URL: https://www2.b3ta.com/funnelortunnel/
Submission Tags: falconsandbox
Submission: On April 28 via api from US — Scanned from DE

Summary

This website contacted 8 IPs in 2 countries across 6 domains to perform 45 HTTP transactions. The main IP is 2606:4700:3038::6815:eb56, located in United States and belongs to CLOUDFLARENET, US. The main domain is www2.b3ta.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 18th 2021. Valid for: a year.
This is the only time www2.b3ta.com was scanned on urlscan.io!

urlscan.io Verdict: No classification


Live information

Downloads These files were downloaded by the website

MIME: Standard MIDI data (format 1) using 19 tracks at 1/480
Size: 68 KB (69425 bytes, 100% done)
Downloaded from: https://www2.b3ta.com/funnelortunnel/browneye.mid

Domain & IP information

Apex Domain
Subdomains
Transfer
26 b3ta.com
www2.b3ta.com
109 KB
10 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 90
tpc.googlesyndication.com — Cisco Umbrella Rank: 123
236 KB
3 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 38
5 KB
3 google.com
adservice.google.com — Cisco Umbrella Rank: 61
www.google.com — Cisco Umbrella Rank: 2
2 KB
2 google.de
adservice.google.de — Cisco Umbrella Rank: 8897
914 B
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 749
641 B
45 6
Domain Requested by
26 www2.b3ta.com www2.b3ta.com
pagead2.googlesyndication.com
7 pagead2.googlesyndication.com www2.b3ta.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
3 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
3 googleads.g.doubleclick.net pagead2.googlesyndication.com
2 adservice.google.com pagead2.googlesyndication.com
2 adservice.google.de pagead2.googlesyndication.com
1 www.google.com tpc.googlesyndication.com
1 partner.googleadservices.com pagead2.googlesyndication.com
45 8

This site contains links to these domains. Also see Links.

Domain
b3ta.com
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-07-18 -
2022-07-17
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2022-04-11 -
2022-07-04
3 months crt.sh
*.googleadservices.com
GTS CA 1C3
2022-04-11 -
2022-07-04
3 months crt.sh
*.google.de
GTS CA 1C3
2022-04-11 -
2022-07-04
3 months crt.sh
*.google.com
GTS CA 1C3
2022-04-11 -
2022-07-04
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2022-04-11 -
2022-07-04
3 months crt.sh
www.google.com
GTS CA 1C3
2022-04-11 -
2022-07-04
3 months crt.sh

This page contains 7 frames:

Primary Page: https://www2.b3ta.com/funnelortunnel/
Frame ID: 58BC90742751B560E9CE1214C8B18664
Requests: 36 HTTP requests in this frame

Frame: https://www2.b3ta.com/funnelortunnel/browneye.mid
Frame ID: 171FF7BF05DE154465ECA9B6FBF580A1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5420552511847274&output=html&h=90&adk=1134031548&adf=2802373691&w=728&lmt=1639753573&channel=5575453904&ad_type=text_image&format=728x90_as&color_bg=003366&color_border=6699CC&color_link=FFFFFF&color_text=AECCEB&color_url=AECCEB&url=https%3A%2F%2Fwww2.b3ta.com%2Ffunnelortunnel%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651135851190&bpp=25&bdt=166&idt=93&shv=r20220425&mjsv=m202204210101&ptt=5&saldr=sa&abxe=1&correlator=517810180156&frm=20&pv=2&ga_vid=533606186.1651135851&ga_sid=1651135851&ga_hid=1354530440&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=12&ady=8&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31067267%2C21065724%2C31060033&oid=2&pvsid=1530184543429488&pem=623&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=h6URwsioBm&p=https%3A//www2.b3ta.com&dtd=109
Frame ID: AA22C99C97FC78AFCB13C55AB54F0040
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220425/r20190131/zrt_lookup.html
Frame ID: 975C76E706210B4D77F1413764AE97FB
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5420552511847274&output=html&adk=1812271804&adf=1573534164&lmt=1639753573&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&channel=5575453904&format=0x0&url=https%3A%2F%2Fwww2.b3ta.com%2Ffunnelortunnel%2F&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651135851443&bpp=1&bdt=420&idt=1&shv=r20220425&mjsv=m202204210101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Deda339168555d378-2238b79a82cd006f%3AT%3D1651135851%3ART%3D1651135851%3AS%3DALNI_MZdPBxk9as-zky25L2FzfIpEqAf1w&prev_fmts=728x90_as&nras=1&correlator=517810180156&pv_ch=5575453904%2B&frm=20&pv=1&ga_vid=533606186.1651135851&ga_sid=1651135851&ga_hid=1354530440&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31067267%2C21065724%2C31060033&oid=2&pvsid=1530184543429488&pem=623&tmod=988033070&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=20
Frame ID: E78DDF4B5DECF45657199CC80D58815C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: B340AB18727862A010CF340FC872D09E
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F879B5A4A73F4BBC23DFDBD11F6E61CB
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

Funnel or Tunnel? A photo quiz from B3ta.

Detected technologies

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/pagead/show_ads\.js

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Page Statistics

45
Requests

100 %
HTTPS

88 %
IPv6

6
Domains

8
Subdomains

8
IPs

2
Countries

353 kB
Transfer

820 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

45 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www2.b3ta.com/funnelortunnel/
9 KB
3 KB
Document
General
Full URL
https://www2.b3ta.com/funnelortunnel/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3038::6815:eb56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
62c94bf8b1ddcec5ce9160d93d38a89d7e06af49a86be705ceae0c0aa9fccc25

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
702e8d7c49e1375f-MXP
content-encoding
br
content-type
text/html; charset=UTF-8
date
Thu, 28 Apr 2022 08:50:51 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified
Fri, 17 Dec 2021 15:06:13 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FBeCOrt%2BXpUON8%2Bu3kG4wKTx%2B2wJQuO%2FdVwnMoTZ8DqNhsfGtJ5RWaE%2B0toH7npIbAoYBA%2B8I61MjbpB8vTfrjf5iBMke5S4b4WK4i5rbnXtD8CEiPKugiP%2FrAdFCYecXwht2jydU7ulK8AO"}],"group":"cf-nel","max_age":604800}
server
cloudflare
ruffle.js
www2.b3ta.com/robflash/wilflash/ruffle/
82 KB
23 KB
Script
General
Full URL
https://www2.b3ta.com/robflash/wilflash/ruffle/ruffle.js
Requested by
Host: www2.b3ta.com
URL: https://www2.b3ta.com/funnelortunnel/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3038::6815:eb56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
406fb6e2f54a21b95946b2c0ac218e16775a684d0c0ab90cb5f57a1445a3a170

