroqe216WuFX4ZqG-V5HFNt2VyPjno1pVfEhgGpuQQqx1Dmhg72BYq7WYQEv5rqXKc-qi7aTE...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmT9rOOeroqe216WuFX4ZqG-V5HFNt2VyPjno1pVfEhgGpuQQqx1Dmhg72BYq7WYQEv5rqXKc-qi7aTE96Q3MsSNZ88teipzZ8U9

170 B
329 B

20ms
18ms

Image
image/png

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmT9rOOeroqe216WuFX4ZqG-V5HFNt2VyPjno1pVfEhgGpuQQqx1Dmhg72BYq7WYQEv5rqXKc-qi7aTE96Q3MsSNZ88teipzZ8U9

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=3709933562&adf=2933007315&pi=t.aa~a.3914302165~i.25~rp.4&w=789&fwrn=4&fwrnh=100&lmt=1705109788&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7073931503&ad_type=text_image&format=789x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rh=198&rw=789&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788831&bpp=1&bdt=885&idt=0&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1120x280%2C789x280&nras=4&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=406&ady=2215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=15

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 01:36:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmT9rOOeroqe216WuFX4ZqG-V5HFNt2VyPjno1pVfEhgGpuQQqx1Dmhg72BYq7WYQEv5rqXKc-qi7aTE96Q3MsSNZ88teipzZ8U9
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame AE8F 0
139 B 39ms
14ms Image
text/html 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KI9ciEEJ0xwTPRRqiMKgwE9wmyUvwUD2LrsVetEVhtdkhPpp2udY6tYitgrzEOB_Xt-7-5

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=3709933562&adf=2933007315&pi=t.aa~a.3914302165~i.25~rp.4&w=789&fwrn=4&fwrnh=100&lmt=1705109788&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7073931503&ad_type=text_image&format=789x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rh=198&rw=789&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788831&bpp=1&bdt=885&idt=0&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1120x280%2C789x280&nras=4&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=406&ady=2215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:36:29 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 63DE
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

19ms
19ms

Document
text/html

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=3709933562&adf=2933007315&pi=t.aa~a.3914302165~i.25~rp.4&w=789&fwrn=4&fwrnh=100&lmt=1705109788&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7073931503&ad_type=text_image&format=789x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rh=198&rw=789&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788831&bpp=1&bdt=885&idt=0&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1120x280%2C789x280&nras=4&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=406&ady=2215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 01:36:29 GMT
expires: Sat, 13 Jan 2024 01:36:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 01:36:29 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 4C61
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CXw2THOmhZZKhNNKHjuwPvP-FwA7Mj86zdMrjnujxEbCQHxABIMfDsyNglfqOgqAHoAH34pu0KMgBAqgDAcgDyQSqBJECT9CVcEE1_6JNkxfKZdfOyaTkAntzDDJ-ejvVsYezxp0p32NrXpT...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%229001214903912457890%22,%22debug_reporting%22:true,%22destination%22:%22https://webcompanion.com%22,%22event_report_window%...

0
0

54ms
53ms

Fetch
text/css

216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%229001214903912457890%22,%22debug_reporting%22:true,%22destination%22:%22https://webcompanion.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210846925175%22],%2222%22:[%22true%22],%224%22:[%2201-13%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2217868831599563161249%22}&andc=true

Requested by

Host: winterolympicspass.com
URL: https://winterolympicspass.com/

Protocol

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:36:29 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"9001214903912457890","debug_reporting":true,"destination":"https://webcompanion.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10846925175"],"22":["true"],"4":["01-13"],"6":["true"]},"priority":"500","source_event_id":"17868831599563161249"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 13 Jan 2024 01:36:29 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 13 Jan 2024 01:36:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"9001214903912457890","debug_reporting":true,"destination":"https://webcompanion.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10846925175"],"22":["true"],"4":["01-13"],"6":["true"]},"priority":"500","source_event_id":"17868831599563161249"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Fq6oDGdSocwEj5ustB2bn5Kla54CG7w9cuWyRfTyGJI.js Show response
pagead2.googlesyndication.com/bg/ Frame 7EC4 50 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Fq6oDGdSocwEj5ustB2bn5Kla54CG7w9cuWyRfTyGJI.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16aea80c6752a1cc048f9bacb41d9b9f92a56b9e021bbc3d72e5b245f4f21892

