payment.meshotet.co.il Open in urlscan Pro
212.150.101.186 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://payment.meshotet.co.il/pay/%D7%AA%D7%A9%D7%9C%D7%95%D7%9D-%D7%91%D7%90%D7%A8-%D7%A9%D7%91%D7%A2-%D7%9E%D7%99-%D7%A9%D7%...
Submission: On November 07 via manual (November 7th 2022, 6:46:13 am UTC) from IL — Scanned from DE

Summary HTTP 95 Redirects Behaviour Indicators

Summary

This website contacted 16 IPs in 3 countries across 13 domains to perform 95 HTTP transactions. The main IP is 212.150.101.186, located in Jerusalem, Israel and belongs to NV-ASN CELLCOM ltd., IL. The main domain is payment.meshotet.co.il.

This is the only time payment.meshotet.co.il was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
10	212.150.101.186 212.150.101.186	1680 (NV-ASN CE...) (NV-ASN CELLCOM ltd.)
15	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
14	35.190.92.176 35.190.92.176	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
24	2a00:1450:400... 2a00:1450:4001:806::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::2006	15169 (GOOGLE) (GOOGLE)
3 4	2a00:1450:400... 2a00:1450:4001:811::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
95	16

10 212.150.101.186 (Jerusalem, Israel)

ASN1680 (NV-ASN CELLCOM ltd., IL)
PTR: resight.raid.co.il

payment.meshotet.co.il	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 35.190.92.176 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 176.92.190.35.bc.googleusercontent.com

www.pay24.co.il	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a00:1450:4001:806::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:811::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
37	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 131 tpc.googlesyndication.com — Cisco Umbrella Rank: 167	625 KB
14	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 66	118 KB
14	pay24.co.il www.pay24.co.il	238 KB
10	meshotet.co.il payment.meshotet.co.il	63 KB
6	google.com 3 redirects adservice.google.com — Cisco Umbrella Rank: 134 www.google.com — Cisco Umbrella Rank: 17	2 KB
4	gstatic.com www.gstatic.com fonts.gstatic.com	70 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 223	142 KB
2	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 352	98 KB
2	google.de adservice.google.de — Cisco Umbrella Rank: 5594	914 B
2	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 600	142 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 118	1 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1047	702 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 107	17 KB
95	13

	Domain	Requested by
24	tpc.googlesyndication.com	googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
14	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
14	www.pay24.co.il	payment.meshotet.co.il www.pay24.co.il
13	pagead2.googlesyndication.com	payment.meshotet.co.il pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
10	payment.meshotet.co.il	payment.meshotet.co.il
4	www.google.com	3 redirects tpc.googlesyndication.com
3	fonts.gstatic.com	fonts.googleapis.com
3	www.googletagservices.com	googleads.g.doubleclick.net
2	s0.2mdn.net	tpc.googlesyndication.com
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	static.xx.fbcdn.net	www.facebook.com
1	www.gstatic.com	googleads.g.doubleclick.net
1	fonts.googleapis.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.facebook.com	payment.meshotet.co.il
95	16

This site contains no links.

Subject Issuer	Validity	Valid
meshotet.co.il R3	`2022-10-26` - `2023-01-24`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-08-16` - `2022-11-14`	3 months	crt.sh
pay24.co.il R3	`2022-10-15` - `2023-01-13`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh

This page contains 16 frames:

Primary Page: http://payment.meshotet.co.il/pay/%D7%AA%D7%A9%D7%9C%D7%95%D7%9D-%D7%91%D7%90%D7%A8-%D7%A9%D7%91%D7%A2-%D7%9E%D7%99-%D7%A9%D7%91%D7%A2/
Frame ID: 2C9D8510FACA2D21B696BDEF56C0DC6A
Requests: 21 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?href=https%3A%2F%2Fpayment.meshotet.co.il%2Fpay%2F%25D7%25AA%25D7%25A9%25D7%259C%25D7%2595%25D7%259D-%25D7%2591%25D7%2590%25D7%25A8-%25D7%25A9%25D7%2591%25D7%25A2-%25D7%259E%25D7%2599-%25D7%25A9%25D7%2591%25D7%25A2%2F&width=200&layout=button&action=like&show_faces=true&share=true&height=80&appId=405620709480777
Frame ID: 97A232CEDFBE6DFA163E52824296AEF4
Requests: 3 HTTP requests in this frame

Frame: https://www.pay24.co.il/
Frame ID: 06659D774C681C5A203EDDA22FE2C2FD
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=90&slotname=9307384039&adk=3654359874&adf=4054489202&pi=t.ma~as.9307384039&w=728&lmt=1667803569&url=http%3A%2F%2Fpayment.meshotet.co.il%2Fpay%2F%25D7%25AA%25D7%25A9%25D7%259C%25D7%2595%25D7%259D-%25D7%2591%25D7%2590%25D7%25A8-%25D7%25A9%25D7%2591%25D7%25A2-%25D7%259E%25D7%2599-%25D7%25A9%25D7%2591%25D7%25A2%2F&wgl=1&dt=1667803568414&bpp=18&bdt=527&idt=811&shv=r20221101&mjsv=m202211020101&ptt=5&saldr=sa&abxe=1&correlator=4107770434303&frm=20&pv=2&ga_vid=230717123.1667803569&ga_sid=1667803569&ga_hid=1357744604&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=552&ady=84&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070697%2C44775017%2C44775305&oid=2&pvsid=2970489583751476&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=FStkbhUjOu&p=http%3A//payment.meshotet.co.il&dtd=833
Frame ID: 0C9B3B3EEB6E55753BCE972EB3FA4BE7
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=600&slotname=5779015096&adk=2105329952&adf=2664654941&pi=t.ma~as.5779015096&w=160&lmt=1667803569&url=http%3A%2F%2Fpayment.meshotet.co.il%2Fpay%2F%25D7%25AA%25D7%25A9%25D7%259C%25D7%2595%25D7%259D-%25D7%2591%25D7%2590%25D7%25A8-%25D7%25A9%25D7%2591%25D7%25A2-%25D7%259E%25D7%2599-%25D7%25A9%25D7%2591%25D7%25A2%2F&wgl=1&dt=1667803568434&bpp=8&bdt=546&idt=819&shv=r20221101&mjsv=m202211020101&ptt=5&saldr=sa&abxe=1&prev_slotnames=9307384039&correlator=4107770434303&frm=20&pv=1&ga_vid=230717123.1667803569&ga_sid=1667803569&ga_hid=1357744604&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=177&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070697%2C44775017%2C44775305&oid=2&pvsid=2970489583751476&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=dLitJ0fzvF&p=http%3A//payment.meshotet.co.il&dtd=822
Frame ID: 4ACC8D6484D637A91105CA076EEB5D5F
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=90&slotname=7481696310&adk=1358332770&adf=2681553333&pi=t.ma~as.7481696310&w=728&lmt=1667803569&url=http%3A%2F%2Fpayment.meshotet.co.il%2Fpay%2F%25D7%25AA%25D7%25A9%25D7%259C%25D7%2595%25D7%259D-%25D7%2591%25D7%2590%25D7%25A8-%25D7%25A9%25D7%2591%25D7%25A2-%25D7%259E%25D7%2599-%25D7%25A9%25D7%2591%25D7%25A2%2F&wgl=1&dt=1667803568445&bpp=3&bdt=558&idt=813&shv=r20221101&mjsv=m202211020101&ptt=5&saldr=sa&abxe=1&prev_slotnames=9307384039%2C5779015096&correlator=4107770434303&frm=20&pv=1&ga_vid=230717123.1667803569&ga_sid=1667803569&ga_hid=1357744604&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=552&ady=882&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070697%2C44775017%2C44775305&oid=2&pvsid=2970489583751476&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=3&uci=a!3&fsb=1&xpc=3iL3V5Uzbn&p=http%3A//payment.meshotet.co.il&dtd=817
Frame ID: 71AAA425C80CEA10A00C27F09C2ACEA9
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8782036134154406910/cmhagrala_031022_160x600.html
Frame ID: A3FF0313EE80949A1DDA88BE28BEB3FA
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10531375264282357905/index.html
Frame ID: A62AAAC957A67F6D859823B0D4308ED5
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: E22A5631655C0C4B2DC4626EF21A0692
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 64D6FA6E6CA3111621BE4EF8E5273B35
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: B35C3F112E69CAFEE6E1D755C3F36E68
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js
Frame ID: 45CEC5265F5CAF2CB03BAA78928356E9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221101/r20190131/zrt_lookup.html
Frame ID: 4238C94CF52CF479ABE525C198432585
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&adk=1812271804&adf=3025194257&lmt=1667803571&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=http%3A%2F%2Fpayment.meshotet.co.il%2Fpay%2F%25D7%25AA%25D7%25A9%25D7%259C%25D7%2595%25D7%259D-%25D7%2591%25D7%2590%25D7%25A8-%25D7%25A9%25D7%2591%25D7%25A2-%25D7%259E%25D7%2599-%25D7%25A9%25D7%2591%25D7%25A2%2F&ea=0&pra=7&wgl=1&dt=1667803571926&bpp=3&bdt=4038&idt=3&shv=r20221101&mjsv=m202211020101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D53fc0b326f034020-221c6e6a6bce0052%3AT%3D1667803569%3ART%3D1667803569%3AS%3DALNI_Max19yGsvX-LjpBjPytuJFd_V1DOg&gpic=UID%3D00000b7db22c30e8%3AT%3D1667803569%3ART%3D1667803569%3AS%3DALNI_MYt4FPFrGlV9xoTz9DEslODZwL8DQ&prev_slotnames=9307384039%2C5779015096%2C7481696310&nras=1&correlator=4107770434303&frm=20&pv=1&ga_vid=230717123.1667803569&ga_sid=1667803569&ga_hid=1357744604&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070697%2C44775017%2C44775305&oid=2&psts=APxP-9C63syF4ZNQxCRbjYzBBCRB4HwePcPsIRd2mmgFDwXL-jj5kmKz-fK67YqInPfoKOZMSIIHEtVmpNY3vBNg6A%2CAPxP-9DjTeY-WG4a_ZOVJeGzcF4URHIxCEGJrmzpgCgIsdFaC9ZlNOo9RfWQSw6eLTJTKJv7_sp3mVGwblR4qp-roQ%2CAPxP-9AeZHxLpvJw4bKLvvMpzIGuYdp2DtWbpFCc2IQds8sI7iC487Bq4PxI1Dz9sAGUuanuPf6iggGHD7p5mg&pvsid=2970489583751476&tmod=213374423&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=4&uci=a!4&fsb=1&dtd=24
Frame ID: C73CA6EB94CF6C5F1F832B110D6D9279
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: BACF4912B6C210BEF15A148FD9CB74DB
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B0CACA25D0EE0641D0656F2787B5D72B
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

מי שבע | תשלום חשבון מים באר שבע

Detected technologies

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Page Statistics

95
Requests

98 %
HTTPS

87 %
IPv6

13
Domains

16
Subdomains

16
IPs

3
Countries

1518 kB
Transfer

4069 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 51

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 57

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 59

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

95 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
payment.meshotet.co.il/pay/%D7%AA%D7%A9%D7%9C%D7%95%D7%9D-%D7%91%D7%90%D7%A8-%D7%A9%D7%91%D7%A2-%D7%9E%D7%99-%D7%A9%D7%91%D7%A2/ 5 KB
2 KB 472ms
118ms Document
text/html 212.150.101.186
NV-ASN CELLCOM ltd.

General

Check archive.org

Show headers Download Go to

Full URL: http://payment.meshotet.co.il/pay/%D7%AA%D7%A9%D7%9C%D7%95%D7%9D-%D7%91%D7%90%D7%A8-%D7%A9%D7%91%D7%A2-%D7%9E%D7%99-%D7%A9%D7%91%D7%A2/
Protocol: HTTP/1.1
Server: 212.150.101.186 Jerusalem, Israel, ASN1680 (NV-ASN CELLCOM ltd., IL),
Reverse DNS: resight.raid.co.il
Software: nginx /
Resource Hash: 959c37003a822f30a9e24bcb0ecf32d495e586d9d4e7ad06da1250f1e1922aca

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate public
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1746
Content-Type: text/html; charset=UTF-8
Date: Mon, 07 Nov 2022 06:46:07 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: nginx
Vary: Accept-Encoding,User-Agent

GET
H2 200 site.php
payment.meshotet.co.il/css/ 4 KB
1 KB 397ms
199ms Stylesheet
text/css 212.150.101.186
NV-ASN CELLCOM ltd.