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/funnelortunnel/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 16 Dec 2021 00:12:12 GMT
server
cloudflare
etag
W/"146fa-5d3384624cf00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MwnNoE%2BzE7UarRamjKBkE8o7JBO4f7XyfK7cqaJD95JmpGchSyT4JyfEWScUW%2BXPG%2B4cWB6TGJLIStu70Ww1univtpYpY9%2BU9MphWz7%2Fz0z6NrbgoDZEWQ4GeJNAeOd%2Bhkb%2FW3aOZxd0KTS5"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
702e8d7d0b51375f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
show_ads.js
pagead2.googlesyndication.com/pagead/
116 KB
40 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: www2.b3ta.com
URL: https://www2.b3ta.com/funnelortunnel/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9e1b4e921862d369d5e900cf8ef742d43ccf02fe041ecb9e8bd9b852802dadd8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40124
x-xss-protection
0
server
cafe
etag
14646233560734667485
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 28 Apr 2022 08:50:51 GMT
logo.gif
www2.b3ta.com/funnelortunnel/
9 KB
9 KB
Image
General
Full URL
https://www2.b3ta.com/funnelortunnel/logo.gif
Requested by
Host: www2.b3ta.com
URL: https://www2.b3ta.com/funnelortunnel/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3038::6815:eb56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6175bc44b393051e6ce4fafed2e5a172a378875d7d464854e873a01c625f16b3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/funnelortunnel/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
cf-cache-status
MISS
last-modified
Thu, 06 Dec 2018 09:38:31 GMT
server
cloudflare
etag
"237d-57c5743022871"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=47kWlxHpWcVgub43Jnymg%2Fw0Upl3d3BSA2R3j858KRtMcZYQfoCyAwBkyAbjI1pdN8uWA9ChUKqjWNWKB0H6KmUMIbVr863AR5v%2FQlloA22R5OvjSYwemfOOvUBSWhTP4mfxjEPmTiIJt4J7"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
702e8d7d9c535fc5-MRS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
9085
5.jpg
www2.b3ta.com/funnelortunnel/
4 KB
4 KB
Image
General
Full URL
https://www2.b3ta.com/funnelortunnel/5.jpg
Requested by
Host: www2.b3ta.com
URL: https://www2.b3ta.com/funnelortunnel/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3038::6815:eb56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
168e24505881812c5499c65fddc09b1c71864dbb4e89a370d6aafc4feb30af3d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/funnelortunnel/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
cf-cache-status
MISS
last-modified
Thu, 06 Dec 2018 09:38:31 GMT
server
cloudflare
etag
"f83-57c574300c4f9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xqnrFEPSVFcpzMaJ9kelmJwV84XvcxDAayevxFviWSsfKM6ICcoaSeqrYkUHPPmarfvjdTWq2lJXHhSOcvbfHzxaFWW7ql9aSc%2B%2BVsJ9WW8Fhfa%2FOMlCsV1U2ZPqdAKJukPTaOHlsODEQJBx"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
702e8d7dfca55fc5-MRS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3971
none.gif
www2.b3ta.com/funnelortunnel/
92 B
638 B
Image
General
Full URL
https://www2.b3ta.com/funnelortunnel/none.gif
Requested by
Host: www2.b3ta.com
URL: https://www2.b3ta.com/funnelortunnel/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3038::6815:eb56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
24f08334a3edfaca0a790fde692061ff4660864b6ca57904352b3dcb6b1692f2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/funnelortunnel/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
cf-cache-status
MISS
last-modified
Thu, 06 Dec 2018 09:38:31 GMT
server
cloudflare
etag
"5c-57c574300e439"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=caXtlczI5Zsfa4R52rk%2BbRzjq7m%2BqbEZjk67qACTK%2F1nGh3%2Fu6%2BgBEuFjsXsA4ImreTRN%2FocVRPHUtVeBYyzkMuyrAbYkdlblRGkQJ4Pgunl8EdfB8ufArQgzvtZaSHOUgcGVcd50vHWx9BI"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
702e8d7e0ca75fc5-MRS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
92
9.jpg
www2.b3ta.com/funnelortunnel/
4 KB
4 KB
Image
General
Full URL
https://www2.b3ta.com/funnelortunnel/9.jpg
Requested by
Host: www2.b3ta.com
URL: https://www2.b3ta.com/funnelortunnel/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3038::6815:eb56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
daac21a8d7e4f6ad94ae6c5c796cae38a0ea3e7df3eabfd863476ebad9b77886

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/funnelortunnel/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
cf-cache-status
MISS
last-modified
Thu, 06 Dec 2018 09:38:31 GMT
server
cloudflare
etag
"e74-57c57430170d9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pJi2KLAtAPYgLUATj5CaFgpa6y5SnDVgNuvZ7wAE%2FGsGDoJclxKYsnOOVjfcE3SAApDRDEZA0u7DfAYTg3Op80R3OTLdF41CK3TQZsQTVV7cS9EkEp3BEtgC0dFicAajwCN0Ah5rwzlGYdQb"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
702e8d7e0ca95fc5-MRS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3700
6.jpg
www2.b3ta.com/funnelortunnel/
3 KB
3 KB
Image
General
Full URL
https://www2.b3ta.com/funnelortunnel/6.jpg
Requested by
Host: www2.b3ta.com
URL: https://www2.b3ta.com/funnelortunnel/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3038::6815:eb56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1234242c0966a56bbf2ff0131a7fc97d5751b2bfb476d42c30577754cae686db

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/funnelortunnel/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
cf-cache-status
MISS
last-modified
Thu, 06 Dec 2018 09:38:31 GMT
server
cloudflare
etag
"b57-57c574302b8f9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7%2Ff1SGNu2ohJP8AHyMbZPh5Uq%2BBNDRsU1hsgQSaXpmyDxK9wTcPzn95J9VBRKa8peo9lYIcZ63zRJoyTxxn%2BvyDdjuGvyJsbOV41XDPpvXgF1jyzyoZbC9rK1RM0%2BqyRfYLk7ANeW%2Fy6SQ2b"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
702e8d7e0caf5fc5-MRS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
2903
10.jpg
www2.b3ta.com/funnelortunnel/
3 KB
4 KB
Image
General
Full URL
https://www2.b3ta.com/funnelortunnel/10.jpg
Requested by
Host: www2.b3ta.com
URL: https://www2.b3ta.com/funnelortunnel/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3038::6815:eb56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d9414820a53db1a8c010c2511bb543ae69fab8ddf573ab026b7baa24bc17bfa