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 08:44:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 319899
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19690
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jan 2025 08:44:50 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 236A
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CUQxpHOmhZdX8NKC6juwP9PKMkAbMj86zdMrjnujxEbCQHxABIMfDsyNglfqOgqAHoAH34pu0KMgBAqgDAcgDyQSqBI4CT9D8aVKAiIkV6LTUWAxI6O4eexnZCqDMiLoElQ_smPXhlJXqx4f...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211060815134130685706%22,%22debug_reporting%22:true,%22destination%22:%22https://webcompanion.com%22,%22event_report_window...

0
0

44ms
44ms

Fetch
text/css

216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211060815134130685706%22,%22debug_reporting%22:true,%22destination%22:%22https://webcompanion.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210846925175%22],%2222%22:[%22true%22],%224%22:[%2201-13%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%221799862701631854049%22}&andc=true

Requested by

Host: winterolympicspass.com
URL: https://winterolympicspass.com/

Protocol

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:36:29 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"11060815134130685706","debug_reporting":true,"destination":"https://webcompanion.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10846925175"],"22":["true"],"4":["01-13"],"6":["true"]},"priority":"500","source_event_id":"1799862701631854049"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 13 Jan 2024 01:36:29 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 13 Jan 2024 01:36:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"11060815134130685706","debug_reporting":true,"destination":"https://webcompanion.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10846925175"],"22":["true"],"4":["01-13"],"6":["true"]},"priority":"500","source_event_id":"1799862701631854049"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

OPTIONS
H3 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 46ms
46ms Preflight
text/html 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 13 Jan 2024 01:36:29 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Fq6oDGdSocwEj5ustB2bn5Kla54CG7w9cuWyRfTyGJI.js Show response
pagead2.googlesyndication.com/bg/ Frame EE52 50 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Fq6oDGdSocwEj5ustB2bn5Kla54CG7w9cuWyRfTyGJI.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9977301801155839&output=html&h=280&adk=3709933562&adf=2933007315&pi=t.aa~a.3914302165~i.25~rp.4&w=789&fwrn=4&fwrnh=100&lmt=1705109788&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7073931503&ad_type=text_image&format=789x280&url=https%3A%2F%2Fwinterolympicspass.com%2F&fwr=0&pra=3&rh=198&rw=789&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705109788831&bpp=1&bdt=885&idt=0&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1120x280%2C789x280&nras=4&correlator=6241049561395&frm=20&pv=1&ga_vid=583183043.1705109788&ga_sid=1705109788&ga_hid=809551758&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=406&ady=2215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C95320239%2C31079266%2C31080264%2C42532524&oid=2&pvsid=28648714247868&tmod=1785209162&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16aea80c6752a1cc048f9bacb41d9b9f92a56b9e021bbc3d72e5b245f4f21892

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 09 Jan 2024 08:44:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 319899
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19690
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jan 2025 08:44:50 GMT

OPTIONS
H3 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 51ms
51ms Preflight
text/html 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 13 Jan 2024 01:36:29 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 78ms
78ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240109&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