General

Check archive.org

Show headers Download Go to

Full URL: https://payment.meshotet.co.il/css/site.php
Requested by: Host: payment.meshotet.co.il
URL: http://payment.meshotet.co.il/pay/%D7%AA%D7%A9%D7%9C%D7%95%D7%9D-%D7%91%D7%90%D7%A8-%D7%A9%D7%91%D7%A2-%D7%9E%D7%99-%D7%A9%D7%91%D7%A2/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.150.101.186 Jerusalem, Israel, ASN1680 (NV-ASN CELLCOM ltd., IL),
Reverse DNS: resight.raid.co.il
Software: nginx /
Resource Hash: 55d8fc52238a44b40deef0d9b1db3e4c0fecd8d69bc1eea1852af7fb9e432f0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Nov 2022 06:46:08 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding,User-Agent
content-type: text/css;charset=UTF-8
cache-control: no-store, no-cache, must-revalidate, public
content-length: 1266
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 slider.css
payment.meshotet.co.il/css/ 0
219 B 398ms
200ms Stylesheet
text/html 212.150.101.186
NV-ASN CELLCOM ltd.

General

Check archive.org

Show headers Download Go to

Full URL: https://payment.meshotet.co.il/css/slider.css
Requested by: Host: payment.meshotet.co.il
URL: http://payment.meshotet.co.il/pay/%D7%AA%D7%A9%D7%9C%D7%95%D7%9D-%D7%91%D7%90%D7%A8-%D7%A9%D7%91%D7%A2-%D7%9E%D7%99-%D7%A9%D7%91%D7%A2/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.150.101.186 Jerusalem, Israel, ASN1680 (NV-ASN CELLCOM ltd., IL),
Reverse DNS: resight.raid.co.il
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Nov 2022 06:46:08 GMT
server: nginx
vary: User-Agent
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate, public
content-length: 0
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 logo.png
payment.meshotet.co.il/images/ 3 KB
4 KB 299ms
117ms Image
image/png 212.150.101.186
NV-ASN CELLCOM ltd.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://payment.meshotet.co.il/images/logo.png
Requested by: Host: payment.meshotet.co.il
URL: http://payment.meshotet.co.il/pay/%D7%AA%D7%A9%D7%9C%D7%95%D7%9D-%D7%91%D7%90%D7%A8-%D7%A9%D7%91%D7%A2-%D7%9E%D7%99-%D7%A9%D7%91%D7%A2/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.150.101.186 Jerusalem, Israel, ASN1680 (NV-ASN CELLCOM ltd., IL),
Reverse DNS: resight.raid.co.il
Software: nginx /
Resource Hash: 40c361328f9928215ac5a6e82d40380caa33766097e5fa778735b3dde6de844d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 06:46:08 GMT
last-modified: Thu, 25 Oct 2012 12:40:20 GMT
server: nginx
etag: "50893334-d92"
content-type: image/png
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 3474
expires: Wed, 07 Dec 2022 06:46:08 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ 123 KB
40 KB 104ms
38ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: payment.meshotet.co.il
URL: http://payment.meshotet.co.il/pay/%D7%AA%D7%A9%D7%9C%D7%95%D7%9D-%D7%91%D7%90%D7%A8-%D7%A9%D7%91%D7%A2-%D7%9E%D7%99-%D7%A9%D7%91%D7%A2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a20328e2afd3a7e6ae13cab2d86b2df6c2d3b5779cb185e7bef6aa0080fe26b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 06:46:07 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40101
x-xss-protection: 0
server: cafe
etag: 11553328644808671817
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 07 Nov 2022 06:46:07 GMT

GET
H2 200 payment_website_ext.png
payment.meshotet.co.il/images/ 23 KB
23 KB 374ms
192ms Image
image/png 212.150.101.186
NV-ASN CELLCOM ltd.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://payment.meshotet.co.il/images/payment_website_ext.png
Requested by: Host: payment.meshotet.co.il
URL: http://payment.meshotet.co.il/pay/%D7%AA%D7%A9%D7%9C%D7%95%D7%9D-%D7%91%D7%90%D7%A8-%D7%A9%D7%91%D7%A2-%D7%9E%D7%99-%D7%A9%D7%91%D7%A2/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.150.101.186 Jerusalem, Israel, ASN1680 (NV-ASN CELLCOM ltd., IL),
Reverse DNS: resight.raid.co.il
Software: nginx /
Resource Hash: 33953d06239abdbd561a85c109e97629b1b01bbcfc01b910b0fc423c76f27f25

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 06:46:08 GMT
last-modified: Sun, 28 Oct 2012 17:26:42 GMT
server: nginx
etag: "508d6ad2-5c05"
content-type: image/png
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 23557
expires: Wed, 07 Dec 2022 06:46:08 GMT

GET
H2 200 like.php Show response
www.facebook.com/plugins/ Frame 97A2 48 KB
17 KB 137ms
85ms Document
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like.php?href=https%3A%2F%2Fpayment.meshotet.co.il%2Fpay%2F%25D7%25AA%25D7%25A9%25D7%259C%25D7%2595%25D7%259D-%25D7%2591%25D7%2590%25D7%25A8-%25D7%25A9%25D7%2591%25D7%25A2-%25D7%259E%25D7%2599-%25D7%25A9%25D7%2591%25D7%25A2%2F&width=200&layout=button&action=like&show_faces=true&share=true&height=80&appId=405620709480777

Requested by

Host: payment.meshotet.co.il
URL: http://payment.meshotet.co.il/pay/%D7%AA%D7%A9%D7%9C%D7%95%D7%9D-%D7%91%D7%90%D7%A8-%D7%A9%D7%91%D7%A2-%D7%9E%D7%99-%D7%A9%D7%91%D7%A2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c1689e8de21564bc98eabc75f775ec2148e5c6a2bb407847eb7828214925b5b1

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://payment.meshotet.co.il/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
date: Mon, 07 Nov 2022 06:46:08 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: j6l4Wfgm4psCKos1JTVGOUAwbiMwTeDnjuEWpiD3NX4mvd3wm6L756vXeYROMcRNom3cixACCHEBWNIqrbAMlA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H2 200 FEppCFCt76d.png
static.xx.fbcdn.net/rsrc.php/v3/yD/r/ Frame 97A2 299 B
720 B 75ms
23ms Image
image/png 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/FEppCFCt76d.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/like.php?href=https%3A%2F%2Fpayment.meshotet.co.il%2Fpay%2F%25D7%25AA%25D7%25A9%25D7%259C%25D7%2595%25D7%259D-%25D7%2591%25D7%2590%25D7%25A8-%25D7%25A9%25D7%2591%25D7%25A2-%25D7%259E%25D7%2599-%25D7%25A9%25D7%2591%25D7%25A2%2F&width=200&layout=button&action=like&show_faces=true&share=true&height=80&appId=405620709480777

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 06:46:08 GMT
x-content-type-options: nosniff
content-md5: OIlAxCmR79nrM/Ez4ygGlg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 299
x-fb-rlafr: 0
x-fb-debug: zoFpZLFcXgOe9L7ygkLCxglX/CaBGyuGtqs0SVneiXb1j0NoLxfAO4A9yluMw5JVGYo8pclh/AYrtDAi5aIlUQ==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 02 Nov 2023 06:49:53 GMT

GET
H2 200 mVGBeLyUS75.js Show response
static.xx.fbcdn.net/rsrc.php/v3iAxA4/yl/l/de_DE/ Frame 97A2 541 KB
141 KB 73ms
23ms XHR
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iAxA4/yl/l/de_DE/mVGBeLyUS75.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3d7177238e9d37d1f419ff12907367eb8e0dea72c60391f0c628646c0bfed10

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 06:46:08 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: EHNaM407e3D1rtpnW/zWBQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 143916
x-fb-rlafr: 0
x-fb-debug: 5ONHZLHPI6ghR2hckix51ENfzXgUGY1OJW8tHTFPPbtx6ElDBE5k62H6df5fb9irqfEciJQTCRa8RxhjGN16cw==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Sun, 05 Nov 2023 03:34:07 GMT

GET
H2 200 browsers.css
payment.meshotet.co.il/css/ 351 B
491 B 97ms
96ms Stylesheet
text/css 212.150.101.186
NV-ASN CELLCOM ltd.

General

Check archive.org

Show headers Download Go to

Full URL: https://payment.meshotet.co.il/css/browsers.css
Requested by: Host: payment.meshotet.co.il
URL: https://payment.meshotet.co.il/css/site.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.150.101.186 Jerusalem, Israel, ASN1680 (NV-ASN CELLCOM ltd., IL),
Reverse DNS: resight.raid.co.il
Software: nginx /
Resource Hash: cfbb08f37e3ee4b7f0fed7f11bc875f01212f87932f2513ac3f112f20fca44b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://payment.meshotet.co.il/css/site.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 06:46:08 GMT
content-encoding: gzip
last-modified: Tue, 15 Nov 2011 13:44:18 GMT
server: nginx
x-accel-version: 0.01
etag: "15f-4b1c62f0f1080-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 226
expires: Tue, 07 Nov 2023 06:46:08 GMT

GET
H2 200 menu.php
payment.meshotet.co.il/css/ 2 KB
990 B 110ms
109ms Stylesheet
text/css 212.150.101.186
NV-ASN CELLCOM ltd.

General

Check archive.org

Show headers Download Go to

Full URL: https://payment.meshotet.co.il/css/menu.php
Requested by: Host: payment.meshotet.co.il
URL: https://payment.meshotet.co.il/css/site.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.150.101.186 Jerusalem, Israel, ASN1680 (NV-ASN CELLCOM ltd., IL),
Reverse DNS: resight.raid.co.il
Software: nginx /
Resource Hash: 5fa4c8526fbcf45dbe2cf7f27d6bda6c3bf9d0bafbf29d356f2d7d126e91754f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://payment.meshotet.co.il/css/site.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Nov 2022 06:46:08 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding,User-Agent
content-type: text/css;charset=UTF-8
cache-control: no-store, no-cache, must-revalidate, public
content-length: 724
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 headerBG.png
payment.meshotet.co.il/images/ 3 KB
3 KB 88ms
88ms Image
image/png 212.150.101.186
NV-ASN CELLCOM ltd.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://payment.meshotet.co.il/images/headerBG.png
Requested by: Host: payment.meshotet.co.il
URL: https://payment.meshotet.co.il/css/site.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.150.101.186 Jerusalem, Israel, ASN1680 (NV-ASN CELLCOM ltd., IL),
Reverse DNS: resight.raid.co.il
Software: nginx /
Resource Hash: bed15b50fbf91f9873f5ede25e400ea120be329eb3252ced96aa0e9357b5f413

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://payment.meshotet.co.il/css/site.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 06:46:08 GMT
last-modified: Thu, 25 Oct 2012 12:42:22 GMT
server: nginx
etag: "508933ae-b29"
content-type: image/png
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 2857
expires: Wed, 07 Dec 2022 06:46:08 GMT

GET
H2 200 searchSubmit.png
payment.meshotet.co.il/images/ 3 KB
4 KB 90ms
90ms Image
image/png 212.150.101.186
NV-ASN CELLCOM ltd.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://payment.meshotet.co.il/images/searchSubmit.png
Requested by: Host: payment.meshotet.co.il
URL: https://payment.meshotet.co.il/css/site.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.150.101.186 Jerusalem, Israel, ASN1680 (NV-ASN CELLCOM ltd., IL),
Reverse DNS: resight.raid.co.il
Software: nginx /
Resource Hash: f5f0c42fa13f46ee21f52fe2d05a7fa05ba53c1e0149129d168444e801523c80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://payment.meshotet.co.il/css/site.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 06:46:08 GMT
last-modified: Thu, 25 Oct 2012 12:51:30 GMT
server: nginx
etag: "508935d2-dba"
content-type: image/png
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 3514
expires: Wed, 07 Dec 2022 06:46:08 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211020101/ 353 KB
116 KB 66ms
65ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211020101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8330060489921088&plah=payment.meshotet.co.il&bust=31070697

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e06f3a4f0ba704241f9336e3d137a19b7adc53457c72c5affc28612024ea3cd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 06:46:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119049
x-xss-protection: 0
server: cafe
etag: 10679190302585020312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 07 Nov 2022 06:46:08 GMT

GET
H2 200 / Show response
www.pay24.co.il/ Frame 0665 99 KB
34 KB 420ms
278ms Document
text/html 35.190.92.176
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.pay24.co.il/

Requested by

Host: payment.meshotet.co.il
URL: http://payment.meshotet.co.il/pay/%D7%AA%D7%A9%D7%9C%D7%95%D7%9D-%D7%91%D7%90%D7%A8-%D7%A9%D7%91%D7%A2-%D7%9E%D7%99-%D7%A9%D7%91%D7%A2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.92.176 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

176.92.190.35.bc.googleusercontent.com

Software

rhino-core-shield /

Resource Hash

27c9c6fe7d19faa18222c6821959d06738034f424c9b3a162e701f013ff1a002

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: http://payment.meshotet.co.il/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: clear
cache-control: no-cache, private, no-transform, no-store
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 07 Nov 2022 06:46:09 GMT
expires: Thu, 01 Jan 1970 00:01:48 GMT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
pragma: no-cache
server: rhino-core-shield
strict-transport-security: max-age=0
vary: Accept-Encoding
via: 1.1 google