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/funnelortunnel/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
cf-cache-status
MISS
last-modified
Thu, 06 Dec 2018 09:38:31 GMT
server
cloudflare
etag
"be8-57c57430197e9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bk%2FHcLLZviRvGVLLCihpmdqd%2FUVw5As%2BxDF3HbD2SD%2F2rdyXPNgBynxrPcCsRu5BKHWZyS3GZxvKhTAe685RF66ckCjXg%2F0iIj3p8HhdwEuP8sCpBeoy9rcW%2F5EHeEHSIgzZCZf2qNI4Wbfk"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
702e8d7e0cb05fc5-MRS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3048
13.jpg
www2.b3ta.com/funnelortunnel/
4 KB
4 KB
Image
General
Full URL
https://www2.b3ta.com/funnelortunnel/13.jpg
Requested by
Host: www2.b3ta.com
URL: https://www2.b3ta.com/funnelortunnel/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3038::6815:eb56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e454d78562f80d05853ea22d9121773f95bbec62d1fad7b48e18f288eb760a53

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/funnelortunnel/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
cf-cache-status
MISS
last-modified
Thu, 06 Dec 2018 09:38:31 GMT
server
cloudflare
etag
"eca-57c5743015969"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DCiKJLrL7GcxVV3Qe%2FOLo6vX%2Fxz%2FrmWAhRf4zyb4I6O6ahIiujz%2BYTyqmt493O7Pe0nK1BV7tmgoT%2FHIN5%2Bv3LQSHtJN60GB01PMOAPBepkB%2Fl7nJj1sM3yqufByncBbDA1xhFjMubNHXtDF"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
702e8d7e0cb15fc5-MRS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3786
7.jpg
www2.b3ta.com/funnelortunnel/
4 KB
4 KB
Image
General
Full URL
https://www2.b3ta.com/funnelortunnel/7.jpg
Requested by
Host: www2.b3ta.com
URL: https://www2.b3ta.com/funnelortunnel/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3038::6815:eb56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
81be7b8a6ce9e1f66dbee9e03a906f5cc8068c3705c8d92455af5dfe5cb4117f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/funnelortunnel/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
cf-cache-status
MISS
last-modified
Thu, 06 Dec 2018 09:38:31 GMT
server
cloudflare
etag
"fb4-57c5743016521"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MuiJYQJwlISvJ814z%2BFtpItErIbsPvIDHKYT5r3TsSkXPbWmmE%2FI5uewfohyJehpdPrYRdIoJl1k2eVT2AT8zjoHGJTRX2MZhzyLM%2FRTLIUPTviERSmSuWN8ABnr7X6YT96zx7Irais6pu%2Bh"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
702e8d7e0cb25fc5-MRS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
4020
14.jpg
www2.b3ta.com/funnelortunnel/
3 KB
4 KB
Image
General
Full URL
https://www2.b3ta.com/funnelortunnel/14.jpg
Requested by
Host: www2.b3ta.com
URL: https://www2.b3ta.com/funnelortunnel/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3038::6815:eb56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b368dbb4835d739f66423e7d328dc73b4e30107b2c5649901674acc2812d6406

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/funnelortunnel/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
cf-cache-status
MISS
last-modified
Thu, 06 Dec 2018 09:38:31 GMT
server
cloudflare
etag
"d4b-57c57430149c9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O9UgkoVMCCRTTt8%2FZzVTngSqUXua3pQjK317NYaJ5SaoMzmD%2FggoRcYSD5nufuM7PCHljRcpJfZqbbW5HOH0vkzCreDbToSpN%2BUYkUxs9JblkbeShcdJPxWCYvIDbvWxss2rdBoFNHL2TN2R"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
702e8d7e0cb45fc5-MRS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3403
8.jpg
www2.b3ta.com/funnelortunnel/
3 KB
3 KB
Image
General
Full URL
https://www2.b3ta.com/funnelortunnel/8.jpg
Requested by
Host: www2.b3ta.com
URL: https://www2.b3ta.com/funnelortunnel/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3038::6815:eb56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b0c5af239965e0d4f636f8214bc8685a606046099641bdad33b74375d76dc83b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/funnelortunnel/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
cf-cache-status
MISS
last-modified
Thu, 06 Dec 2018 09:38:31 GMT
server
cloudflare
etag
"b4d-57c5743023429"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F3HHQSkeH5jDt%2BoZ%2FZr4yOY59bnrWOH3iWECzakQ%2FynywH8HeVJrIb6B%2BjAdJUHaJlePtOtRcV7WSvS3TasHuWGV6OowiQLfN7el5SB5sOXQ9zqTDILouMeRWMuMzaHVwN%2FJ%2FrvEbb8MF3E1"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
702e8d7e0cb65fc5-MRS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
2893
1.jpg
www2.b3ta.com/funnelortunnel/
4 KB
4 KB
Image
General
Full URL
https://www2.b3ta.com/funnelortunnel/1.jpg
Requested by
Host: www2.b3ta.com
URL: https://www2.b3ta.com/funnelortunnel/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3038::6815:eb56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3fd89460ee9732a0415a9d1bef7d98617d50af978421c31a161401908bd6d2bf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/funnelortunnel/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
cf-cache-status
MISS
last-modified
Thu, 06 Dec 2018 09:38:31 GMT
server
cloudflare
etag
"f45-57c574302ad41"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J8gc9oZo0xAASbQzdlnLgK9eA2rbq5jueWA51Z7FuUqJpwZNq6azeX1I9%2FvSYze3lMm2QowppdRs1u6u3wMVHAp5TkBEr1NApWh%2Brjk0wT8JXWeepcHSMfiGokmG9nSWo1ZICjNmmSkTZoZ5"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
702e8d7e0cb85fc5-MRS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3909
16.jpg
www2.b3ta.com/funnelortunnel/
4 KB
5 KB
Image
General
Full URL
https://www2.b3ta.com/funnelortunnel/16.jpg
Requested by
Host: www2.b3ta.com
URL: https://www2.b3ta.com/funnelortunnel/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3038::6815:eb56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0d47becf2549396fe0e58e68ac4a6429a170fe79d7ce7dc2955b7c8c4cf060fb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/funnelortunnel/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
cf-cache-status
MISS
last-modified
Thu, 06 Dec 2018 09:38:31 GMT
server
cloudflare
etag
"fef-57c5743019fb9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a0XPkCmIuaULEJkZcEyFozBybr6GIeTLvR%2FgEpXTbAn6F2udb25WRnIzNXorebY%2FJcW5pgdVicqusseSnkiWdlwP0YPPKGmSelRbiOAhGfk02qfeN94HBkCt4GjKOlk04WQMmEOObL2yXPaT"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
702e8d7e0cbb5fc5-MRS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
4079
15.jpg
www2.b3ta.com/funnelortunnel/
3 KB
4 KB
Image
General
Full URL
https://www2.b3ta.com/funnelortunnel/15.jpg
Requested by
Host: www2.b3ta.com
URL: https://www2.b3ta.com/funnelortunnel/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3038::6815:eb56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a679e178d1da11f7329cc148b24fe19edf285781644a147fcdd5f1549ba6ad03