69a6add036590ba344386538716940d973a951253691e62252f5fc0618fec657

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winterolympicspass.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:36:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12098
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 69ms
68ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winterolympicspass.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:36:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 13 Jan 2024 01:36:29 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 0B6A 13 KB
5 KB 10ms
10ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://winterolympicspass.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 24393
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 12 Jan 2024 18:49:56 GMT
expires: Sat, 11 Jan 2025 18:49:56 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5099 829 B
561 B 21ms
21ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b7d2c1ae765dc8df963d1cb87a1f1eb789146a18551ad2d5caf2cd51143735b1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-3IUAk3p3M_bPQ40R941mDw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://winterolympicspass.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-3IUAk3p3M_bPQ40R941mDw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jan 2024 01:36:29 GMT
expires: Sat, 13 Jan 2024 01:36:29 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js Show response
pagead2.googlesyndication.com/bg/ Frame 0B6A 39 KB
15 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 17:40:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28585
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15229
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 11 Jan 2025 17:40:04 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5099 0
0 55ms
55ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240109&jk=28648714247868&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 0B6A 0
10 B 26ms
26ms Image
text/plain 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?fSa6Yw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:36:29 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 62B5 42 B
64 B 49ms
49ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu19Yu2uZCtkyIijLDLiSHyBnVfKxgjRNcbZwkyUMFuvl1EAc0T81POJpRV6cPThky-8HPKDXdj_g29sHWxl8W1SbC-ZM2tPQHes9b9B5nW6Ozwg8Urf_gkgylAzIfpfMzuYt9lFwGTumKJtKsaQPFUHUUA&sai=AMfl-YT6-_rSTgxxlHBYPkmftxXkaDWUtV4NJc5wuDv3zVLNLzkB62TPLLeuYEazJYc_InbvrUlqP_tSR0fFkcD9pdUdJjzvvMjncIHaIVGbip2LsuDFD5tuOoJKtgT5inyXgqPERQxO0W8dE_yHTogt7w&sig=Cg0ArKJSzL7Dkf8CH1hIEAE&cid=CAQSTwAvHhf_6esaaIQt758oce-N_50CSJjcaygwbJyaxGq1mboylm8MZdL3DYRp9FCix1JGR6mHd-ruUKatsqSUVTmTTde-8elSXWpiQsd0ATAYAQ&id=lidar2&mcvt=1009&p=0,0,280,1120&mtos=1009,1009,1009,1009,1009&tos=1009,0,0,0,0&v=20240110&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1483442758&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1705109788356&rpt=691&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 01:36:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3FFC 42 B