GET
H2 200 btnFullScreen.jpg
payment.meshotet.co.il/images/ 24 KB
24 KB 88ms
88ms Image
image/jpeg 212.150.101.186
NV-ASN CELLCOM ltd.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://payment.meshotet.co.il/images/btnFullScreen.jpg
Requested by: Host: payment.meshotet.co.il
URL: https://payment.meshotet.co.il/css/site.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.150.101.186 Jerusalem, Israel, ASN1680 (NV-ASN CELLCOM ltd., IL),
Reverse DNS: resight.raid.co.il
Software: nginx /
Resource Hash: c1fcdc9e9342175de9616247f9d335abab55479a4d2411f260ea1d48e547bd12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://payment.meshotet.co.il/css/site.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 06:46:08 GMT
last-modified: Wed, 26 Dec 2012 18:31:56 GMT
server: nginx
etag: "50db429c-5ff2"
content-type: image/jpeg
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 24562
expires: Wed, 07 Dec 2022 06:46:08 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 395 B
702 B 84ms
31ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=payment.meshotet.co.il&callback=_gfp_s_&client=ca-pub-8330060489921088&gpid_exp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211020101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8330060489921088&plah=payment.meshotet.co.il&bust=31070697

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4e328e0c61b85b010f443d12bdcc71175dc4a4c11b080c11d91347f13418b246

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 06:46:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 257
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 84ms
31ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=payment.meshotet.co.il

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 06:46:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 96ms
31ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=payment.meshotet.co.il

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 06:46:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0C9B 111 KB
41 KB 850ms
799ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=90&slotname=9307384039&adk=3654359874&adf=4054489202&pi=t.ma~as.9307384039&w=728&lmt=1667803569&url=http%3A%2F%2Fpayment.meshotet.co.il%2Fpay%2F%25D7%25AA%25D7%25A9%25D7%259C%25D7%2595%25D7%259D-%25D7%2591%25D7%2590%25D7%25A8-%25D7%25A9%25D7%2591%25D7%25A2-%25D7%259E%25D7%2599-%25D7%25A9%25D7%2591%25D7%25A2%2F&wgl=1&dt=1667803568414&bpp=18&bdt=527&idt=811&shv=r20221101&mjsv=m202211020101&ptt=5&saldr=sa&abxe=1&correlator=4107770434303&frm=20&pv=2&ga_vid=230717123.1667803569&ga_sid=1667803569&ga_hid=1357744604&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=552&ady=84&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070697%2C44775017%2C44775305&oid=2&pvsid=2970489583751476&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=FStkbhUjOu&p=http%3A//payment.meshotet.co.il&dtd=833

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

43dc83166d4365b4af7a6202b676e7ab5eb97f66eb77ed0cf2d5848f229c8730

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10531375264282357905/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10531375264282357905/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNGbuLq8m_sCFYyJdwodrEgMBA&gqi=saloY_upE56P7_UPwuGQuAU&layout=/sadbundle/%24csp%253Der3%24/10531375264282357905/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://payment.meshotet.co.il/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 41503
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10531375264282357905/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10531375264282357905/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNGbuLq8m_sCFYyJdwodrEgMBA&gqi=saloY_upE56P7_UPwuGQuAU&layout=/sadbundle/%24csp%253Der3%24/10531375264282357905/index.html
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 07 Nov 2022 06:46:10 GMT
expires: Mon, 07 Nov 2022 06:46:10 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4ACC 112 KB
41 KB 478ms
435ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=600&slotname=5779015096&adk=2105329952&adf=2664654941&pi=t.ma~as.5779015096&w=160&lmt=1667803569&url=http%3A%2F%2Fpayment.meshotet.co.il%2Fpay%2F%25D7%25AA%25D7%25A9%25D7%259C%25D7%2595%25D7%259D-%25D7%2591%25D7%2590%25D7%25A8-%25D7%25A9%25D7%2591%25D7%25A2-%25D7%259E%25D7%2599-%25D7%25A9%25D7%2591%25D7%25A2%2F&wgl=1&dt=1667803568434&bpp=8&bdt=546&idt=819&shv=r20221101&mjsv=m202211020101&ptt=5&saldr=sa&abxe=1&prev_slotnames=9307384039&correlator=4107770434303&frm=20&pv=1&ga_vid=230717123.1667803569&ga_sid=1667803569&ga_hid=1357744604&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=177&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070697%2C44775017%2C44775305&oid=2&pvsid=2970489583751476&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=dLitJ0fzvF&p=http%3A//payment.meshotet.co.il&dtd=822

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

885be112bc292d9a19bed07671c065afaf2d45bbf850c5a24c6380639206ed03

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8782036134154406910/cmhagrala_031022_160x600.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8782036134154406910/cmhagrala_031022_160x600.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CN-euLq8m_sCFRGFgwcdWDoNrA&gqi=saloY8GxE9KhlQeQzanAAQ&layout=/sadbundle/%24csp%253Der3%24/8782036134154406910/cmhagrala_031022_160x600.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://payment.meshotet.co.il/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 41469
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8782036134154406910/cmhagrala_031022_160x600.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8782036134154406910/cmhagrala_031022_160x600.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CN-euLq8m_sCFRGFgwcdWDoNrA&gqi=saloY8GxE9KhlQeQzanAAQ&layout=/sadbundle/%24csp%253Der3%24/8782036134154406910/cmhagrala_031022_160x600.html
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 07 Nov 2022 06:46:09 GMT
expires: Mon, 07 Nov 2022 06:46:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 71AA 83 KB
31 KB 410ms
374ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=90&slotname=7481696310&adk=1358332770&adf=2681553333&pi=t.ma~as.7481696310&w=728&lmt=1667803569&url=http%3A%2F%2Fpayment.meshotet.co.il%2Fpay%2F%25D7%25AA%25D7%25A9%25D7%259C%25D7%2595%25D7%259D-%25D7%2591%25D7%2590%25D7%25A8-%25D7%25A9%25D7%2591%25D7%25A2-%25D7%259E%25D7%2599-%25D7%25A9%25D7%2591%25D7%25A2%2F&wgl=1&dt=1667803568445&bpp=3&bdt=558&idt=813&shv=r20221101&mjsv=m202211020101&ptt=5&saldr=sa&abxe=1&prev_slotnames=9307384039%2C5779015096&correlator=4107770434303&frm=20&pv=1&ga_vid=230717123.1667803569&ga_sid=1667803569&ga_hid=1357744604&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=552&ady=882&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070697%2C44775017%2C44775305&oid=2&pvsid=2970489583751476&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=3&uci=a!3&fsb=1&xpc=3iL3V5Uzbn&p=http%3A//payment.meshotet.co.il&dtd=817

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9dec543a810bdae52c5a63b981a0db238ed750522697045e8b8c51dafaa4394b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://payment.meshotet.co.il/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 31310
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 07 Nov 2022 06:46:09 GMT
expires: Mon, 07 Nov 2022 06:46:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame 71AA 6 KB
1 KB 939ms
30ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%7CHeebo%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=90&slotname=7481696310&adk=1358332770&adf=2681553333&pi=t.ma~as.7481696310&w=728&lmt=1667803569&url=http%3A%2F%2Fpayment.meshotet.co.il%2Fpay%2F%25D7%25AA%25D7%25A9%25D7%259C%25D7%2595%25D7%259D-%25D7%2591%25D7%2590%25D7%25A8-%25D7%25A9%25D7%2591%25D7%25A2-%25D7%259E%25D7%2599-%25D7%25A9%25D7%2591%25D7%25A2%2F&wgl=1&dt=1667803568445&bpp=3&bdt=558&idt=813&shv=r20221101&mjsv=m202211020101&ptt=5&saldr=sa&abxe=1&prev_slotnames=9307384039%2C5779015096&correlator=4107770434303&frm=20&pv=1&ga_vid=230717123.1667803569&ga_sid=1667803569&ga_hid=1357744604&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=552&ady=882&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070697%2C44775017%2C44775305&oid=2&pvsid=2970489583751476&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=3&uci=a!3&fsb=1&xpc=3iL3V5Uzbn&p=http%3A//payment.meshotet.co.il&dtd=817

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

460c3caa6572cdfb606d8bfe83e2493b844ea26d7b26b1c07543d9c57975b6e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 07 Nov 2022 06:46:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 07 Nov 2022 06:27:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 07 Nov 2022 06:46:10 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221027/r20110914/client/ Frame 71AA 2 KB
819 B 949ms
41ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221027/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 12:55:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64267
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Nov 2022 12:55:03 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221027/r20110914/ Frame 71AA 23 KB
10 KB 930ms
21ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221027/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

15b192d13c1d029346a73cb1b2eb3a1b8905dfe8df1aaf9ced37356de9380e32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 12:55:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64266
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9268
x-xss-protection: 0
server: cafe
etag: 17746901142539384344
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Nov 2022 12:55:04 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221027/r20110914/client/ Frame 71AA 3 KB
1 KB 721ms
41ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221027/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 12:55:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64267
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1238
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Nov 2022 12:55:03 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221027/r20110914/client/ Frame 71AA 17 KB
7 KB 930ms
22ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221027/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d99f77a187454fecc18b59b2f520b1598b246d01e142bfdc4de56eb7221a9330

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 12:55:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64267
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7367
x-xss-protection: 0
server: cafe
etag: 4759548068123418343
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Nov 2022 12:55:03 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 71AA 154 KB
48 KB 942ms
34ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c96507386689e69f6112a5d0a91ea851a260e5c023642dc374a8489271f53246

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 06:46:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48204
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1667489865617883"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 07 Nov 2022 06:46:10 GMT

GET
H2 200 0d3fd3b530a886383bd6b91513e5ed38.js Show response
www.gstatic.com/mysidia/ Frame 71AA 34 KB
14 KB 700ms
21ms Script
text/javascript 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/0d3fd3b530a886383bd6b91513e5ed38.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a24baf918a3b9bbda58c98de4ba638f939c8b46fe292000cb833a50e4c303d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Thu, 03 Nov 2022 20:18:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 296839
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14033
x-xss-protection: 0
last-modified: Mon, 31 Oct 2022 22:32:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 01 Feb 2023 20:18:51 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 71AA 0
0 110ms
66ms Fetch
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C0EQXsaloY_WFFLGVjuwPueyJuAGwrNKmbdWjhO3EENnZHhABIJHF5glglYKAgKAHoAG4pJTkAsgBAagDAcgDywSqBL0CT9CnmeP7Ss6bzsdmie8PSr3e_KySkgpfKVb7sRBTVp1eu9mxNDavv5hdE0FNrQfAxTPv2aVjJ4iznIPQ247zQukmErdC8Fa61i4jllVG14b4JOhkxraaj-5slc3l1Z_ATWwp16OqtuUS7rJZAv9_t21LrYojVRf2dX8OuutFsUNsKE5o2nrp1dEmSro1daDK12j8ggOM7X-PRqqB7De6hpI4Rvj2YG7wVVMqYwV_9X7F2JUEs8XpC3t49YIa1VsDiLNeJP4_c7LLmdLwPE4lsme5KXDB-DKYzh8WUwUVyWPfVBd9y-BJDaV6BMhYyaqApKKn5dJmXA-Ly_zzHT0ZKrbA2c9-PWrBKVuJXx_yiHn8FMASAiJQ_GD0PRLDadtyxyftZDADeYpHY7uVLxXTcqDOfWDh9cc8eVXNz0TABJ_k6suQBJIFBAgEGAGSBQQIBRgEgAew2-ubAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcFEMyjggHSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTDdAVAZgWAYAXAbIXHAoaCAASFHB1Yi04MzMwMDYwNDg5OTIxMDg4GAA&sigh=G8O4XzJ7Ytk&uach_m=[UACH]&cid=CAQSGwDq26N9lD4fDim3IsBc94S3qXKVWjD7L79H4BgBIA4

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=90&slotname=7481696310&adk=1358332770&adf=2681553333&pi=t.ma~as.7481696310&w=728&lmt=1667803569&url=http%3A%2F%2Fpayment.meshotet.co.il%2Fpay%2F%25D7%25AA%25D7%25A9%25D7%259C%25D7%2595%25D7%259D-%25D7%2591%25D7%2590%25D7%25A8-%25D7%25A9%25D7%2591%25D7%25A2-%25D7%259E%25D7%2599-%25D7%25A9%25D7%2591%25D7%25A2%2F&wgl=1&dt=1667803568445&bpp=3&bdt=558&idt=813&shv=r20221101&mjsv=m202211020101&ptt=5&saldr=sa&abxe=1&prev_slotnames=9307384039%2C5779015096&correlator=4107770434303&frm=20&pv=1&ga_vid=230717123.1667803569&ga_sid=1667803569&ga_hid=1357744604&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=552&ady=882&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070697%2C44775017%2C44775305&oid=2&pvsid=2970489583751476&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=3&uci=a!3&fsb=1&xpc=3iL3V5Uzbn&p=http%3A//payment.meshotet.co.il&dtd=817
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 07 Nov 2022 06:46:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 07 Nov 2022 06:46:10 GMT