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/funnelortunnel/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
cf-cache-status
MISS
last-modified
Thu, 06 Dec 2018 09:38:31 GMT
server
cloudflare
etag
"c38-57c5743007ac1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZtFZiEzXfZdPhN5gEeYk4hYLWfQXuTCfTdCLlbGRp4lW8OJ38dpk8byy3S6b5ZbJAD4gvfvBuxprhVgjziQR%2FFWQd3mfZkRbAXTnY9EHTbHHRGxndW6ZElCXvlBI8L9TAEgiZ1td%2F0mvfl6L"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
702e8d7e0cbd5fc5-MRS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3128
2.jpg
www2.b3ta.com/funnelortunnel/
3 KB
4 KB
Image
General
Full URL
https://www2.b3ta.com/funnelortunnel/2.jpg
Requested by
Host: www2.b3ta.com
URL: https://www2.b3ta.com/funnelortunnel/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3038::6815:eb56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
969ec3d1e29709ac6fa49c6cae5951cd2f96257a0754f09fc7e5a3d31654909c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/funnelortunnel/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
cf-cache-status
MISS
last-modified
Thu, 06 Dec 2018 09:38:31 GMT
server
cloudflare
etag
"c15-57c574300d499"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f7zt8Kqm0fj%2Bal1mtrz1Cz%2F39kvZSPofH8shLotqk0p5EAVsXb9TNgOjvdnqP2HTcT2eAzH8NGxgR4kUF3MVwkEMHnL3smebHc6SmPPq76jAKgAEQzctNN0I9K0n2%2BLuVC8TRLp%2FHWxYGE2X"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
702e8d7e0cbf5fc5-MRS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3093
3.jpg
www2.b3ta.com/funnelortunnel/
3 KB
3 KB
Image
General
Full URL
https://www2.b3ta.com/funnelortunnel/3.jpg
Requested by
Host: www2.b3ta.com
URL: https://www2.b3ta.com/funnelortunnel/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3038::6815:eb56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a8b353883f0ea96149ca60a0f2fb12e97b028e26d0597227113713351c2198cf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/funnelortunnel/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
cf-cache-status
MISS
last-modified
Thu, 06 Dec 2018 09:38:31 GMT
server
cloudflare
etag
"b7f-57c5743010761"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vSoD02VTSjSHS5EQMCu%2FdgbW1O0dAxZwGGACx%2BPK0lQI915iTmPJ0m9Mfv88diZihZB%2BSUiTwMg1U7ryFTbEVCUbhMjkbrjq%2FKccrJ4ehcXBNaiU1n%2BfvjgoO9%2FnksW4GLqCxpOfsW1XIsOE"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
702e8d7e0cc15fc5-MRS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
2943
4.jpg
www2.b3ta.com/funnelortunnel/
5 KB
6 KB
Image
General
Full URL
https://www2.b3ta.com/funnelortunnel/4.jpg
Requested by
Host: www2.b3ta.com
URL: https://www2.b3ta.com/funnelortunnel/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3038::6815:eb56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
55c9a7e464fbcfb3cc2406f43c4113ea58a833c3c7c80704a5c6945f6aeb6efc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/funnelortunnel/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
cf-cache-status
MISS
last-modified
Thu, 06 Dec 2018 09:38:31 GMT
server
cloudflare
etag
"147b-57c5743012e71"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cnyLU4r9PKO5bZ6jXtgnU2kZT675cfOZmw%2FopivgxVFEe0Jt3SfVa1JpJDEQG7i2PwSM4bQvm73YBkppmuKwgpQwer7dc6vGxtlFSUpjCK8bYG7aZlAJLOaN6giampTDIil1w4bDo9UTb47x"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
702e8d7e0cc35fc5-MRS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
5243
11.jpg
www2.b3ta.com/funnelortunnel/
6 KB
6 KB
Image
General
Full URL
https://www2.b3ta.com/funnelortunnel/11.jpg
Requested by
Host: www2.b3ta.com
URL: https://www2.b3ta.com/funnelortunnel/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3038::6815:eb56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ac61aaaa0053dc7063e39c11e17af1336c8896a4bd363220432aad9c788f6e87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/funnelortunnel/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
cf-cache-status
MISS
last-modified
Thu, 06 Dec 2018 09:38:31 GMT
server
cloudflare
etag
"1725-57c574301de39"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2rdVhMcPDBFgr6rlICF3Yjej4a5GXsm2bDVwJtHu5xWhdWIkWTIss3sJ8LyI3bnhHL4GRKw%2BZFxF3kMLtHffzVzkFjL9d60wt9kRbtXMpaDmEPw3dgwtjsT%2BF0iuiPQ10rr4%2FngjTPKwp1Vs"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
702e8d7e0cc45fc5-MRS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
5925
12.jpg
www2.b3ta.com/funnelortunnel/
3 KB
4 KB
Image
General
Full URL
https://www2.b3ta.com/funnelortunnel/12.jpg
Requested by
Host: www2.b3ta.com
URL: https://www2.b3ta.com/funnelortunnel/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3038::6815:eb56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d33238343c014a5fb9a96a248b6261e4977ac94f7b4d6f0a6b3506e9338a72f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/funnelortunnel/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
cf-cache-status
MISS
last-modified
Thu, 06 Dec 2018 09:38:31 GMT
server
cloudflare
etag
"c98-57c5743006b21"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jl7tB8Dzngt61JKi5t6gkHzVK0fXq%2B8NgbsTfwHMZob7xqopB%2BEm%2Fq9kw8%2F1nrwc%2Fzx%2BWvP6V5EeYkDJ8SFNdkBZEjq5yagHd3iso34zkrN4CuJZXLGeN8wgWFXXxMBZ9WJlb2CooJiwGvjh"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
702e8d7e0cc55fc5-MRS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3224
tick.gif
www2.b3ta.com/funnelortunnel/
371 B
916 B
Image
General
Full URL
https://www2.b3ta.com/funnelortunnel/tick.gif
Requested by
Host: www2.b3ta.com
URL: https://www2.b3ta.com/funnelortunnel/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3038::6815:eb56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4360d5406e86598356f7dbc47b9bd98e95cca46a7722620fd1c2494904c7f3a6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/funnelortunnel/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
cf-cache-status
MISS
last-modified
Thu, 06 Dec 2018 09:38:31 GMT
server
cloudflare
etag
"173-57c574301d669"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dn4wSdVwGPtWtMscMB4dt7HecYLp2kxgt1qvwUFKjK8dkhEn66xGuC7%2B5xOqQvpSNscUonD2Z00YVRbiOWeFdxuqCHSszRmrNrN2K%2FjTrmnuJ3rYgHCHl7NYiRHafQOO%2BlP3C71Vf%2F666qTH"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
702e8d7e0cc75fc5-MRS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
371
cross.gif
www2.b3ta.com/funnelortunnel/
478 B
1 KB
Image
General
Full URL
https://www2.b3ta.com/funnelortunnel/cross.gif
Requested by
Host: www2.b3ta.com
URL: https://www2.b3ta.com/funnelortunnel/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3038::6815:eb56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f0c0b0a74bdfa6f68dc4ef40d801252c2c9d5dec1352becf326610ef7dc2afa