64 B 45ms
45ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv8bSkKZwWbBU07ik0PQKd0YJIzYytQfgm5-8_kYNUsRoXcTuU0aF15XAJkh6SWG49ZZH6zrWE9qf8aQxg42-x9zYQALKacJ5LvT1d83xqyrqGadgqRE9BwkHb-hkFhhqx8Xuv7N1r0atR5X8qfi4S1DYLv&sai=AMfl-YSRND0FIt6t3PcZmOtlw-ZM9hI-UhgIdpS0b7m5RQMwMKTgrhRBO1DyKFYbjLVskhZrRUfY7UN7UTzDyCikZmN3JZKzQseu86Bj7F5Ai1h2gygwcWIiw5PQE6iCRc9tb5V78ebuaFINGaRBLjbN&sig=Cg0ArKJSzFL4SSHNSdhbEAE&cid=CAQSTgAvHhf_gtM0bLNMYYtWSmNL9vqLLwu-3v3Z6XrAWkIZBeDLGnDJxYhk59WyBnfxRjyq4FFEGDom0TmX_tQlYSVpA1euppzfgBcse3au_BgB&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240110&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=3105533544&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1705109788895&rpt=166&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 01:36:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 43ms
43ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240109&jk=28648714247868&bg=!19Sl1JvNAAaumcC-jpk7ADQBe5WfOHuDwL7zBNzeOBsrG8dpteKa7tdjLsv8z86bgwttsWP7vuV4pvfToKzEaGUqtmwpAgAAACxSAAAAAWgBB5kCvAFuwU4Z5mG650v2cLkE19SEkWqa4QD_mS5V_CY9DYZzTmfXer9MTyOIpZhbJX7GLh6J6Ejdz5CFyCRmkTcuYLnf9sSQCOfx9LFRp1Z4piec2mDWZo2Yr45ARJ9GNsNtkdCRDqB32i_mkXFzJAxl1nFr5_NkN_1s4v-XweYOMaAYSTegNaZuw5x0t1aQz-9a65Qsa8HAllTP5gQFOF058Tdfv-8J9fsMEjaVBEVW8pSZys90iQn0rZ7tRl7i-FRUo9TdLKDGzijknAPvh4zf6TyIgA3SAInPOIjIu21W5oOzDpOYAREvlcbD5ljcoFKOclJWwjIQuXcq4kNsdq-5tZDdHxgfF83_RxB-2Uv5hjfHds0uoBaaxcSklzoUR8IkEQ47sobjm_KK0KCR2-1WSmYEXAIiWMakfYPjLVcMIE9mGFQ3iXBEl76SEZut7y0lHdgO1CacUYF-jTRyDbnrXYQEuHTzz9PE7P-bkuvaRZcTYf7BQ0Jejeai1-vJhanIm9a48n9lUwcQQ6iGM2ReGoOcC_C3SNvOxFpvqjXxeU3j2VPDBCfq15Zda2eMW0FhbCO0XrKW_VSDS1_8ei0WxQs5dup0MOtXaenrNE3FDltE830jbgqcJLznHYUVKOlB4-6Wxt8jEdtrDODbt6eG5AJrO0cO1JQO1hIfW1EuKw2b0vLnF4y1ZRY_XWiH9EKWFN6oMyCEkc1naJI6tV9lPUfJGqFVqidRkxOajpptpEuL3ZTyeH-6aa6mvQJR8Wgi4Zli1b55xYZMXiqHfHdo42maZ6TuH3dCa9K7oM9_3Cq2VFzMgBI8QPNbRmV9UK43JOJEgbpX2oVbhLj8d31mF-8MUqSNuuXcs-X0Gn43R7tpwPVIsbaiGiWpCEyqXzg096Y_xl9u5dqUYwdb5hx-jal14iXF9wIb3_8ajBQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winterolympicspass.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 10E0 42 B
64 B 60ms
60ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssrKQmXeLGTrrCriC7Zz9SIH6Gxk9TZ0leLfSvSYAtCfkXvjImSdh7EXay19Bt_AOPkjlz3Xc4HiFBcpa4T5admYxnnyFAQbAIiTSod1gMH35851Ugd_C1YNkilbe3yOr7-Y1h8YBPiZjPB14iol0rm26jy&sai=AMfl-YQG2HqJ7IfFgLk45GFgPMwS6uUpTMpgCaLsxzYA9HnKL6cIxKQTNvIgaRPb1DOzzgN4oHO9J4Crlt_aDh29qbgrLY1jI9FkOyp4bkoHgjpU-21sfYZEtiFg-yt6cXFjo_qBNmpGR_X_kORsQ2PI&sig=Cg0ArKJSzNfF5QSoREOxEAE&cid=CAQSTgAvHhf_gtM0bLNMYYtWSmNL9vqLLwu-3v3Z6XrAWkIZBeDLGnDJxYhk59WyBnfxRjyq4FFEGDom0TmX_tQlYSVpA1euppzfgBcse3au_BgB&id=lidar2&mcvt=1000&p=0,0,124,1005&mtos=85,768,1000,1121,1121&tos=85,683,232,121,0&v=20240110&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=3105533541&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1705109788896&rpt=271&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jan 2024 01:36:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