GET
H2 200 cmhagrala_031022_160x600.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8782036134154406910/ Frame A3FF 88 KB
17 KB 59ms
42ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8782036134154406910/cmhagrala_031022_160x600.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=600&slotname=5779015096&adk=2105329952&adf=2664654941&pi=t.ma~as.5779015096&w=160&lmt=1667803569&url=http%3A%2F%2Fpayment.meshotet.co.il%2Fpay%2F%25D7%25AA%25D7%25A9%25D7%259C%25D7%2595%25D7%259D-%25D7%2591%25D7%2590%25D7%25A8-%25D7%25A9%25D7%2591%25D7%25A2-%25D7%259E%25D7%2599-%25D7%25A9%25D7%2591%25D7%25A2%2F&wgl=1&dt=1667803568434&bpp=8&bdt=546&idt=819&shv=r20221101&mjsv=m202211020101&ptt=5&saldr=sa&abxe=1&prev_slotnames=9307384039&correlator=4107770434303&frm=20&pv=1&ga_vid=230717123.1667803569&ga_sid=1667803569&ga_hid=1357744604&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=177&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070697%2C44775017%2C44775305&oid=2&pvsid=2970489583751476&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=dLitJ0fzvF&p=http%3A//payment.meshotet.co.il&dtd=822

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1814debc58b1ac2edc20be6888704ce6ddda01864bf55ba1fe50e26e420c168c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 404364
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 16126
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Wed, 02 Nov 2022 14:26:46 GMT
expires: Thu, 02 Nov 2023 14:26:46 GMT
last-modified: Wed, 12 Oct 2022 14:06:53 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 4ACC 0
0 92ms
65ms Fetch
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cu_T8saloY5-CFJGKjuwP2PS04Arb5KX4bJ7-wbnLENnZHhABIJHF5glglYKAgKAHoAGYlKT4AcgBCagDAcgDSKoE0QJP0PnR1fiRtLbcX9NLnDtDIzwEU87HyuvMRFBt6VdJ3mcy7AEwOcXuIoSJ2fJ2EQJx7vLMNK1uLUZWqTr3ynnFG2LnNGeedVlBEoUJivV7aVkHdKANLLz3pWEGbTn_7au3h3AfcGyYGBN2xWm6TNPGtKzpxiVnMrZ6PyeeGyGGNcxdgPtGHj-YDjNef33wdziiTPJI0Ae86FbrFTlioimqD135KqN_XNezG4At1iSmB_piXwTVA6C8YMBGAj5Kg8AFZCxlpiXjXDa_LaK8X6odYOFdat7xvZayUwc9A6Eca78ZmydjSYZzsvGJ8_MFMmO5CaBk8KJEBr3DGQIypp9PubJm8vJGop-Ry-6NB1Um7zb5kwqOuLC7GfEzH8m6i0joqxI5KY2lOGRtI4l60g4s-S9rh7ETAFqgbzeIW0HC8gvOoQ-Xg3r1tWsrAnzcJVWAwASL1OS75wOSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAH0OvbhwKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBD64jHSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTDNAVAYAXAbIXHAoaCAASFHB1Yi04MzMwMDYwNDg5OTIxMDg4GAA&sigh=hRU010X6pnQ&uach_m=[UACH]&cid=CAQSGwDq26N9FHCLSk8KFW_zLQuFn9ogGMxcH2wIARgBIA4&template_id=419

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=600&slotname=5779015096&adk=2105329952&adf=2664654941&pi=t.ma~as.5779015096&w=160&lmt=1667803569&url=http%3A%2F%2Fpayment.meshotet.co.il%2Fpay%2F%25D7%25AA%25D7%25A9%25D7%259C%25D7%2595%25D7%259D-%25D7%2591%25D7%2590%25D7%25A8-%25D7%25A9%25D7%2591%25D7%25A2-%25D7%259E%25D7%2599-%25D7%25A9%25D7%2591%25D7%25A2%2F&wgl=1&dt=1667803568434&bpp=8&bdt=546&idt=819&shv=r20221101&mjsv=m202211020101&ptt=5&saldr=sa&abxe=1&prev_slotnames=9307384039&correlator=4107770434303&frm=20&pv=1&ga_vid=230717123.1667803569&ga_sid=1667803569&ga_hid=1357744604&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=177&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070697%2C44775017%2C44775305&oid=2&pvsid=2970489583751476&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=dLitJ0fzvF&p=http%3A//payment.meshotet.co.il&dtd=822
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 07 Nov 2022 06:46:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 07 Nov 2022 06:46:10 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221027/r20110914/ Frame 4ACC 23 KB
9 KB 685ms
26ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221027/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

15b192d13c1d029346a73cb1b2eb3a1b8905dfe8df1aaf9ced37356de9380e32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 12:55:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64266
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9268
x-xss-protection: 0
server: cafe
etag: 17746901142539384344
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Nov 2022 12:55:04 GMT

GET
H2 200 rXlOVu5RWTc1pBJ6yiVdVqat2QXDNIjv Show response
www.pay24.co.il/7060ac19f50208cbb6b45328ef94140a612ee92387e015594234077b4d1e64f1/ Frame 0665 237 B
637 B 73ms
73ms XHR
application/octet-stream 35.190.92.176
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.pay24.co.il/7060ac19f50208cbb6b45328ef94140a612ee92387e015594234077b4d1e64f1/rXlOVu5RWTc1pBJ6yiVdVqat2QXDNIjv

Requested by

Host: www.pay24.co.il
URL: https://www.pay24.co.il/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.92.176 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

176.92.190.35.bc.googleusercontent.com

Software

rhino-core-shield /

Resource Hash

8a1eaf0e1f0cc7f4a952a95b71a99faedec929dd33616626f639ec34970fe6dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.pay24.co.il/
accept-language: de-DE,de;q=0.9
x-zebra-FyORhDtL: MDRlZjdhNDQ4NWU3YzMxOTc2NGVjZDEwOTk3NzI3YWYwZWE4MzlkMDskKGhhc2gpO194Y2FsYyhhcmd1bWVudHMuY2FsbGUpOzI7JChoYXNoKTtfeGNhbGMoYXJndW1lbnRzLmNhbGxlKTswOyQoaGFzaCk7X3hjYWxjKGFyZ3VtZW50cy5jYWxsZSk7NjUzMTZkZTQ4MWFkYjY1OTYxNGM2ZmU0M2M5NjY5ZWI7JChoYXNoKTtfeGNhbGMoYXJndW1lbnRzLmNhbGxlKTtZZTY2OGJrcGVobTc5a3UxcXpxVnJ3bCs1RXA0bXNwMzVJN1JlMEZaN1hKb3JtcnQyTjRKRW10UFdaUjBLQWZZUTBycTU5bFY4dFAyUmdoRnFxVFFCNTd0R0ZscDcrazA5MlYxY0YxdlRtWWhMN3RJUmU1aEJvZHlMUGswWjNvV3gzVVhmNU0xRHZuc0ROMURrejAwRUJ1OWU1b1M5VVFpSkZ6UURtamwzcXpXYjlzWFZlbEJpMWlIT3BPeFZBZjBGSFhQY290S0JucHRTUktKcGNkNnJyYUIyNlhZVWlra1diS3JCeC9VVUl3PQ--
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 07 Nov 2022 06:46:10 GMT
strict-transport-security: max-age=0
via: 1.1 google
server: rhino-core-shield
alt-svc: clear
content-type: application/octet-stream

GET
H2 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10531375264282357905/ Frame A62A 167 KB
34 KB 48ms
47ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10531375264282357905/index.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=90&slotname=9307384039&adk=3654359874&adf=4054489202&pi=t.ma~as.9307384039&w=728&lmt=1667803569&url=http%3A%2F%2Fpayment.meshotet.co.il%2Fpay%2F%25D7%25AA%25D7%25A9%25D7%259C%25D7%2595%25D7%259D-%25D7%2591%25D7%2590%25D7%25A8-%25D7%25A9%25D7%2591%25D7%25A2-%25D7%259E%25D7%2599-%25D7%25A9%25D7%2591%25D7%25A2%2F&wgl=1&dt=1667803568414&bpp=18&bdt=527&idt=811&shv=r20221101&mjsv=m202211020101&ptt=5&saldr=sa&abxe=1&correlator=4107770434303&frm=20&pv=2&ga_vid=230717123.1667803569&ga_sid=1667803569&ga_hid=1357744604&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=552&ady=84&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070697%2C44775017%2C44775305&oid=2&pvsid=2970489583751476&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=FStkbhUjOu&p=http%3A//payment.meshotet.co.il&dtd=833

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

659712f14aa7361d9bc64289e6eeaa7c6d239571d96c78df8fcb8ace0b408fcd

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 172348
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 34453
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Sat, 05 Nov 2022 06:53:42 GMT
expires: Sun, 05 Nov 2023 06:53:42 GMT
last-modified: Thu, 10 Mar 2022 11:42:48 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0C9B 0
0 67ms
67ms Fetch
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C20GCsaloY5H_E4yT3gOskbEg5tXL-WjcypTCng-MwLWrrgEQASCRxeYJYJWCgICgB6AB8dbrmgPIAQmpAkoitHddtLA-qAMByANIqgS8Ak_QmPPOMkbeHiLLEAgEdABORBTrCxwjpawilu_1t8B935XN2g6HfRyh-b-UjxJdkYIjcaRXShz_bzCX8MUGyuIg-51zhq0bfidRWIPfYTcsvSpnfCnkfwFcaprUeHpewoTIf08eAIap8hQRa-Jv14m5KLLZXB0lJspfzALx3fDGEIiuWwE7_hcrigmwf_lZF4vFLzHklTLmyuvIakerxpSktjeBTv4jxkphcYXnh3rYsfQ-PWhxp0NydqNeb8cambs6e4mbpP3TjSxpMq5Zbdpi47-7ibWS_vbsNAEwvvl12Iim9X-v-CEls3F8uwbODvdMN7OpyhdqaD_a_4lTzg-0p8I6xzYE61JzRUtb2JuHXtzcKg9hipX-1A8MdOY_4I17W-hBcHT6x0rq_WVdka8JRZnRr-9YKvJgNyPABO2U3cHyA5IFBAgEGAGSBQQIBRgEoAYugAf3qJRlqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQ15Na0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEw3QFQGAFwGyFxwKGggAEhRwdWItODMzMDA2MDQ4OTkyMTA4OBgA&sigh=9ftmhnwhSnA&uach_m=[UACH]&cid=CAQSGwDq26N9lKu5lKeOGnA9s2ro_7H5PkSVpwzBNxgBIA4&template_id=419

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=90&slotname=9307384039&adk=3654359874&adf=4054489202&pi=t.ma~as.9307384039&w=728&lmt=1667803569&url=http%3A%2F%2Fpayment.meshotet.co.il%2Fpay%2F%25D7%25AA%25D7%25A9%25D7%259C%25D7%2595%25D7%259D-%25D7%2591%25D7%2590%25D7%25A8-%25D7%25A9%25D7%2591%25D7%25A2-%25D7%259E%25D7%2599-%25D7%25A9%25D7%2591%25D7%25A2%2F&wgl=1&dt=1667803568414&bpp=18&bdt=527&idt=811&shv=r20221101&mjsv=m202211020101&ptt=5&saldr=sa&abxe=1&correlator=4107770434303&frm=20&pv=2&ga_vid=230717123.1667803569&ga_sid=1667803569&ga_hid=1357744604&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=552&ady=84&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070697%2C44775017%2C44775305&oid=2&pvsid=2970489583751476&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=FStkbhUjOu&p=http%3A//payment.meshotet.co.il&dtd=833
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 07 Nov 2022 06:46:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221027/r20110914/ Frame 0C9B 23 KB
9 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221027/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

15b192d13c1d029346a73cb1b2eb3a1b8905dfe8df1aaf9ced37356de9380e32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 12:55:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64266
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9268
x-xss-protection: 0
server: cafe
etag: 17746901142539384344
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Nov 2022 12:55:04 GMT

GET
H2 200 / Show response
www.pay24.co.il/ Frame 0665 99 KB
33 KB 31ms
31ms Document
text/html 35.190.92.176
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.pay24.co.il/

Requested by

Host: www.pay24.co.il
URL: https://www.pay24.co.il/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.92.176 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