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/funnelortunnel/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
cf-cache-status
MISS
last-modified
Thu, 06 Dec 2018 09:38:31 GMT
server
cloudflare
etag
"1de-57c574300ec09"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9n2%2Fq8c%2F%2Bh3hKbSspQaFHFyT9SM1wY2GSDduwdzRVx1CLLaBvViBSddMlgdTX1VCi%2FHUpuFEbYfaaX9Q6SXOS6C8RdJ0x3l8nx9SRmsjYW6M1uv%2Bl51JFMaC0bcxaunuGnbwiKc%2FxVKW%2BS2w"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
702e8d7e0cc85fc5-MRS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
478
lady.gif
www2.b3ta.com/funnelortunnel/
1 KB
2 KB
Image
General
Full URL
https://www2.b3ta.com/funnelortunnel/lady.gif
Requested by
Host: www2.b3ta.com
URL: https://www2.b3ta.com/funnelortunnel/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3038::6815:eb56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd605892a69639fe77c0a08e89e9413dbcf3e761b037ff49008cab969589176a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/funnelortunnel/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
cf-cache-status
MISS
last-modified
Thu, 06 Dec 2018 09:38:31 GMT
server
cloudflare
etag
"58a-57c57430266f1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=arA3N0KyaSeaHEYXm%2FwFRE09Cn0Ijs7k2WX3BsZ79wl6ZWqygbaaK42CawRXjhVpSlfdsVTG30QTwTyKzk%2BfBWZvU6iyhWGF9uQauK1ZMQ8ysp5A2VZYOYkDDkC0GgBftQ%2BRI%2B5KwF62ND9R"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
702e8d7e0cc95fc5-MRS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1418
man.gif
www2.b3ta.com/funnelortunnel/
1 KB
2 KB
Image
General
Full URL
https://www2.b3ta.com/funnelortunnel/man.gif
Requested by
Host: www2.b3ta.com
URL: https://www2.b3ta.com/funnelortunnel/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3038::6815:eb56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf90df83e961bb78c269a45fd5ffce2c43ee21111e2c5f9de0ea9f3f9f960ff1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/funnelortunnel/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
cf-cache-status
MISS
last-modified
Thu, 06 Dec 2018 09:38:31 GMT
server
cloudflare
etag
"575-57c5743013a29"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HAGS7HBB3FyNZOtSCqunwX4q1syDJvrNT6aHPrR0xnumlCdLE9wnLQG4WkwO2TKP39Z%2BXMdgvpZ56tGi4WeXj%2Bg6qcMGeU4CV7zbw6zT%2FXh1lSPiWmjX37NmJsbQ4dvpjreOB4NNOXgndfUy"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
702e8d7e0cca5fc5-MRS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1397
email-decode.min.js
www2.b3ta.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/
1 KB
1 KB
Script
General
Full URL
https://www2.b3ta.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: www2.b3ta.com
URL: https://www2.b3ta.com/funnelortunnel/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3038::6815:eb56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/funnelortunnel/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 22 Apr 2022 17:45:27 GMT
server
cloudflare
etag
W/"6262e9b7-4d7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QkXiuX7M0sjKKT7jVkQqqEpUBo976tFpI10dTxGMnICxHUhqbsG85sN85rr2PqUYymqcfOqaAGnlKbvmT9IyH%2FP1pklCs6Y0uEs1QaSj4kUdUvaEoCN727oIM52TE0VcTeptDoKeQEQKyh3g"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=172800, public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
702e8d7d7c225fc5-MRS
vary
Accept-Encoding
expires
Sat, 30 Apr 2022 08:50:51 GMT
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204210101/
308 KB
110 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204210101/show_ads_impl_with_ama_fy2019.js?client=pub-5420552511847274&plah=www2.b3ta.com&bust=31067267
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e02f6cb25bb20ce22704aacacd39044b50f7510154f69473f1ca1e3fa38765e6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
112817
x-xss-protection
0
server
cafe
etag
5911401120928843368
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Thu, 28 Apr 2022 08:50:51 GMT
browneye.mid
www2.b3ta.com/funnelortunnel/ Frame 171F
0
0
Document
General
Full URL
https://www2.b3ta.com/funnelortunnel/browneye.mid
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3038::6815:eb56 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www2.b3ta.com/funnelortunnel/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=14400
cf-cache-status
MISS
cf-ray
702e8d7e2ce75fc5-MRS
content-length
69425
content-type
audio/midi
date
Thu, 28 Apr 2022 08:50:51 GMT
etag
"10f31-57c574300b941"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified
Thu, 06 Dec 2018 09:38:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KtBcpjtwbLKdcl32glWATevpjx8rKOirgYCQ%2FH24coO5OmZ%2F4iLTEqpC9%2BxZUQEsfhePgLYU%2BWEOoTEWZm7Rb7bagkZBsVqFWLMKTwdaVNOeMhvqMSgHu83%2FPaCmD%2FGntfg3U7WV3%2FGcgZkH"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
cookie.js
partner.googleadservices.com/gampad/
212 B
641 B
Script
General
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=www2.b3ta.com&callback=_gfp_s_&client=ca-pub-5420552511847274
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204210101/show_ads_impl_with_ama_fy2019.js?client=pub-5420552511847274&plah=www2.b3ta.com&bust=31067267
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
3b6e427644967618eabdafa6ef91b77d80ad04309ed653ac578904ee54fd1eba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
196
x-xss-protection
0
integrator.js
adservice.google.de/adsid/
107 B
792 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www2.b3ta.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204210101/show_ads_impl_with_ama_fy2019.js?client=pub-5420552511847274&plah=www2.b3ta.com&bust=31067267
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 28 Apr 2022 08:50:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
549 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www2.b3ta.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204210101/show_ads_impl_with_ama_fy2019.js?client=pub-5420552511847274&plah=www2.b3ta.com&bust=31067267
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 28 Apr 2022 08:50:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame AA22
603 B
600 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5420552511847274&output=html&h=90&adk=1134031548&adf=2802373691&w=728&lmt=1639753573&channel=5575453904&ad_type=text_image&format=728x90_as&color_bg=003366&color_border=6699CC&color_link=FFFFFF&color_text=AECCEB&color_url=AECCEB&url=https%3A%2F%2Fwww2.b3ta.com%2Ffunnelortunnel%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651135851190&bpp=25&bdt=166&idt=93&shv=r20220425&mjsv=m202204210101&ptt=5&saldr=sa&abxe=1&correlator=517810180156&frm=20&pv=2&ga_vid=533606186.1651135851&ga_sid=1651135851&ga_hid=1354530440&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=12&ady=8&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31067267%2C21065724%2C31060033&oid=2&pvsid=1530184543429488&pem=623&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=h6URwsioBm&p=https%3A//www2.b3ta.com&dtd=109
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204210101/show_ads_impl_with_ama_fy2019.js?client=pub-5420552511847274&plah=www2.b3ta.com&bust=31067267
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www2.b3ta.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding
br
content-length
46
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 28 Apr 2022 08:50:51 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
143 KB
50 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
58cc088edf70ceda54a1c95260778e2b69605dd2c56d8355a1a25e3ecc566591
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
51340
x-xss-protection
0
server
cafe
etag
15656185791560202681
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 28 Apr 2022 08:50:51 GMT
sodar
pagead2.googlesyndication.com/getconfig/
14 KB
10 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220425&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204210101/show_ads_impl_with_ama_fy2019.js?client=pub-5420552511847274&plah=www2.b3ta.com&bust=31067267
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7078213278126f2fdc6a9a10be6b947e5d6e28bcb659e39082518cd4fa1dfe9f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 28 Apr 2022 08:50:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10594
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204210101/show_ads_impl_with_ama_fy2019.js?client=pub-5420552511847274&plah=www2.b3ta.com&bust=31067267
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 28 Apr 2022 08:50:51 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220425/r20190131/ Frame 975C
10 KB
4 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220425/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7339fe12f332ac7ecd6e0ef04bb7a48fad9e74be887d67f458548ff33ea4db65
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www2.b3ta.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
56112
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=1209600
content-encoding
gzip
content-length
4404
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 27 Apr 2022 17:15:39 GMT
etag
3347421328414474149
expires
Wed, 11 May 2022 17:15:39 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
integrator.js
adservice.google.de/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www2.b3ta.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204210101/show_ads_impl_with_ama_fy2019.js?client=pub-5420552511847274&plah=www2.b3ta.com&bust=31067267
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 28 Apr 2022 08:50:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www2.b3ta.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204210101/show_ads_impl_with_ama_fy2019.js?client=pub-5420552511847274&plah=www2.b3ta.com&bust=31067267
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 28 Apr 2022 08:50:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame E78D
0
20 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5420552511847274&output=html&adk=1812271804&adf=1573534164&lmt=1639753573&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&channel=5575453904&format=0x0&url=https%3A%2F%2Fwww2.b3ta.com%2Ffunnelortunnel%2F&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651135851443&bpp=1&bdt=420&idt=1&shv=r20220425&mjsv=m202204210101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Deda339168555d378-2238b79a82cd006f%3AT%3D1651135851%3ART%3D1651135851%3AS%3DALNI_MZdPBxk9as-zky25L2FzfIpEqAf1w&prev_fmts=728x90_as&nras=1&correlator=517810180156&pv_ch=5575453904%2B&frm=20&pv=1&ga_vid=533606186.1651135851&ga_sid=1651135851&ga_hid=1354530440&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31067267%2C21065724%2C31060033&oid=2&pvsid=1530184543429488&pem=623&tmod=988033070&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=20
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204210101/show_ads_impl_with_ama_fy2019.js?client=pub-5420552511847274&plah=www2.b3ta.com&bust=31067267
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www2.b3ta.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 28 Apr 2022 08:50:51 GMT
expires
Thu, 28 Apr 2022 08:50:51 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame B340
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www2.b3ta.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
674
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 28 Apr 2022 08:39:37 GMT
expires
Fri, 28 Apr 2023 08:39:37 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame F879
783 B
1 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
f96f5c86d1bfeaf9c32347f29871d987df4861f2579b6b00293c4038a86af492
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-P/a4QWo8lU2k3o0ZKKjFaw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www2.b3ta.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
514
content-security-policy
script-src 'report-sample' 'nonce-P/a4QWo8lU2k3o0ZKKjFaw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 28 Apr 2022 08:50:51 GMT
expires
Thu, 28 Apr 2022 08:50:51 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
d_XgMe7_8DX3JscHlpumBxzOcHqlAtWKp75Cu0r3_I4.js
pagead2.googlesyndication.com/bg/ Frame B340
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/d_XgMe7_8DX3JscHlpumBxzOcHqlAtWKp75Cu0r3_I4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
77f5e031eefff035f726c707969ba6071cce707aa502d58aa7be42bb4af7fc8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 26 Apr 2022 17:16:51 GMT
content-encoding
br
x-content-type-options
nosniff
age
142440
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13694
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 26 Apr 2023 17:16:51 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame F879
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220425&jk=1530184543429488&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