49 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

18 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.winterolympicspass.com/	1970-01-21 03:00:05	Name: __gads Value: ID=a91e7cb7402086ee:T=1705109788:RT=1705109788:S=ALNI_MbOwngN2mvzIJGTDjXjftnlfHVtTw
.winterolympicspass.com/	1970-01-21 03:00:05	Name: __gpi Value: UID=00000d408170896b:T=1705109788:RT=1705109788:S=ALNI_Map2-vNpM8e896UFGEFA75iKiQD9A
.doubleclick.net/	1970-01-20 17:38:33	Name: DSID Value: NO_DATA
.googleadservices.com/	1970-01-20 19:48:05	Name: ar_debug Value: 1
.doubleclick.net/	1970-01-21 03:00:05	Name: IDE Value: AHWqTUlcmqZWWudCqZhsRVIq0WQjGqwfkAf1ccLqRd92DS6dkfn_vR_O7W6obC5s8mk
.blismedia.com/	1970-01-21 02:24:09	Name: b Value: 65A1E91DEAAA34FEDE4E38AABLIS
.ctnsnet.com/	1970-01-21 02:24:05	Name: gid_CAESEHL0si90BNsdSiOaWd5rysI Value: 1
.ctnsnet.com/	1970-01-21 02:24:05	Name: cid_29442202d05c490db9653309bbd43f43 Value: 1
.ctnsnet.com/	1970-01-21 02:24:05	Name: cid_81b7efc78cf546209843c7d88993a29f Value: 1
.ctnsnet.com/	1970-01-21 02:24:05	Name: gid_CAESEN7CHgjljbFhI0HrpTpe9j8 Value: 1
.travelaudience.com/	1970-01-21 03:10:10	Name: _tracker Value: %7B%22UUID%22%3A%223FC976EF-BF88-456D-3CA4-1ED685271711%22%7D
.adfarm1.adition.com/	1970-01-20 19:48:05	Name: UserID1 Value: 7323390779849111699
.simpli.fi/	1970-01-21 02:25:32	Name: suid Value: 56021ECC502C463182B0679E02021E99
.adform.net/	1970-01-20 18:23:08	Name: C Value: 1
.de17a.com/	1970-01-21 02:16:53	Name: guid Value: 1.2681851836571814685
.adform.net/	1970-01-20 19:04:53	Name: uid Value: 7465621179769198703
.turn.com/	1970-01-20 21:57:41	Name: uid Value: 3346386201045228601
.everesttech.net/	1970-01-21 02:24:05	Name: everest_g_v2 Value: g_surferid~ZaHpHQAOFOQeAQBU