176.92.190.35.bc.googleusercontent.com

Software

rhino-core-shield /

Resource Hash

9623eaed2f7176a1c0a231e1c58684dacca16c9cff6d5eb1e7668465b053124b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.pay24.co.il/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: clear
cache-control: no-cache, private, no-transform, no-store
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 07 Nov 2022 06:46:10 GMT
expires: Thu, 01 Jan 1970 00:01:48 GMT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
pragma: no-cache
server: rhino-core-shield
strict-transport-security: max-age=0
vary: Accept-Encoding
via: 1.1 google

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E22A 143 B
166 B 34ms
33ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=90&slotname=7481696310&adk=1358332770&adf=2681553333&pi=t.ma~as.7481696310&w=728&lmt=1667803569&url=http%3A%2F%2Fpayment.meshotet.co.il%2Fpay%2F%25D7%25AA%25D7%25A9%25D7%259C%25D7%2595%25D7%259D-%25D7%2591%25D7%2590%25D7%25A8-%25D7%25A9%25D7%2591%25D7%25A2-%25D7%259E%25D7%2599-%25D7%25A9%25D7%2591%25D7%25A2%2F&wgl=1&dt=1667803568445&bpp=3&bdt=558&idt=813&shv=r20221101&mjsv=m202211020101&ptt=5&saldr=sa&abxe=1&prev_slotnames=9307384039%2C5779015096&correlator=4107770434303&frm=20&pv=1&ga_vid=230717123.1667803569&ga_sid=1667803569&ga_hid=1357744604&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=552&ady=882&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070697%2C44775017%2C44775305&oid=2&pvsid=2970489583751476&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=3&uci=a!3&fsb=1&xpc=3iL3V5Uzbn&p=http%3A//payment.meshotet.co.il&dtd=817
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3023
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 07 Nov 2022 05:55:47 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 71AA 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 23e1ec0e2df909370c22310e9851d5dbc1dfe79d0f41b98af790423a49bff13a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 64D6 143 B
166 B 30ms
21ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=600&slotname=5779015096&adk=2105329952&adf=2664654941&pi=t.ma~as.5779015096&w=160&lmt=1667803569&url=http%3A%2F%2Fpayment.meshotet.co.il%2Fpay%2F%25D7%25AA%25D7%25A9%25D7%259C%25D7%2595%25D7%259D-%25D7%2591%25D7%2590%25D7%25A8-%25D7%25A9%25D7%2591%25D7%25A2-%25D7%259E%25D7%2599-%25D7%25A9%25D7%2591%25D7%25A2%2F&wgl=1&dt=1667803568434&bpp=8&bdt=546&idt=819&shv=r20221101&mjsv=m202211020101&ptt=5&saldr=sa&abxe=1&prev_slotnames=9307384039&correlator=4107770434303&frm=20&pv=1&ga_vid=230717123.1667803569&ga_sid=1667803569&ga_hid=1357744604&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=177&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070697%2C44775017%2C44775305&oid=2&pvsid=2970489583751476&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=dLitJ0fzvF&p=http%3A//payment.meshotet.co.il&dtd=822
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3023
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 07 Nov 2022 05:55:47 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221027/r20110914/client/ Frame 4ACC 3 KB
1 KB 82ms
21ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221027/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 12:55:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64267
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1238
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Nov 2022 12:55:03 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221027/r20110914/client/ Frame 4ACC 17 KB
7 KB 89ms
28ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221027/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d99f77a187454fecc18b59b2f520b1598b246d01e142bfdc4de56eb7221a9330

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 12:55:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64267
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7367
x-xss-protection: 0
server: cafe
etag: 4759548068123418343
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Nov 2022 12:55:03 GMT

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame A3FF 6 KB
3 KB 83ms
35ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8782036134154406910/cmhagrala_031022_160x600.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f4813e4fe6dd891838e421479bf603f6d3f0d2a55b90517b875a77050471d4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 13:12:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 63230
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2655
x-xss-protection: 0
server: cafe
etag: 4618035238173732404
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 07 Nov 2022 13:12:20 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame A3FF 34 KB
13 KB 76ms
28ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8782036134154406910/cmhagrala_031022_160x600.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 19:53:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39184
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 07 Nov 2022 19:53:06 GMT

GET
H2 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame A3FF 236 KB
63 KB 89ms
27ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8782036134154406910/cmhagrala_031022_160x600.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 06:46:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 07 Nov 2022 06:46:10 GMT

GET
H2 200 tweenmax_1.18.0_499ba64a23378545748ff12d372e59e9_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame A3FF 105 KB
35 KB 126ms
63ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.18.0_499ba64a23378545748ff12d372e59e9_min.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8782036134154406910/cmhagrala_031022_160x600.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

001acbb15d9c69510c0817e6dde361bff098406fad182ab3c367f86ff3da8343

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 06:46:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35824
x-xss-protection: 0
last-modified: Fri, 09 Oct 2015 14:01:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 07 Nov 2022 06:46:10 GMT

GET
H3 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame A62A 16 KB
6 KB 55ms
22ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10531375264282357905/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 04:14:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9126
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 08 Nov 2022 04:14:04 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame A62A 34 KB
13 KB 68ms
35ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10531375264282357905/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 19:53:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39184
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 07 Nov 2022 19:53:06 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B35C 143 B
166 B 24ms
21ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=90&slotname=9307384039&adk=3654359874&adf=4054489202&pi=t.ma~as.9307384039&w=728&lmt=1667803569&url=http%3A%2F%2Fpayment.meshotet.co.il%2Fpay%2F%25D7%25AA%25D7%25A9%25D7%259C%25D7%2595%25D7%259D-%25D7%2591%25D7%2590%25D7%25A8-%25D7%25A9%25D7%2591%25D7%25A2-%25D7%259E%25D7%2599-%25D7%25A9%25D7%2591%25D7%25A2%2F&wgl=1&dt=1667803568414&bpp=18&bdt=527&idt=811&shv=r20221101&mjsv=m202211020101&ptt=5&saldr=sa&abxe=1&correlator=4107770434303&frm=20&pv=2&ga_vid=230717123.1667803569&ga_sid=1667803569&ga_hid=1357744604&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=552&ady=84&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070697%2C44775017%2C44775305&oid=2&pvsid=2970489583751476&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=FStkbhUjOu&p=http%3A//payment.meshotet.co.il&dtd=833
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3024
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 07 Nov 2022 05:55:47 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221027/r20110914/client/ Frame 0C9B 3 KB
1 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221027/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 12:55:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64268
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1238
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Nov 2022 12:55:03 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221027/r20110914/client/ Frame 0C9B 17 KB
7 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221027/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d99f77a187454fecc18b59b2f520b1598b246d01e142bfdc4de56eb7221a9330

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 12:55:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64268
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7367
x-xss-protection: 0
server: cafe
etag: 4759548068123418343
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Nov 2022 12:55:03 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E22A
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

41ms
41ms

Document
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 07 Nov 2022 06:46:11 GMT
expires: Mon, 07 Nov 2022 06:46:11 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 07 Nov 2022 06:46:11 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrwEIJllpyk.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 71AA 17 KB
17 KB 81ms
22ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrwEIJllpyk.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%7CHeebo%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d524bfae27e5abd09253fc0750d127771c61bf3b8aad0ea5c23db7b0148a23f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Fri, 04 Nov 2022 19:30:25 GMT
x-content-type-options: nosniff
age: 213346
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17204
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:04:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Nov 2023 19:30:25 GMT

GET
H2 200 NGS6v5_NC0k9P9H2TbE.woff2
fonts.gstatic.com/s/heebo/v21/ Frame 71AA 26 KB
27 KB 98ms
44ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/heebo/v21/NGS6v5_NC0k9P9H2TbE.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%7CHeebo%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b38977ea35fde92fe200fa14ac7cc55e2edce54b998ce9a08734ba1dd9053fed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 21:11:13 GMT
x-content-type-options: nosniff
age: 34498
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27116
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 20:35:20 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 06 Nov 2023 21:11:13 GMT

GET
H2 200 NGS6v5_NC0k9P9H0TbFzsQ.woff2
fonts.gstatic.com/s/heebo/v21/ Frame 71AA 11 KB
12 KB 82ms
28ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/heebo/v21/NGS6v5_NC0k9P9H0TbFzsQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%7CHeebo%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e83a43067942e341ebb7319116315855d2c24e463c9f0eda69f1a4b5f66ded18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 02 Nov 2022 22:48:54 GMT
x-content-type-options: nosniff
age: 374237
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11764
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 20:35:20 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 02 Nov 2023 22:48:54 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4ACC 154 KB
47 KB 87ms
39ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c96507386689e69f6112a5d0a91ea851a260e5c023642dc374a8489271f53246

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 06:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48204
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1667489865617883"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 07 Nov 2022 06:46:11 GMT

GET
DATA 200
OK truncated
/ Frame 4ACC 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8fae3f178b82ed0adef4e36f85f77156365721d01b96c6495217cf5909c98649

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 64D6
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

46ms
40ms

Document
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 07 Nov 2022 06:46:11 GMT
expires: Mon, 07 Nov 2022 06:46:11 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 07 Nov 2022 06:46:11 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Image.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8782036134154406910/ Frame A3FF 16 KB
16 KB 22ms
22ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8782036134154406910/Image.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a2e470d6e277bf611a9ee4d336f601e637819481738332157320619194943e5b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Wed, 02 Nov 2022 14:09:55 GMT
x-content-type-options: nosniff
age: 405376
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16708
x-xss-protection: 0
last-modified: Wed, 12 Oct 2022 14:06:53 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 02 Nov 2023 14:09:55 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B35C
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

45ms
39ms

Document
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 07 Nov 2022 06:46:11 GMT
expires: Mon, 07 Nov 2022 06:46:11 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 07 Nov 2022 06:46:11 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0C9B 154 KB
47 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c96507386689e69f6112a5d0a91ea851a260e5c023642dc374a8489271f53246

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 06:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48204
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1667489865617883"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 07 Nov 2022 06:46:11 GMT

GET
DATA 200
OK truncated
/ Frame 0C9B 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7ee9fd8705c7d0dfc9af20e52def1885dd52232326f4753c3e0dbec6c22f409e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js Show response
pagead2.googlesyndication.com/bg/ Frame A3FF 36 KB
16 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d9aee9c7463bd35f930878be886e5ee224aa8c9800331d699b91a28ceccdf1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 11:58:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67667
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16118
x-xss-protection: 0
last-modified: Thu, 20 Oct 2022 10:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 06 Nov 2023 11:58:24 GMT

GET
H3 200 HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js Show response
pagead2.googlesyndication.com/bg/ Frame A62A 36 KB
16 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d9aee9c7463bd35f930878be886e5ee224aa8c9800331d699b91a28ceccdf1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 11:58:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67667
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16118
x-xss-protection: 0
last-modified: Thu, 20 Oct 2022 10:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 06 Nov 2023 11:58:24 GMT

GET
H3 200 AdobeStock_389458450_02.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10531375264282357905/ Frame A62A 91 KB
91 KB 24ms
23ms Image
image/jpeg 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10531375264282357905/AdobeStock_389458450_02.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c8a2a35f476071c663c539a5954e074a43f6d616d1c489e9fee60b78224b54

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Thu, 03 Nov 2022 13:06:00 GMT
x-content-type-options: nosniff
age: 322811
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 92752
x-xss-protection: 0
last-modified: Thu, 10 Mar 2022 11:42:48 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 03 Nov 2023 13:06:00 GMT

GET
H2 200 WQL89L7qczkzxeQhSnmwKCoH4LyNZvPh Show response
www.pay24.co.il/7060ac19f50208cbb6b45328ef94140a612ee92387e015594234077b4d1e64f1/ Frame 0665 237 B
621 B 27ms
27ms XHR
application/octet-stream 35.190.92.176
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.pay24.co.il/7060ac19f50208cbb6b45328ef94140a612ee92387e015594234077b4d1e64f1/WQL89L7qczkzxeQhSnmwKCoH4LyNZvPh

Requested by

Host: www.pay24.co.il
URL: https://www.pay24.co.il/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.92.176 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

176.92.190.35.bc.googleusercontent.com

Software

rhino-core-shield /

Resource Hash

91bed44b583923f29c6d29a23933778a865de8b39fefa787405af14d06e47c64

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

x-zebra-zVFfVPB1: MTM3MjQzZTllMDJjMmJhMjViNjUwYjZhMjdiZTI0ZGZlMTUzOWQ5NDskKGhhc2gpO194Y2FsYyhhcmd1bWVudHMuY2FsbGUpOzc7JChoYXNoKTtfeGNhbGMoYXJndW1lbnRzLmNhbGxlKTswOyQoaGFzaCk7X3hjYWxjKGFyZ3VtZW50cy5jYWxsZSk7NjUzMTZkZTQ4MWFkYjY1OTYxNGM2ZmU0M2M5NjY5ZWI7JChoYXNoKTtfeGNhbGMoYXJndW1lbnRzLmNhbGxlKTszc1EvNzcxWWRmYjFKbmQ3QmxINEt3NkNXS3EycnFkZ1BPa2JheGNsTThucEJidHQ5SVk2NzJXdjR2enJKRXBGQkE0RDliQ1JhdGQ5QjFQUVB2aE8yMkRCcTVqUi9Ta3RHSVdBczloL2NMYStFRFJQZXBJRDg4TDhFNFlTWW96OVJITFBQaGVNeEtBOTArd0JJQzhiUnozOFhHdVNkTGdyWVpZUXpycWEyVmE4b1VBS0N3MjZ2dVhnUUFrakFRZmkvdjJiTUFuWXpVUVEyeW8vZEpsWmw2ZDBGNGZzbkRGeEpEOHdOa3VQUzhjPQ--
Referer: https://www.pay24.co.il/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 07 Nov 2022 06:46:11 GMT
strict-transport-security: max-age=0
via: 1.1 google
server: rhino-core-shield
alt-svc: clear
content-type: application/octet-stream