generate_204
tpc.googlesyndication.com/ Frame B340
0
9 B
Image
General
Full URL
https://tpc.googlesyndication.com/generate_204?46Tdrw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 28 Apr 2022 08:50:51 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
sodar
pagead2.googlesyndication.com/pagead/
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220425&jk=1530184543429488&bg=!HB-lH1vNAAYXWUUuN1k7ACkAdvg8Wg26OYCQ5CJ9fcytprTs1PKsL7yb8qc_pZih5LKd6HNpVqsQQwIAAAA-UgAAAAJoAQcKAIpQLiup8LSaLIkxvCk5G1WfxHrHdZCHfVwm0qqW06cFD2fwYwxF7LceASFD0nOxQ4wPmMjeBVHhW7n2NrRsKTyBo4wSks0GFSocSbLY5pJ1BKZnWSo7ttkmNdS7Av0XUPu0n8raPugsoVknZx7k9VAunG8HSPYNRXgXtUpUi5PXuxpYXRqpb_DOY7mZApOlowrgrV8y0GZVdY9k3MBIBRJr434PSvotoXHcRGFiS_EKmf16RtsqHHP5qXQeCXHAZwtm0en8I0X0HaUkrz-rbyvN7m_HHA1V8cv7xz0EuxL-kUM1BkFlnmcKxLtFWrE6d6CrCf7sDnkowrKBOpVT4ge_EzDLShebUdgLZF1PRz-C9F1ny3algq1CQDqL8DdynbAhZi_cnL7WuMquMyUwtvK8TYIsvIAKUdOfEUxb-FzuVQuEtb-8qxIXDNZvYSNy7ENZKjfGjJrRCo6D96ksoIRnLR38mnP3iv1NXNrcmHBTssqHd1CgOm7lPGLIMNfh9uhDAdeN0-92rQ2rNYdO0Bz9xnjVuCW-sdDeMnH3DctZpeJH03KBJOAO8mw7jD_87FG5D_J8oKidHfv4FP6T5vwXaFlbja4P5MzOrCHr_1-ZFirEsJbWFD4O4LlpXdHCsuMlSb4g77Wh_yNCvnGbmRHyDGt7Z0AVk-AUQhRklBVOWN1fMmH-Vzo5nKgWF25l8fXHwC572hhhM2tq752rExGgyKgrfbMXVzwzxs6xp3aAq5u3B-6aAJn_CHCgWRpKgVPJxfpwTuKK9uXSNDVFD_fU1Uitqu0hWs_zDHONrARef6TZxGLwWeNbjuXGSI7hxEWrDzbB5pftcc8GeXkM2Vn1iTmgYuy4XNImbehXe4RVpwHQP__D0rCgoFpUDkfxRXi-smNIiwvPv-mjb7ZNQk7hgysafOw7_qS3OomY2Xto6brFKlmjdTTYrSseNWWxx0DG0p_aOU7IR-jarZl-gJD58VEGcVyJu0ZaimZMWc_ULZv7mEBepFGERGMA4X3ZJj-PFI6rgkeJgRVNAXe6EUsLZVLOC3fSUsgKyKmDNlXRMA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www2.b3ta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