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.turn.com
ads.travelaudience.com
c1.adform.net
cm.g.doubleclick.net
d5p.de17a.com
dsp.adfarm1.adition.com
fonts.googleapis.com
fonts.gstatic.com
gcm.ctnsnet.com
googleads.g.doubleclick.net
olympics2021info.com
onetag-sys.com
pagead2.googlesyndication.com
r.turn.com
sync-tm.everesttech.net
tpc.googlesyndication.com
tr.blismedia.com
um.simpli.fi
winterolympicspass.com
www.google.com
www.googleadservices.com
www.googletagservices.com
www.gstatic.com
151.101.2.49
2001:678:cb4:bbbb::11
213.155.156.180
216.58.206.34
216.58.212.162
2606:4700:3036::6815:6f2
2a00:1450:4001:802::2001
2a00:1450:4001:80b::2002
2a00:1450:4001:810::2002
2a00:1450:4001:828::2003
2a00:1450:4001:829::2004
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2003
2a00:1450:4001:82b::200a
2a06:98c1:3121::3
34.91.62.186
34.96.105.8
35.186.193.173
35.190.0.66
37.157.5.133
51.89.9.253
85.114.159.118
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bbaa4710a3fa653a00e93e594f3b64a771b7b38e32f788b9e4947ea11719b8c
0e0a9a33e5282aebe315f8b63532770c800b76701da4eb9d75ae05f0196cec91
16aea80c6752a1cc048f9bacb41d9b9f92a56b9e021bbc3d72e5b245f4f21892
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
186492ed004687105971250e0db657b77ad427bedf56585a303a8c340b9e6880
1c8f98193fb384aec85457cb08f81ab709e12d86cdb01de3cf9f5bb6c35f57bb
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2fc61b9e742ede97afd0f2053fd1d30abd73f88e6c58547c9ec7972dd3be9357
30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4bdb27163b435db421723a859e86d17c8f8d130007e55a5ef200c4381d5b4c85
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
559ed27b48f52ad1c65466a95a120b8264f7dea4a23d31f2ebb3b5beca3321f6
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56f658f85ba44de4647dc0dbff4b5cb2810f70326772ec440f2ea281db709290
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5ff899f65b3b15535cb0c7286e3a9e737b5dd11aad061eda26259d97c512c36d
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340
69a6add036590ba344386538716940d973a951253691e62252f5fc0618fec657
6c4f2a5f524eb5803e08abd277291f3c226056f7dacb4c6d880cf3a58be9a949
7a519c62e734157227e61ce5209158e1b7b484b5f2b68e3ccaed1ffe444de36d
7e84408aa66b9c10dd6e2d630f717b4b4f03345cd77fc5360f4ccba99ce1fa74
89d58fa2b6d69b45dfc18af3e65090a7cf769280ca6f91f3b2872a599aedf0fc
8a501116c79996dd7937d07a9af6ed63da208ff30782e36e61181afc650e5ed2
90dcb0c2140d31a23745531673fde32f0dd6161d880a8fc8308d406dddaf683c
972f7a26f860f2f122dcf2a4c5cae616df3a4a83e0c8318a1afb824c766fb651
97c530c44249746307c2b01b37eed0f53757d139bc4243798f468c71da9844da
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9dedf1b11c544d5935bbd2fe7d822b98841911c7b29d3646404a052b6cb5ead4
a4eac3be34683f96cb71e02f5fb3f12ddfdd7092669d6e739ba05492b863ba97
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b79e2f319a4307b8efa970936f6bf86a8236c2de2cb980c5950ed65b48a28c18
b7d2c1ae765dc8df963d1cb87a1f1eb789146a18551ad2d5caf2cd51143735b1
caf2a2b47b4f155eb20e13ed0ce981569b2a6a9077f7e18349defc7234b0740d
d2482cdbb83b042c93001b43ba343688a4472bffba3a5e0fad7cdb313a4744bc
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
d5fe0828203efe471012bed50f3a13b4f866d7832a45b9d7a2d7e20443a936f7
d76275874fe843aa06f6072cc8cd5cc652cdf8ecc55831b12063ab0aca1d853a
e0d49a6b42f109e6d9d6f984cf821850a1b08a833a4b11a489bbc352bfa777b4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e537bb0b81601eabcdc6dd4e2eb938917a7c6887765651882ec0ed5081c26c67
e548f050d2884e29d1884c714f7893b27d96eb814be0245364cf9aa5b22a17aa
e6b20a1535a6d3ca3d7a611ae199a6f4b464e0b67b450379ed43a7ef3e66957c
e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197
ed46d4c57908941eb505248c69d65a4b595eb11ddb169d5a46626b3573c783c8
ed88d5a1c97dc43c114c0b289b3b5abf077be44e8e8765a9ad777f94af433411
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390
f950e8a2d5253a968e996263f8565a82282ac5c5a9c6cc47549ec30810ad5728

winterolympicspass.com Open in urlscan Pro 2a06:98c1:3121::3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

125 Requests

86 %HTTPS

50 %IPv6

19 Domains

23 Subdomains

14 IPs

6 Countries

1759 kBTransfer

4509 kBSize

18 Cookies

7 Outgoing links

Page URL History

Redirected requests

125 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

winterolympicspass.com Open in urlscan Pro
2a06:98c1:3121::3 Public Scan

Screenshot
Live screenshot

Full Image

125
Requests

86 %
HTTPS

50 %
IPv6

19
Domains

23
Subdomains

14
IPs

6
Countries

1759 kB
Transfer

4509 kB
Size

18
Cookies

125 HTTP transactions
5 data transactions