GET
H3 200 heromain.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8782036134154406910/ Frame A3FF 57 KB
57 KB 29ms
29ms Image
image/jpeg 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8782036134154406910/heromain.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8c72115cdef3f53c6b6fca71875db9a4ab71fc5d9b54cc396682c6ed9025f22

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Wed, 02 Nov 2022 08:46:30 GMT
x-content-type-options: nosniff
age: 424781
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58043
x-xss-protection: 0
last-modified: Wed, 12 Oct 2022 14:06:53 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 02 Nov 2023 08:46:30 GMT

GET
H3 200 logo.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8782036134154406910/ Frame A3FF 14 KB
14 KB 22ms
21ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8782036134154406910/logo.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

851a5b6ab3e550fae6297633338615ed48eb469fb08f8f22eb178f09c34d9b6d

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Wed, 02 Nov 2022 14:09:58 GMT
x-content-type-options: nosniff
age: 405373
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14495
x-xss-protection: 0
last-modified: Wed, 12 Oct 2022 14:06:53 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 02 Nov 2023 14:09:58 GMT

GET
H2 200 / Show response
www.pay24.co.il/ Frame 0665 99 KB
33 KB 38ms
37ms Document
text/html 35.190.92.176
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.pay24.co.il/

Requested by

Host: www.pay24.co.il
URL: https://www.pay24.co.il/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.92.176 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

176.92.190.35.bc.googleusercontent.com

Software

rhino-core-shield /

Resource Hash

5407d0a754c22b2fa105e06769f90b89f6ab7ac42d5320db69d1c7e06d45af24

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.pay24.co.il/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: clear
cache-control: no-cache, private, no-transform, no-store
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 07 Nov 2022 06:46:11 GMT
expires: Thu, 01 Jan 1970 00:01:48 GMT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
pragma: no-cache
server: rhino-core-shield
strict-transport-security: max-age=0
vary: Accept-Encoding
via: 1.1 google

GET
H3 200 HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js Show response
pagead2.googlesyndication.com/bg/ Frame 45CE 36 KB
16 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d9aee9c7463bd35f930878be886e5ee224aa8c9800331d699b91a28ceccdf1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 11:58:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67667
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16118
x-xss-protection: 0
last-modified: Thu, 20 Oct 2022 10:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 06 Nov 2023 11:58:24 GMT

GET
H3 200 logoSmall.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8782036134154406910/ Frame A3FF 13 KB
13 KB 21ms
21ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8782036134154406910/logoSmall.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

41a6f34bcff6e9d1775269a8bf932eebbfe041ef6e346b108d898851ce77c7d8

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Wed, 02 Nov 2022 14:09:58 GMT
x-content-type-options: nosniff
age: 405373
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12968
x-xss-protection: 0
last-modified: Wed, 12 Oct 2022 14:06:53 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 02 Nov 2023 14:09:58 GMT

GET
H2 200 L669OQGQLHi6UZikVCfZbQZIJuqo7wD5 Show response
www.pay24.co.il/7060ac19f50208cbb6b45328ef94140a612ee92387e015594234077b4d1e64f1/ Frame 0665 237 B
622 B 27ms
27ms XHR
application/octet-stream 35.190.92.176
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.pay24.co.il/7060ac19f50208cbb6b45328ef94140a612ee92387e015594234077b4d1e64f1/L669OQGQLHi6UZikVCfZbQZIJuqo7wD5

Requested by

Host: www.pay24.co.il
URL: https://www.pay24.co.il/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.92.176 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

176.92.190.35.bc.googleusercontent.com

Software

rhino-core-shield /

Resource Hash

dc3c826fb5d2ffaba81078a43660f45b3e353cb6602ff36ea1476106c0284238

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.pay24.co.il/
x-zebra-EDtBm0qi: MDBjMjA2YTBiY2U2OGYzNDUyZDVhN2EyNzFiODM4NjM5MzIxMTJjYjskKGhhc2gpO194Y2FsYyhhcmd1bWVudHMuY2FsbGUpOzE7JChoYXNoKTtfeGNhbGMoYXJndW1lbnRzLmNhbGxlKTswOyQoaGFzaCk7X3hjYWxjKGFyZ3VtZW50cy5jYWxsZSk7OyQoaGFzaCk7X3hjYWxjKGFyZ3VtZW50cy5jYWxsZSk7OVBWenFRVG5OTHFrall1M1ZWTTR3Rm9iQ040Y2IxYkpsOUhjRXpacTg4d0czOTI4R0c1cmxLWkt5MDYwazZZQVVoMFIwMFdDNEFzWjZCUDRvaGN5Q0ZheTZDNXpIWlprSG0wU3QrV3ZQYWlBT0JCM3JPSEl4a0YzOHQ0RlFjeFd5bmpYdnFFeTlmNnNBTEU1WGliODdIcU16ZkZzQUplVWxEL010TFFac2tYVTR0Y0NxaGNwVlk1SEZYQVJtY2gvVktEWkZVQ2U0YnZwRW1QSTdKenArUFR3NTRkQU9BVUltblBwL2JUL1dwMD0-
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 07 Nov 2022 06:46:11 GMT
strict-transport-security: max-age=0
via: 1.1 google
server: rhino-core-shield
alt-svc: clear
content-type: application/octet-stream

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 169 KB
54 KB 56ms
56ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7bc89001e7edc0a39981c7854b9049d11474b1ecccc82e061649ab7032483a98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 06:46:11 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55213
x-xss-protection: 0
server: cafe
etag: 14679027212056720327
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 07 Nov 2022 06:46:11 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 92ms
48ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221101&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb4d9322cdc44c0b697b34a51228035c5fbdbfbddc68c7b7c6e484edfe6506fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 06:46:11 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11296
x-xss-protection: 0

GET
H2 200 / Show response
www.pay24.co.il/ Frame 0665 99 KB
33 KB 32ms
32ms Document
text/html 35.190.92.176
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.pay24.co.il/

Requested by

Host: www.pay24.co.il
URL: https://www.pay24.co.il/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.92.176 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

176.92.190.35.bc.googleusercontent.com

Software

rhino-core-shield /

Resource Hash

79bf3c48843315bdb80e394be4686fde6b28ebbab94bd984839a265caf9a826d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.pay24.co.il/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: clear
cache-control: no-cache, private, no-transform, no-store
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 07 Nov 2022 06:46:11 GMT
expires: Thu, 01 Jan 1970 00:01:48 GMT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
pragma: no-cache
server: rhino-core-shield
strict-transport-security: max-age=0
vary: Accept-Encoding
via: 1.1 google

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 31ms
31ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 06:46:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 07 Nov 2022 06:46:11 GMT

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221101/r20190131/ Frame 4238 10 KB
4 KB 22ms
21ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221101/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a180577000dc7ea70fe921a385bab54deaefd2f24efaa32f1fc7ebb6d2abd2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://payment.meshotet.co.il/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 63213
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 06 Nov 2022 13:12:38 GMT
etag: 2424782735605397694
expires: Sun, 20 Nov 2022 13:12:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 78ms
33ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=payment.meshotet.co.il

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 06:46:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 73ms
29ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=payment.meshotet.co.il

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 06:46:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C73C 0
16 B 93ms
92ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&adk=1812271804&adf=3025194257&lmt=1667803571&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=http%3A%2F%2Fpayment.meshotet.co.il%2Fpay%2F%25D7%25AA%25D7%25A9%25D7%259C%25D7%2595%25D7%259D-%25D7%2591%25D7%2590%25D7%25A8-%25D7%25A9%25D7%2591%25D7%25A2-%25D7%259E%25D7%2599-%25D7%25A9%25D7%2591%25D7%25A2%2F&ea=0&pra=7&wgl=1&dt=1667803571926&bpp=3&bdt=4038&idt=3&shv=r20221101&mjsv=m202211020101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D53fc0b326f034020-221c6e6a6bce0052%3AT%3D1667803569%3ART%3D1667803569%3AS%3DALNI_Max19yGsvX-LjpBjPytuJFd_V1DOg&gpic=UID%3D00000b7db22c30e8%3AT%3D1667803569%3ART%3D1667803569%3AS%3DALNI_MYt4FPFrGlV9xoTz9DEslODZwL8DQ&prev_slotnames=9307384039%2C5779015096%2C7481696310&nras=1&correlator=4107770434303&frm=20&pv=1&ga_vid=230717123.1667803569&ga_sid=1667803569&ga_hid=1357744604&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31070697%2C44775017%2C44775305&oid=2&psts=APxP-9C63syF4ZNQxCRbjYzBBCRB4HwePcPsIRd2mmgFDwXL-jj5kmKz-fK67YqInPfoKOZMSIIHEtVmpNY3vBNg6A%2CAPxP-9DjTeY-WG4a_ZOVJeGzcF4URHIxCEGJrmzpgCgIsdFaC9ZlNOo9RfWQSw6eLTJTKJv7_sp3mVGwblR4qp-roQ%2CAPxP-9AeZHxLpvJw4bKLvvMpzIGuYdp2DtWbpFCc2IQds8sI7iC487Bq4PxI1Dz9sAGUuanuPf6iggGHD7p5mg&pvsid=2970489583751476&tmod=213374423&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=4&uci=a!4&fsb=1&dtd=24

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://payment.meshotet.co.il/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 07 Nov 2022 06:46:12 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame BACF 13 KB
5 KB 24ms
21ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://payment.meshotet.co.il/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 25554
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 06 Nov 2022 23:40:18 GMT
expires: Mon, 06 Nov 2023 23:40:18 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame B0CA 783 B
536 B 76ms
31ms Document
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

63c6e9663439bf2ea6e75eb9bb046d5e472cb5370d9458e37b831d585ab5e892

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-T4u57oc68vIq7-rULR0UCA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://payment.meshotet.co.il/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-T4u57oc68vIq7-rULR0UCA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 07 Nov 2022 06:46:12 GMT
expires: Mon, 07 Nov 2022 06:46:12 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js Show response
pagead2.googlesyndication.com/bg/ Frame BACF 36 KB
16 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d9aee9c7463bd35f930878be886e5ee224aa8c9800331d699b91a28ceccdf1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 06 Nov 2022 11:58:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67668
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16118
x-xss-protection: 0
last-modified: Thu, 20 Oct 2022 10:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 06 Nov 2023 11:58:24 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame B0CA 0
0 54ms
54ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20221101&jk=2970489583751476&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame BACF 0
11 B 25ms
25ms Image
text/plain 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?nPpfEQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 06:46:12 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 FtfdqVogJ6gxDEp4gcqDmamlFUgYCq71 Show response
www.pay24.co.il/7060ac19f50208cbb6b45328ef94140a612ee92387e015594234077b4d1e64f1/ Frame 0665 237 B
623 B 28ms
27ms XHR
application/octet-stream 35.190.92.176
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.pay24.co.il/7060ac19f50208cbb6b45328ef94140a612ee92387e015594234077b4d1e64f1/FtfdqVogJ6gxDEp4gcqDmamlFUgYCq71

Requested by

Host: www.pay24.co.il
URL: https://www.pay24.co.il/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.92.176 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