173 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails object| RufflePlayer object| answer number| topsize object| texty function| ResetQuiz function| check number| MSIE number| NETS number| OPER object| google_ad_client object| google_ad_width object| google_ad_height object| google_ad_format object| google_ad_type object| google_ad_channel object| google_color_border object| google_color_bg object| google_color_link object| google_color_url object| google_color_text object| google_js_reporting_queue number| google_srt object| google_logging_queue object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state object| google_tag_data object| google_sa_queue function| google_process_slots number| google_unique_id object| google_ad_block object| google_ad_host object| google_ad_host_channel object| google_ad_host_tier_id object| google_ad_layout object| google_ad_layout_key object| google_ad_output object| google_ad_region object| google_ad_section object| google_ad_slot object| google_ad_unit_key object| google_ad_dom_fingerprint object| google_ad_semantic_area object| google_placement_id object| google_adtest object| google_allow_expandable_ads object| google_alternate_ad_url object| google_alternate_color object| google_apsail object| google_captcha_token object| google_city object| google_color_line object| google_container_id object| google_content_recommendation_ad_positions object| google_content_recommendation_columns_num object| google_content_recommendation_rows_num object| google_content_recommendation_ui_type object| google_content_recommendation_use_square_imgs object| google_contents object| google_country object| google_cpm object| google_ctr_threshold object| google_cust_age object| google_cust_ch object| google_cust_criteria object| google_cust_gender object| google_cust_id object| google_cust_interests object| google_cust_job object| google_cust_l object| google_cust_lh object| google_cust_u_url object| google_disable_video_autoplay object| google_enable_content_recommendations object| google_enable_ose object| google_encoding object| google_font_face object| google_font_size object| google_frame_id object| google_full_width_responsive_allowed object| efwr object| google_full_width_responsive object| gfwroh object| gfwrow object| gfwroml object| gfwromr object| gfwroz object| gfwrnh object| gfwrnwer object| gfwrnher object| google_gl object| google_hints object| google_image_size object| google_kw object| google_kw_type object| google_language object| google_loeid object| google_max_num_ads object| google_max_radlink_len object| google_max_responsive_height object| google_ml_rank object| google_mtl object| google_native_ad_template object| google_native_settings_key object| google_num_radlinks object| google_num_radlinks_per_unit object| google_override_format object| google_page_url object| google_pgb_reactive object| google_pucrd object| google_referrer_url object| google_region object| google_resizing_allowed object| google_resizing_height object| google_resizing_width object| rpe object| google_responsive_formats object| google_responsive_auto_format object| armr object| google_rl_dest_url object| google_rl_filtering object| google_rl_mode object| google_rt object| google_safe object| google_safe_for_responsive_override object| google_video_play_muted object| google_source_type object| google_tag_for_child_directed_treatment object| google_tag_for_under_age_of_consent object| google_tag_origin object| google_tag_partner object| google_targeting object| google_tfs object| google_video_doc_id object| google_video_product_type object| google_webgl_support object| google_package object| google_debug_params object| dash object| google_restrict_data_processing object| google_ad_public_floor object| google_ad_private_floor object| google_traffic_source boolean| google_apltlad object| google_sv_map string| google_user_agent_client_hint function| google_sa_impl object| google_persistent_state_async object| googleToken object| googleIMState boolean| _gfp_p_ boolean| _gfp_a_ function| processGoogleToken number| google_global_correlator object| google_prev_clients object| gaGlobal object| ampInaboxIframes object| ampInaboxPendingMessages object| adsbygoogle object| GoogleGcLKhOms number| tmod function| google_spfd object| google_image_requests