176.92.190.35.bc.googleusercontent.com

Software

rhino-core-shield /

Resource Hash

5799a3b7d445f04d6f96a6321d4459e1bdefc87b123cc881732e9468c4b055b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.pay24.co.il/
x-zebra-lvEqBVfW: MDRmMzJlMDZiM2M2ZWJmODkyNTRiYWY0ZTgyOTFiNWI3YTM1M2ZjOTskKGhhc2gpO194Y2FsYyhhcmd1bWVudHMuY2FsbGUpOzI0OyQoaGFzaCk7X3hjYWxjKGFyZ3VtZW50cy5jYWxsZSk7MDskKGhhc2gpO194Y2FsYyhhcmd1bWVudHMuY2FsbGUpOzY1MzE2ZGU0ODFhZGI2NTk2MTRjNmZlNDNjOTY2OWViOyQoaGFzaCk7X3hjYWxjKGFyZ3VtZW50cy5jYWxsZSk7OVBWenFRVG5OTHFrall1M1ZWTTR3Rm9iQ040Y2IxYkpsOUhjRXpacTg4d0czOTI4R0c1cmxLWkt5MDYwazZZQVVoMFIwMFdDNEFzWjZCUDRvaGN5Q0ZheTZDNXpIWlprSG0wU3QrV3ZQYWlBT0JCM3JPSEl4a0YzOHQ0RlFjeFd5bmpYdnFFeTlmNnNBTEU1WGliODdIcU16ZkZzQUplVWxEL010TFFac2tYVTR0Y0NxaGNwVlk1SEZYQVJtY2gvd0gxVVZ2ejAvcVVrMXFDTHYzbFJCS3BRZGJTSkhKVVpWWG1UQ1hlTzExOD0-
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 07 Nov 2022 06:46:12 GMT
strict-transport-security: max-age=0
via: 1.1 google
server: rhino-core-shield
alt-svc: clear
content-type: application/octet-stream

GET
H2 200 / Show response
www.pay24.co.il/ Frame 0665 99 KB
33 KB 35ms
34ms Document
text/html 35.190.92.176
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.pay24.co.il/

Requested by

Host: www.pay24.co.il
URL: https://www.pay24.co.il/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.92.176 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

176.92.190.35.bc.googleusercontent.com

Software

rhino-core-shield /

Resource Hash

6bc7ec8827a8041f132615d4c81af33da6bb343f6bf11e308513738b11f5b21c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.pay24.co.il/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: clear
cache-control: no-cache, private, no-transform, no-store
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 07 Nov 2022 06:46:12 GMT
expires: Thu, 01 Jan 1970 00:01:48 GMT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
pragma: no-cache
server: rhino-core-shield
strict-transport-security: max-age=0
vary: Accept-Encoding
via: 1.1 google

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 71AA 42 B
64 B 58ms
57ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuPI3O25c2y2CLAcCWSw7R_-cqWoAq_ka3BY6v9pYZjx6TikAaKb05_SHlFDsxMlExmwUIFBdJcpH1HMGdr9LquJUvATHZVgfn9rHUuEerlcjiGuS3fzXovdIQeqG-6SpEZEAxvj1QzFb05&sai=AMfl-YTak5OuwgO4KWmx4QGfSSCdb5T-juwFxPtHu-XOvKPRfO8oCmu-W3U2JKwJipkkZJlmbAZrnCbx9qztfBM&sig=Cg0ArKJSzOXRvZKSQ78jEAE&cid=CAQSGwDq26N9lD4fDim3IsBc94S3qXKVWjD7L79H4BgBIA4&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221103&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1358332770&rs=2&la=0&cr=0&vs=4&r=v&rst=1667803569264&rpt=2226&met=mue&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Nov 2022 06:46:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4ACC 42 B
64 B 60ms
60ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuZChZk2dVrs84jvJZrTl4HbtqmxMwXuu_1f5OKJsd5bc7C9Q8pwRvlxVfGttFuPx8dSx5J24nKMa36JmSRsDlxAsXVmf0vsC8KN33Wpff9siqaIs6lFHIoMhYgVJy1Tc3j5yZQCA&sai=AMfl-YSfqLzhfLHU88_BbOqUK7Cpvru4tFUj9VXcjmK_5-nVuUmPoES0DZvKtWaXTMb7X2bHUCdsf0z6XyBYv9w&sig=Cg0ArKJSzPKBUX6MZO4PEAE&cid=CAQSGwDq26N9FHCLSk8KFW_zLQuFn9ogGMxcH2wIARgBIA4&id=lidar2&mcvt=1003&p=0,0,600,160&mtos=1003,1003,1003,1003,1003&tos=1003,0,0,0,0&v=20221103&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=2&adk=2105329952&rs=2&la=0&cr=0&vs=4&r=v&rst=1667803569257&rpt=2276&met=mue&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Nov 2022 06:46:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0C9B 42 B
64 B 58ms
57ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsthbCY5SPgROZFLITL8V21V-dWOyePO44_wANEJ7zlBI08v46TB_jVxPFBQVSnVThmNAOer6cv2SoNGjo0NbeTez9kavG0qJaUrzuxkYQ1_6uk-DV5aRbrq_j82SFk1Ey2fbxHAEQ&sai=AMfl-YRKIKCD0EvV43PEpiPH_JSNJ05d7bvJfMsKlgtnx7h76akeVEvT4nfg28TZsqooZNcgKFf79HD9TzE-PLk&sig=Cg0ArKJSzPsnGxIcmQcUEAE&cid=CAQSGwDq26N9lKu5lKeOGnA9s2ro_7H5PkSVpwzBNxgBIA4&id=lidar2&mcvt=1004&p=0,0,90,728&mtos=1004,1004,1004,1004,1004&tos=1004,0,0,0,0&v=20221103&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=2&adk=3654359874&rs=2&la=0&cr=0&vs=4&r=v&rst=1667803569250&rpt=2262&met=mue&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Nov 2022 06:46:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 L80QPEXYA1pBJBzzLpek0DN6H6KS4eJ6 Show response
www.pay24.co.il/7060ac19f50208cbb6b45328ef94140a612ee92387e015594234077b4d1e64f1/ Frame 0665 237 B
620 B 27ms
26ms XHR
application/octet-stream 35.190.92.176
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.pay24.co.il/7060ac19f50208cbb6b45328ef94140a612ee92387e015594234077b4d1e64f1/L80QPEXYA1pBJBzzLpek0DN6H6KS4eJ6

Requested by

Host: www.pay24.co.il
URL: https://www.pay24.co.il/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.92.176 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

176.92.190.35.bc.googleusercontent.com

Software

rhino-core-shield /

Resource Hash

59eb2b3d5ead6ef59e78ede80682bbe4bde9a555d0cbca9e120c6ea70c708114

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

x-zebra-l9zmGDVk: MDE0M2E4MjU3NGJjNDdjNzJiYzRmOTBhZWEyZTI4YmZjOWEyMDRjMjskKGhhc2gpO194Y2FsYyhhcmd1bWVudHMuY2FsbGUpOzE1OyQoaGFzaCk7X3hjYWxjKGFyZ3VtZW50cy5jYWxsZSk7MDskKGhhc2gpO194Y2FsYyhhcmd1bWVudHMuY2FsbGUpOzY1MzE2ZGU0ODFhZGI2NTk2MTRjNmZlNDNjOTY2OWViOyQoaGFzaCk7X3hjYWxjKGFyZ3VtZW50cy5jYWxsZSk7dUo0S1pQeFMvSjgvU3o4WXVlTkxENW05OW5qeEpwSmJYOHJjZE5xTFRKR1lLRnRPejBBNXlBbmhuczdCR0h2bE82RVQxMFJUUnA5c25iNmREc1pCb1VtRDBMRms4d2tLMC9qUVorcjNIaUlEb0FzZkVKTDZaQWxaMzhtcFhBQUhrQWpiZ0Y2U2FHVEIxN3VESVRkRU9oM1p5RnlRYUwrOXo5UlJmQlI4Q1g0VUFFTWFlOGx0TnFFSkszRjZXOWVUTTRxdW1IQjQvb2JEblpXU3Q5Y0N0QmdoeTFBUlVQODZWYVhzVmV3RGVhYz0-
Referer: https://www.pay24.co.il/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 07 Nov 2022 06:46:12 GMT
strict-transport-security: max-age=0
via: 1.1 google
server: rhino-core-shield
alt-svc: clear
content-type: application/octet-stream

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 58ms
57ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20221101&jk=2970489583751476&bg=!fX6lfjrNAAZPh4lnb4c7ACkAdvg8WurvYH8U0at2oSMDzZseOIWMbYKdyBfqWnC5xA_Yazs_zxb5DAIAAABzUgAAAANoAQeZAp8ykjTUW96hurbMZK-u9PgGu4i6LILkNlfhn2g2p9QlO9zTPKgKjANtZg9hfP1RJLypArOV1GiStCYZ3k8pq4tMEQkBQX_fsv6bAQIQGxUot5Qqc6QjnEtg2Wkp8zY1MsBO7HWP_37U419QoyjTjzMWBKmjJW-mvFndQjTKsayU_veYykEnrdDO9Wy-7MeeWmIsu9IOeQ9U7FVohkYFPCHylwomyC2vhNAJOwZDj3xG5VMUw-PzcrSyPvQtzBFEiJG6QbFY5OiShkRwxAWY9_tzDlZuKpOrCcWwDvkF3fJAuQLH0pewj_s-saxxqFc5WKJR2mMicUvrkaayQ3NhySaAGZbyDwv6fJ9d1k3FBuOsDfOkyOy8922oTkta-nuQeG7iRuiVqZxVOrwRkuW4SbsgPR4z9aQ-ECdnRfZ7NBVr0DwJaffL1p3jwE8IFHCm2KVIA_1b9dyz32N_tLxCtusHQ2E5C8WECgSBzMAxUOjliZfKnRX2wsbWe79_Ir-nvY7R__aHVbWjwwAQWz0iHOipyojKrWGPiklhcZ6Mz4yhfpj943dz7uHOhwPXIyWTaJ8RepOTDq1W2kWnBrVrF96W39emLZ3i8Ow1H12v05TEam54LOj_TuMvYuDuvROPn7D7t7YTA8weTFF2xgkTx_6oDWsH19YnwucuEVXQasIVknFwrGaJyTBeXN-stuXEfFoij_GXDfzeSh1POIg8r-VrbbSqQp6D5IMxtgzYMRag5ucKtlUy522kVdgI5t_OX89NMLxmKX-ieJo8uymzSX2tB17K9kRNPe3UObQCiVXB0fk8_m-TZmBsYPqWbkhgmFt5zosBZRX8GtoyqiaVgQhCiW0dAgjWDCNIWBP7Lx6ycrATxowjee4kN032lfIEVA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

GET
H2 200 / Show response
www.pay24.co.il/ Frame 0665 99 KB
33 KB 33ms
32ms Document
text/html 35.190.92.176
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.pay24.co.il/

Requested by

Host: www.pay24.co.il
URL: https://www.pay24.co.il/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.92.176 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

176.92.190.35.bc.googleusercontent.com

Software

rhino-core-shield /

Resource Hash

54b37a41557a66546be243b50d6e55fc463c1c2c8378ae4ade44f8579613c857

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.pay24.co.il/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: clear
cache-control: no-cache, private, no-transform, no-store
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 07 Nov 2022 06:46:12 GMT
expires: Thu, 01 Jan 1970 00:01:48 GMT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
pragma: no-cache
server: rhino-core-shield
strict-transport-security: max-age=0
vary: Accept-Encoding
via: 1.1 google

GET
H2 200 aPF3MaaSydoELYV4Oql1NixDaBapID9z Show response
www.pay24.co.il/7060ac19f50208cbb6b45328ef94140a612ee92387e015594234077b4d1e64f1/ Frame 0665 237 B
621 B 26ms
26ms XHR
application/octet-stream 35.190.92.176
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.pay24.co.il/7060ac19f50208cbb6b45328ef94140a612ee92387e015594234077b4d1e64f1/aPF3MaaSydoELYV4Oql1NixDaBapID9z

Requested by

Host: www.pay24.co.il
URL: https://www.pay24.co.il/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.92.176 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

176.92.190.35.bc.googleusercontent.com

Software

rhino-core-shield /

Resource Hash

b96e74f5f4cab6826d29d6a62da3bd491ef8ee048113baa0272b754c549e26aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.pay24.co.il/
accept-language: de-DE,de;q=0.9
x-zebra-SpxcaF2K: MWI4ZjExZGUwNjEzODgwMDU5Y2M0MzhlNmMyY2ZjZDM1ZjYxZWQ0MjskKGhhc2gpO194Y2FsYyhhcmd1bWVudHMuY2FsbGUpOzM7JChoYXNoKTtfeGNhbGMoYXJndW1lbnRzLmNhbGxlKTswOyQoaGFzaCk7X3hjYWxjKGFyZ3VtZW50cy5jYWxsZSk7NjUzMTZkZTQ4MWFkYjY1OTYxNGM2ZmU0M2M5NjY5ZWI7JChoYXNoKTtfeGNhbGMoYXJndW1lbnRzLmNhbGxlKTt1SjRLWlB4Uy9KOC9TejhZdWVOTEQ1bTk5bmp4SnBKYlg4cmNkTnFMVEpHWUtGdE96MEE1eUFuaG5zN0JHSHZsTzZFVDEwUlRScDlzbmI2ZERzWkJvVW1EMExGazh3a0swL2pRWityM0hpSURvQXNmRUpMNlpBbFozOG1wWEFBSGtBamJnRjZTYUdUQjE3dURJVGRFT2gzWnlGeVFhTCs5ejlSUmZCUjhDWDRVQUVNYWU4bHROcUVKSzNGNlc5ZVRkaUgxc3BKc3pYQXpkSTFRUlp3ZEtlWDhnbjhHMWt2RjhkZ3ZDM3dBNEtRPQ--
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 07 Nov 2022 06:46:13 GMT
strict-transport-security: max-age=0
via: 1.1 google
server: rhino-core-shield
alt-svc: clear
content-type: application/octet-stream

GET
H2 200 / Show response
www.pay24.co.il/ Frame 0665 99 KB
33 KB 31ms
31ms Document
text/html 35.190.92.176
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.pay24.co.il/

Requested by

Host: www.pay24.co.il
URL: https://www.pay24.co.il/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.92.176 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

176.92.190.35.bc.googleusercontent.com

Software

rhino-core-shield /

Resource Hash

dc49ceb78cc67ed6a55e217c21df30cf3efd74041edb3f2cb1138f97de6366e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.pay24.co.il/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: clear
cache-control: no-cache, private, no-transform, no-store
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 07 Nov 2022 06:46:13 GMT
expires: Thu, 01 Jan 1970 00:01:48 GMT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
pragma: no-cache
server: rhino-core-shield
strict-transport-security: max-age=0
vary: Accept-Encoding
via: 1.1 google

GET
H2 200 ioOJkNVpZPxLXPHfvmB7NPYcKa2IFxvF Show response
www.pay24.co.il/7060ac19f50208cbb6b45328ef94140a612ee92387e015594234077b4d1e64f1/ Frame 0665 237 B
620 B 26ms
26ms XHR
application/octet-stream 35.190.92.176
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.pay24.co.il/7060ac19f50208cbb6b45328ef94140a612ee92387e015594234077b4d1e64f1/ioOJkNVpZPxLXPHfvmB7NPYcKa2IFxvF

Requested by

Host: www.pay24.co.il
URL: https://www.pay24.co.il/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.92.176 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

176.92.190.35.bc.googleusercontent.com

Software

rhino-core-shield /

Resource Hash

1e68824befed8768c8c5eade3fb67287586d2512d99e2a873c0adb2052ce83a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.pay24.co.il/
x-zebra-M2f2FNoi: MGYzYzkyMjI2ODg3NTNiMWUzODg4NWZlNjZjZjUyNzVjODM3MjIxNDskKGhhc2gpO194Y2FsYyhhcmd1bWVudHMuY2FsbGUpOzQ7JChoYXNoKTtfeGNhbGMoYXJndW1lbnRzLmNhbGxlKTswOyQoaGFzaCk7X3hjYWxjKGFyZ3VtZW50cy5jYWxsZSk7NjUzMTZkZTQ4MWFkYjY1OTYxNGM2ZmU0M2M5NjY5ZWI7JChoYXNoKTtfeGNhbGMoYXJndW1lbnRzLmNhbGxlKTs3VVArbXNNM1FadE9BOHhLZWhRUWNMZlc2cGFJcFV6ZlUrc01CV3ZMSGlYOXlyb3hkYW9Ec1A2N1dNZW9LeVNyM1pNcndWc0hmNjJ1TlY0SmV3ODIyV3ZXNXVOTE1IcmFYWDFiVjQrRFA1a1VLTmdNL3pXMHdvcU5OMWtudWtUMGV3eG9INHE4Z2dtck10NWJIVVRoU1gwVm8zelBhcW9vMWJwVnRYVm96dTZ4N0QzS0JZT0lLM0hRYU1jM05hTXQ0QTkwRWh3Z2loTmcxQWRDQTExUS9rM3Z5UWZaK25RU2VXdmQ4VytBYmpnPQ--
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 07 Nov 2022 06:46:13 GMT
strict-transport-security: max-age=0
via: 1.1 google
server: rhino-core-shield
alt-svc: clear
content-type: application/octet-stream

GET /
www.pay24.co.il/ Frame 0665 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.pay24.co.il
URL: https://www.pay24.co.il/

Verdicts & Comments Add Verdict or Comment

190 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
payment.meshotet.co.il/	1969-12-31 23:59:59	Name: PHPSESSID Value: hd0mlchscmrfjqvjmumte927ld
.meshotet.co.il/	1970-01-20 16:38:19	Name: __gads Value: ID=53fc0b326f034020-221c6e6a6bce0052:T=1667803569:RT=1667803569:S=ALNI_Max19yGsvX-LjpBjPytuJFd_V1DOg
.meshotet.co.il/	1970-01-20 16:38:19	Name: __gpi Value: UID=00000b7db22c30e8:T=1667803569:RT=1667803569:S=ALNI_MYt4FPFrGlV9xoTz9DEslODZwL8DQ
.doubleclick.net/	1970-01-20 16:38:19	Name: IDE Value: AHWqTUmtwZgACXPM7OqD1RuZ1s53cwt6sRzmH9vbOV5lu4KCuku3R6-BJb0LSGn_Bis
.doubleclick.net/	1970-01-20 07:16:47	Name: DSID Value: NO_DATA

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://www.pay24.co.il/ Message: [.WebGL-0x62800318600]GL Driver Message (OpenGL, Performance, GL_CLOSE_PATH_NV, High): GPU stall due to ReadPixels
rendering	warning	URL: https://www.pay24.co.il/(Line 2) Message: [.WebGL-0x62802594700]GL Driver Message (OpenGL, Performance, GL_CLOSE_PATH_NV, High): GPU stall due to ReadPixels
rendering	warning	URL: https://www.pay24.co.il/(Line 2) Message: [.WebGL-0x62801459b00]GL Driver Message (OpenGL, Performance, GL_CLOSE_PATH_NV, High): GPU stall due to ReadPixels (this message will no longer repeat)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
partner.googleadservices.com
payment.meshotet.co.il
s0.2mdn.net
static.xx.fbcdn.net
tpc.googlesyndication.com
www.facebook.com
www.google.com
www.googletagservices.com
www.gstatic.com
www.pay24.co.il
www.pay24.co.il
212.150.101.186
2a00:1450:4001:806::2001
2a00:1450:4001:806::2002
2a00:1450:4001:80b::2003
2a00:1450:4001:80e::2002
2a00:1450:4001:810::2002
2a00:1450:4001:811::2004
2a00:1450:4001:828::2003
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::200a
2a00:1450:4001:831::2002
2a00:1450:4001:831::2006
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
35.190.92.176
001acbb15d9c69510c0817e6dde361bff098406fad182ab3c367f86ff3da8343
15b192d13c1d029346a73cb1b2eb3a1b8905dfe8df1aaf9ced37356de9380e32
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1814debc58b1ac2edc20be6888704ce6ddda01864bf55ba1fe50e26e420c168c
1d9aee9c7463bd35f930878be886e5ee224aa8c9800331d699b91a28ceccdf1d
1e68824befed8768c8c5eade3fb67287586d2512d99e2a873c0adb2052ce83a5
23e1ec0e2df909370c22310e9851d5dbc1dfe79d0f41b98af790423a49bff13a
27c9c6fe7d19faa18222c6821959d06738034f424c9b3a162e701f013ff1a002
29a24baf918a3b9bbda58c98de4ba638f939c8b46fe292000cb833a50e4c303d
33953d06239abdbd561a85c109e97629b1b01bbcfc01b910b0fc423c76f27f25
3a180577000dc7ea70fe921a385bab54deaefd2f24efaa32f1fc7ebb6d2abd2e
40c361328f9928215ac5a6e82d40380caa33766097e5fa778735b3dde6de844d
41a6f34bcff6e9d1775269a8bf932eebbfe041ef6e346b108d898851ce77c7d8
43dc83166d4365b4af7a6202b676e7ab5eb97f66eb77ed0cf2d5848f229c8730
460c3caa6572cdfb606d8bfe83e2493b844ea26d7b26b1c07543d9c57975b6e2
4e328e0c61b85b010f443d12bdcc71175dc4a4c11b080c11d91347f13418b246
5407d0a754c22b2fa105e06769f90b89f6ab7ac42d5320db69d1c7e06d45af24
54b37a41557a66546be243b50d6e55fc463c1c2c8378ae4ade44f8579613c857
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55d8fc52238a44b40deef0d9b1db3e4c0fecd8d69bc1eea1852af7fb9e432f0a
5799a3b7d445f04d6f96a6321d4459e1bdefc87b123cc881732e9468c4b055b1
59eb2b3d5ead6ef59e78ede80682bbe4bde9a555d0cbca9e120c6ea70c708114
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
5fa4c8526fbcf45dbe2cf7f27d6bda6c3bf9d0bafbf29d356f2d7d126e91754f
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63c6e9663439bf2ea6e75eb9bb046d5e472cb5370d9458e37b831d585ab5e892
659712f14aa7361d9bc64289e6eeaa7c6d239571d96c78df8fcb8ace0b408fcd
6bc7ec8827a8041f132615d4c81af33da6bb343f6bf11e308513738b11f5b21c
6f4813e4fe6dd891838e421479bf603f6d3f0d2a55b90517b875a77050471d4b
79bf3c48843315bdb80e394be4686fde6b28ebbab94bd984839a265caf9a826d
7bc89001e7edc0a39981c7854b9049d11474b1ecccc82e061649ab7032483a98
7ee9fd8705c7d0dfc9af20e52def1885dd52232326f4753c3e0dbec6c22f409e
851a5b6ab3e550fae6297633338615ed48eb469fb08f8f22eb178f09c34d9b6d
885be112bc292d9a19bed07671c065afaf2d45bbf850c5a24c6380639206ed03
8a1eaf0e1f0cc7f4a952a95b71a99faedec929dd33616626f639ec34970fe6dc
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8fae3f178b82ed0adef4e36f85f77156365721d01b96c6495217cf5909c98649
91bed44b583923f29c6d29a23933778a865de8b39fefa787405af14d06e47c64
959c37003a822f30a9e24bcb0ecf32d495e586d9d4e7ad06da1250f1e1922aca
9623eaed2f7176a1c0a231e1c58684dacca16c9cff6d5eb1e7668465b053124b
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
9dec543a810bdae52c5a63b981a0db238ed750522697045e8b8c51dafaa4394b
a20328e2afd3a7e6ae13cab2d86b2df6c2d3b5779cb185e7bef6aa0080fe26b0
a2e470d6e277bf611a9ee4d336f601e637819481738332157320619194943e5b
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
b38977ea35fde92fe200fa14ac7cc55e2edce54b998ce9a08734ba1dd9053fed
b96e74f5f4cab6826d29d6a62da3bd491ef8ee048113baa0272b754c549e26aa
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
bed15b50fbf91f9873f5ede25e400ea120be329eb3252ced96aa0e9357b5f413
c1689e8de21564bc98eabc75f775ec2148e5c6a2bb407847eb7828214925b5b1
c1fcdc9e9342175de9616247f9d335abab55479a4d2411f260ea1d48e547bd12
c3c8a2a35f476071c663c539a5954e074a43f6d616d1c489e9fee60b78224b54
c96507386689e69f6112a5d0a91ea851a260e5c023642dc374a8489271f53246
cb4d9322cdc44c0b697b34a51228035c5fbdbfbddc68c7b7c6e484edfe6506fd
cfbb08f37e3ee4b7f0fed7f11bc875f01212f87932f2513ac3f112f20fca44b7
d524bfae27e5abd09253fc0750d127771c61bf3b8aad0ea5c23db7b0148a23f1
d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4
d8c72115cdef3f53c6b6fca71875db9a4ab71fc5d9b54cc396682c6ed9025f22
d99f77a187454fecc18b59b2f520b1598b246d01e142bfdc4de56eb7221a9330
dc3c826fb5d2ffaba81078a43660f45b3e353cb6602ff36ea1476106c0284238
dc49ceb78cc67ed6a55e217c21df30cf3efd74041edb3f2cb1138f97de6366e6
e06f3a4f0ba704241f9336e3d137a19b7adc53457c72c5affc28612024ea3cd1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d7177238e9d37d1f419ff12907367eb8e0dea72c60391f0c628646c0bfed10
e83a43067942e341ebb7319116315855d2c24e463c9f0eda69f1a4b5f66ded18
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5f0c42fa13f46ee21f52fe2d05a7fa05ba53c1e0149129d168444e801523c80
fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

payment.meshotet.co.il Open in urlscan Pro 212.150.101.186 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

95 Requests

98 %HTTPS

87 %IPv6

13 Domains

16 Subdomains

16 IPs

3 Countries

1518 kBTransfer

4069 kBSize

5 Cookies

0 Outgoing links

Redirected requests

95 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

payment.meshotet.co.il Open in urlscan Pro
212.150.101.186 Public Scan

Screenshot
Live screenshot

Full Image

95
Requests

98 %
HTTPS

87 %
IPv6

13
Domains

16
Subdomains

16
IPs

3
Countries

1518 kB
Transfer

4069 kB
Size

5
Cookies

95 HTTP transactions
3 data transactions