2 Cookies

Domain/Path Name / Value
.b3ta.com/ Name: __gads
Value: ID=eda339168555d378-2238b79a82cd006f:T=1651135851:RT=1651135851:S=ALNI_MZdPBxk9as-zky25L2FzfIpEqAf1w
.doubleclick.net/ Name: IDE
Value: AHWqTUlFIBGpgqVqnUMOaTPhYo_FLkl2CjUsSxpRziXl_dTgJ4lOCj2XSY7NTkJx

1 Console Messages

Source Level URL
Text
network error URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5420552511847274&output=html&h=90&adk=1134031548&adf=2802373691&w=728&lmt=1639753573&channel=5575453904&ad_type=text_image&format=728x90_as&color_bg=003366&color_border=6699CC&color_link=FFFFFF&color_text=AECCEB&color_url=AECCEB&url=https%3A%2F%2Fwww2.b3ta.com%2Ffunnelortunnel%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1651135851190&bpp=25&bdt=166&idt=93&shv=r20220425&mjsv=m202204210101&ptt=5&saldr=sa&abxe=1&correlator=517810180156&frm=20&pv=2&ga_vid=533606186.1651135851&ga_sid=1651135851&ga_hid=1354530440&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=12&ady=8&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31067267%2C21065724%2C31060033&oid=2&pvsid=1530184543429488&pem=623&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=h6URwsioBm&p=https%3A//www2.b3ta.com&dtd=109
Message:
Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
googleads.g.doubleclick.net
pagead2.googlesyndication.com
partner.googleadservices.com
tpc.googlesyndication.com
www.google.com
www2.b3ta.com
142.250.186.98
2606:4700:3038::6815:eb56
2a00:1450:4001:801::2002
2a00:1450:4001:802::2002
2a00:1450:4001:80f::2001
2a00:1450:4001:813::2002
2a00:1450:4001:828::2002
2a00:1450:4001:82f::2004
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
0d47becf2549396fe0e58e68ac4a6429a170fe79d7ce7dc2955b7c8c4cf060fb
0f0c0b0a74bdfa6f68dc4ef40d801252c2c9d5dec1352becf326610ef7dc2afa
1234242c0966a56bbf2ff0131a7fc97d5751b2bfb476d42c30577754cae686db
168e24505881812c5499c65fddc09b1c71864dbb4e89a370d6aafc4feb30af3d
24f08334a3edfaca0a790fde692061ff4660864b6ca57904352b3dcb6b1692f2
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
3b6e427644967618eabdafa6ef91b77d80ad04309ed653ac578904ee54fd1eba
3fd89460ee9732a0415a9d1bef7d98617d50af978421c31a161401908bd6d2bf
406fb6e2f54a21b95946b2c0ac218e16775a684d0c0ab90cb5f57a1445a3a170
4360d5406e86598356f7dbc47b9bd98e95cca46a7722620fd1c2494904c7f3a6
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55c9a7e464fbcfb3cc2406f43c4113ea58a833c3c7c80704a5c6945f6aeb6efc
58cc088edf70ceda54a1c95260778e2b69605dd2c56d8355a1a25e3ecc566591
5d33238343c014a5fb9a96a248b6261e4977ac94f7b4d6f0a6b3506e9338a72f
6175bc44b393051e6ce4fafed2e5a172a378875d7d464854e873a01c625f16b3
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62c94bf8b1ddcec5ce9160d93d38a89d7e06af49a86be705ceae0c0aa9fccc25
7078213278126f2fdc6a9a10be6b947e5d6e28bcb659e39082518cd4fa1dfe9f
7339fe12f332ac7ecd6e0ef04bb7a48fad9e74be887d67f458548ff33ea4db65
77f5e031eefff035f726c707969ba6071cce707aa502d58aa7be42bb4af7fc8e
81be7b8a6ce9e1f66dbee9e03a906f5cc8068c3705c8d92455af5dfe5cb4117f
8d9414820a53db1a8c010c2511bb543ae69fab8ddf573ab026b7baa24bc17bfa
969ec3d1e29709ac6fa49c6cae5951cd2f96257a0754f09fc7e5a3d31654909c
9e1b4e921862d369d5e900cf8ef742d43ccf02fe041ecb9e8bd9b852802dadd8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a679e178d1da11f7329cc148b24fe19edf285781644a147fcdd5f1549ba6ad03
a8b353883f0ea96149ca60a0f2fb12e97b028e26d0597227113713351c2198cf
ac61aaaa0053dc7063e39c11e17af1336c8896a4bd363220432aad9c788f6e87
b0c5af239965e0d4f636f8214bc8685a606046099641bdad33b74375d76dc83b
b368dbb4835d739f66423e7d328dc73b4e30107b2c5649901674acc2812d6406
cf90df83e961bb78c269a45fd5ffce2c43ee21111e2c5f9de0ea9f3f9f960ff1
daac21a8d7e4f6ad94ae6c5c796cae38a0ea3e7df3eabfd863476ebad9b77886
e02f6cb25bb20ce22704aacacd39044b50f7510154f69473f1ca1e3fa38765e6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e454d78562f80d05853ea22d9121773f95bbec62d1fad7b48e18f288eb760a53
f96f5c86d1bfeaf9c32347f29871d987df4861f2579b6b00293c4038a86af492
fd605892a69639fe77c0a08e89e9413dbcf3e761b037ff49008cab969589176a